Facebook under attack

“There are so many people on social-networking sites it is becoming profitable for bad guys to go there,” David Perry, global director of education at software security firm Trend Micro, told Agence France Presse (AFP) on Tuesday, March 3.

Experts say social networking websites have been targeted by hackers and cyber crooks who wage attacks to steal valuable data from members.

Even seemingly innocent information, like names of grandparents or pets, posted on profile pages can provide opportunities for criminals to hack online accounts, they warn.

“Bad guys can see all the things you post. You may be revealing personal information that is extremely valuable,” said Perry.

Facebook, the world”s largest social networking website, was attacked five times over the past week, according to computer experts.

Four of the five attacks were by “applications” – programs crafted to provide Facebook users with fun or functional features – and the fifth was by a virus.

“We have a rogue application that happened this weekend,” said Jamz Yaneza, research manager at Trend Micro, a Tokyo-based firm that develops software to protect against computer viruses and malware.

“It was an application that got through security at Facebook.”

Once installed, the application sent messages to the user’s friends warning that the website was shutting down or that they have violated terms of service.

If people followed the bogus message instructions, software was installed on their computers, stealing data and sending similar bogus messages to their contacts.

The most recent Facebook attack was by a computer worm called Koobface, a variation on the spelling of Facebook.

“It steals your cookie on your desktop; not just for Facebook but for a half-dozen social networking websites including MySpace,” Yaneza said.

“Your account is compromised at that point.”

Review

Online security advisers say the attacks highlight the need for a swift review of safety rules.

“I think that it is time Facebook had a review of its application vetting policy,” Rik Ferguson, senior security adviser at Trend Micro, told The Times.

Facebook allows people to develop and write software applications to run on the site, but they do not need to be approved by Facebook before they are made available for people to download.

“It launched a service in November last year where people can pay to get their applications approved, but it is voluntary,” noted Ferguson.

But Facebook officials insist that the rules are set to provide users with the opportunity to innovate and accordingly creating the network’s huge popularity.

“We’ve tried to make the process of building on the Facebook Platform relatively easy in order to stimulate innovation – and to allow the kid in a college dorm room to compete against the big corporation,” a spokesman told the British daily.

Founded in 2004 to serve only students of the Harvard University, Facebook now has more than 70 million users worldwide.

The spokesman downplayed the significance of the recent attacks on users, ruling out any imminent major counter-measures.

“The drastic measures others have suggested is akin to saying, “there have been two robberies, we need to implement martial law in the city.””