Feeds

Facebook scoffs at hacktivist stunt

Nothing to see here. Please move along

The Essential Guide to IT Transformation

Hacktivists took over control of almost 300 Facebook community groups in a bid to highlight concerns over how easy it might be for miscreants to hijack a shared interest group on the social networking site. Facebook said no hacking was involved in the attack, which it dismisses as a stunt.

The Control Your Info group, on the other hand, claims its take-over of 289 Facebook groups illustrates why the social networking site ought to tighten its security policy. The group exploited Facebook control features it argues are insecure, rather than website security bugs or vulnerabilities.

Facebook groups exist as venues for people with common interests to congregate and exchange ideas, pictures, and the like. The way Facebook works means that if administrator of a group leaves, any other member of the group can take over control.

Control Your Info (CYI) argues the approach is all wrong and control ought to pass automatically to the next most senior member of an online hang-out. As things stand, CYI reckons the feature could allow spammers to latch onto leaderless groups before spamming its members.

"If an administrator of a group leaves, anyone can register as a new admin," CYI told AFP. "So, in order to take control of a Facebook group, all you really have to do is a quick search on Google."

Admins have the ability to change just about everything about a group. To illustrate its point, CYI renamed each "hijacked" group with its name and logo, before posting messages explaining that the group had been hijacked and attempting to justify the attack. CYI promised to restore the groups to normal once it had made its point.

In a statement, Facebook said no confidential information was exposed by the stunt. It claimed the issue affected only small, abandoned groups.

There has been no hijacking and there is no confidential information at risk. The groups in question have been abandoned by their previous owners, which means any group member has the option to make themselves an administrator in order to continue communication to the group.

Group administrators have no access to private user information and group members can leave a group at any time. For small groups, administrators can simply edit a group name or info, moderate discussion and message group members. The names of large groups cannot be changed nor can anyone message all members.

In the rare instances when we find a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups.

This sanguine response is unlikely to satisfy CYI, whose manifesto can be found on controlyour.info here. CYI claims its main goal is to "draw attention to questions concerning online privacy awareness". Sections of its site point to its interest in information left via YouTube and about password security as well as about data held on social networking sites. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.