Affected users can hardly log in without being assailed with offensive feed items
Facebook has recent seen a rise in hacking schemes, including the creation of phishing pages spread by infected users' feeds. This isn't terribly surprising, given that the platform has 800 million users, at last count, and is the world's most used website. Most of these social networking attacks appear to be of a practical money-driven bent, targeting users' passwords and personal information, which can be used in attacks on other sites like users' bank accounts or emails.
I. Trolls Set New Bar on Offensive Facebook Hack
A new attack is sweeping Facebook, which appears to be solely of a griefing/trolling mindset. The new attack injects hardcore pornography, horror-film-esque human gore, and religiously offensive material into users' feeds.
Gawker was among the first to report on this reportedly growing attack. A user writes:
They appear as updates on your news feed, but they're attributed to users who have nothing to do with their being posted.
The pictures are REALLY graphic — a closeup of a woman fingering herself, an erect dick, etc.
Facebook seems to be at a loss as to how to stop this from happening. It's kind of funny, but also scary when you're at work and your boss walks past your computer just as a giant cock appears on your screen.
Other users appeared to be chiming in via Twitter, making remarks such as, "Facebook is officially a porn site" and "it's a legit porn site."
Courtney Zito, an aspiring web actress who created the series Hollywood Girl, drew attention to the issue when she was quoted by The Christian Post as saying:
I have 5000 friends. My feed is littered with porn. I can’t even check my news feed with anyone around because of it. Just saw one with a guy who had his skull bashed in and his brains on the street. Another one was the devil… Besides the countless naked girls. I'm about ready to deactivate.
She shortly thereafter made good on her threat, according to her Twitter account.
II. Anonymous to Blame?
Initial reports, including The Christian Post, speculate that Anonymous might be behind the attacks. These reports originate from a supposed August posting of the hacktivist post, which called on members to destroy Facebook on November 5. Nothing happened on November 5, so many news sites eagerly speculated this could be the long awaited attack.
The only problem is that Anonymous has denied having any plans to contact Facebook. While the group has no leaders, some very active members serve as organizers/spokespeople, offer a common message agreed upon by organizers statewide, nationwide, or worldwide.
Anonymous says attacks that they were going to attack Facebook were misreported.
[Image Source: James Martin/CNET]
One such spokesperson commented to CNET on the day before the attack:
Anonymous is a movement we don't take kindly to when people try to f**k it up. Our movement relies on communicating with people around the world so we can help one another. One skiddy queer chap named Anthony Guerra from the US in Ohio decided to take it upon himself to have some lulz with creating an imaginary opfacebook and pawning it off as a legit anon op. Despite us telling this mate several times we did not support his op, he continued to push his agenda for lulz. This op is phony but he continues to say it's an anon op.
Without being an active organizer within Anonymous or chatting with many members its hard to differentiate false positives from real attacks. Reports of false attacks often arise from a rogue member posting threats from "Anonymous" on Pastebin, IRC channels, or other communications means.
In some cases this is a real attack that's only supported by a minority, but which actually proceeds. But most Anonymous attacks require strength in numbers, so often such attacks are simply a ranting fringe member and never go realized. Members of Anonymous oft tell such members:
Not your army or Not Anon's army or Not your personal army (NYPA)
III. The Likely Attack Vector
So how did these attacks happen?
While its possible that somehow some internet trolls/griefers have found a legitimate flaw in Facebook's code and are using a direct attack on Facebook servers to spread their offensive posts, more likely what is happening here follows the aforementioned prior phishing-driven attacks, which we mentioned earlier.
These attacks typically work by:
-
Tempting the user to click on some fake feed item (often resembling a Facebook post, such as a post stating that a user joined a group).
-
The attacking image/text contains a link that drops the user on a page that makes it look like they logged out. Often this can be a multi-stage process to dupe the user, e.g. display a fake group page that looks identical to a real Facebook group, which when users click the button to like/join redirects them to a login screen resembling Facebook's normal login prompt for users in such events.
-
Once the attacker has your username/password, they use softbots to log into accounts.
-
The softbots post feed links pointing to the attack page(s).
Facebook's approach to banning these kinds of schemes appears two-fold. First, it does appear to block some malicious domains. Second, the company has implemented a location-based identification prompt, which forces users logging in from a location outside their typical login area to identify pictures of friends to prove their identity.
This can be overcome by brute force (1 out of every so many guesses will be correct and you don't need that many correct answers to complete the log in). However, the many failed attempts for every success will likely draw Facebook's attention to the attacker IP, allowing it to ban it.
But attackers due have a less dangerous access route if they have access to a sufficiently sizeable botnet in the target region. The location check is typically triggered on a state-by-state basis, so a possible work around for attackers is to infect local machines and use those in the login attempts. The attackers can identify the correct local machine to route attacks through by compiling a list of the emails of infected users' friends and what they list their current residential area to be, and then matching this location information to the stolen credentials when a friend clicks through.
Many of these attacks have looked to parlay that information into real world profits. But others have been designed purely for the sake of trolling and defacing users' profiles/feed.
The latest porn/gore attacks Facebook are interesting from the perspective that they are setting a new bar for offensiveness of trolling schemes targetting the site's members (and media coverage thereof). However, the attacks do not appear to be terribly widespread (users with a large amount of friends appear to be at the greatest risk due to sheer statistics). And they certainly don't appear to be the work of Anonymous, as some unfortunately suggested.
Sources: Gawker, The Christian Post
"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken
|
Most Popular ArticlesSpaceX Expected to Launch Dragon Capsule to ISS at 3:44am Tuesday Morning
May 21, 2012, 10:13 PM
New RAD Technique Allows DNA Sequences to Switch Back and Forth
May 22, 2012, 4:20 PM
Quick Note: Verizon Wireless Clarifies Stance on Unlimited LTE Data
May 18, 2012, 8:08 AM
Smartphone Giants Apple and Samsung Prepare for Settlement Talks
May 21, 2012, 2:03 PM
HTC Implements Workaround to Apple's Patent for Evo 4G LTE, One X
May 17, 2012, 4:35 PM
|
