Feeds

Facebook scoffs at hacktivist stunt

Nothing to see here. Please move along

Top 5 reasons to deploy VMware with Tegile

Hacktivists took over control of almost 300 Facebook community groups in a bid to highlight concerns over how easy it might be for miscreants to hijack a shared interest group on the social networking site. Facebook said no hacking was involved in the attack, which it dismisses as a stunt.

The Control Your Info group, on the other hand, claims its take-over of 289 Facebook groups illustrates why the social networking site ought to tighten its security policy. The group exploited Facebook control features it argues are insecure, rather than website security bugs or vulnerabilities.

Facebook groups exist as venues for people with common interests to congregate and exchange ideas, pictures, and the like. The way Facebook works means that if administrator of a group leaves, any other member of the group can take over control.

Control Your Info (CYI) argues the approach is all wrong and control ought to pass automatically to the next most senior member of an online hang-out. As things stand, CYI reckons the feature could allow spammers to latch onto leaderless groups before spamming its members.

"If an administrator of a group leaves, anyone can register as a new admin," CYI told AFP. "So, in order to take control of a Facebook group, all you really have to do is a quick search on Google."

Admins have the ability to change just about everything about a group. To illustrate its point, CYI renamed each "hijacked" group with its name and logo, before posting messages explaining that the group had been hijacked and attempting to justify the attack. CYI promised to restore the groups to normal once it had made its point.

In a statement, Facebook said no confidential information was exposed by the stunt. It claimed the issue affected only small, abandoned groups.

There has been no hijacking and there is no confidential information at risk. The groups in question have been abandoned by their previous owners, which means any group member has the option to make themselves an administrator in order to continue communication to the group.

Group administrators have no access to private user information and group members can leave a group at any time. For small groups, administrators can simply edit a group name or info, moderate discussion and message group members. The names of large groups cannot be changed nor can anyone message all members.

In the rare instances when we find a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups.

This sanguine response is unlikely to satisfy CYI, whose manifesto can be found on controlyour.info here. CYI claims its main goal is to "draw attention to questions concerning online privacy awareness". Sections of its site point to its interest in information left via YouTube and about password security as well as about data held on social networking sites. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.