Feeds

Facebook warns investors of potential SPAM DELUGE

IPO filing: Spamvalanche could kill us

Top 5 reasons to deploy VMware with Tegile

Facebook has been the first internet company to baldly state the risks it faces from hacking and spam to the markets since the SEC issued guidance on the issue.

In October last year, the US Securities and Exchange Commission told publically listed companies that it was about time they talked about the cyber-attacks they had suffered, particularly because online mischief could financially damage their products.

One of the basic rules of listing on a stock market is that firms have to make their financial comings and goings public so that investors can make (relatively) informed decisions about whether or not to buy their shares. But up until last year, there was no push in the US for companies to 'fess up when they'd been hacked.

Now the SEC says:

Registrants should address cybersecurity risks and cyber incidents in their MD&A [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.

Facebook's widely anticipated IPO, for which the social network hopes to net a cool $5bn, is the first to actually use the words "hacking" and "spam" in their list of risk factors for investing in the firm.

"Computer malware, viruses, and computer hacking and phishing attacks have become more prevalent in our industry, have occurred on our systems in the past, and may occur on our systems in the future," the company's filing stated. "Because of our prominence, we believe that we are a particularly attractive target for such attacks."

Facebook naturally hedges its bets a bit by saying that it's not easy to say what damage an attack may do, but admits "any failure to maintain performance, reliability, security, and availability of our products and technical infrastructure to the satisfaction of our users may harm our reputation and our ability to retain existing users and attract new users".

Moving onto the pesky issue of spam, the social network said that spam could embarrass or annoy its users and make the site less user-friendly.

"We cannot be certain that the technologies and employees that we have to attempt to defeat spamming attacks will be able to eliminate all spam messages from being sent on our platform. As a result of spamming activities, our users may use Facebook less or stop using our products altogether," the filing added.

Although Facebook is the first of the big web boys to talk so openly about hacking in its initial filing, most internet firms to make some nod to the inherent dangers of doing business online.

All the way back in 2004, when Google was entering the stage, it listed "malicious third-party applications" among its risks for initial investors.

"Our business may be adversely affected by malicious applications that make changes to our users’ computers and interfere with the Google experience," the Chocolate Factory said.

"These applications have in the past attempted, and may in the future attempt, to change our users’ internet experience, including hijacking queries to Google.com, altering or replacing Google search results, or otherwise interfering with our ability to connect with our users."

And more recently, when LinkedIn filed to go public in January last year, it said: "If our security measures are compromised, or if our website is subject to attacks that degrade or deny the ability of members or customers to access our solutions, members and customers may curtail or stop use of our solutions."

But not all of the stock market entrants have been so forthcoming. Groupon, which had its delayed IPO in November, but filed with the SEC in June, listed almost every risk imaginable including their vulnerability to "earthquakes, other natural catastrophic events or terrorism", but made no mention of hacking.

The daily deals site did say it is dependent on good network infrastructure – where it mentions viruses and security – and good "internet infrastructure" – under which heading it mentions "viruses, worms, malware and similar programs [that] may harm the performance of the internet".

"The backbone computers of the internet have been the targets of such programs," the filing added, which rather made it seem like Groupon could only break if the whole internet was broken.

High-profile attacks on big firms and bodies like Sony, Citigroup and the US Air Force in the last few years brought hacking into the public consciousness and prompted a lot of governmental scrutiny.

The SEC issued its new guidance after US Senator Jay Rockefeller asked the commission to look into the issue.

"Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark," he said.

When the commission issued the guidance, it warned that companies had "increasing dependence on digital technologies to conduct their operations" so the risks associated with cybersecurity had also increased "resulting in more frequent and severe cyber incidents". ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.