Facebook Hacking

This article explains why you can’t trust your friends on Facebook.  It demonstrates how easy it is to gain someone’s trust by using an account that they think is that of a friend. The next time your friend on Facebook asks you to borrow some money, or asks when you are going out of town, think twice.

I think people have a very false perception that once on Facebook, they are in a circle of trust amongst friends.  It becomes second nature to assume that if a friend posts a link on your Wall, it is safe to click and see what lies ahead.  Most people woudn’t consider otherwise. These assumptions are exactly what the scammers and hackers are relying upon to exploit your trust and naivety.

I have been an avid Facebook user for quite some time, and have come to realize what a breeding ground of fraud it really can be, especially in recent months. Obviously, the more popular it gets the more attention it will get from hackers and scammers.  With so many people blindly clicking the latest quiz to determine what type of pizza they are, the risks are plentiful.  But that’s cool, because if I were a pizza, I would be Pepperoni: Traditional and simple, but spicy and zesty when I need to be.

41% happy to hand out personal data to strangers.

That according to security site Virus Bulletin, who reported that 87 out of 200 of the random people they sent friend requests to blindly accepted. That’s 48 million people out of Facebook’s 120 million users. Furthermore, only 20% of users take advantage of any of Facebook’s security and privacy features, so their profiles are open for the world to see without even becoming a friend.

Think about this scenario

How many times have you been asked to use your mother’s maiden name to prove your identity on a web site?  Now, is your mother on Facebook, using her full name so that friends from her high school can find her?  That makes it quite easy for a scammer who already knows your email address to find out personal info so they can reset your password and gain access to your online banking account.  This is the same type of background research the kid in Tennessee used when he stole Sarah Palin’s Yahoo Mail password.

Not only do people put their full names on Facebook, there is a plethora of personal information which can be culled by hackers to gather data about people, from birth dates to places of employment to the name of the street they grew up on to the name of their first pet. Those are the type of answers to “security” questions many web sites use to verify you are who you say you are.

If you think no one would ever want to take the time to do all this fact finding just to gain access to your email, you are wrong. It is a fun, challenging game to these people, and is often done not only for financial gain but for bragging rights.

There have already been aggresive Facebook worms (Koobface, anyone?) which get spread by seeminlgy trustworthy friends whose accounts have been hacked, and will install rootkits on your computer. I’m sure there will be more.  We have seen similar worms run through MySpace, stealing user accounts, posting spam, and infecting people’s computers.  Because people turn to social networking sites with a cloud of trust blinding them, they become easy marks.

About Will Chatham

Will Chatham is a Cyber Security Analyst, Ethical Hacker, and Penetration Tester at a federal data center in Asheville, NC. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. His varied background, from developer to search engine optimizer to security professional, has helped him build a wide range of skills that help those with whom he works and teaches.
Bookmark the permalink.

Leave a Reply