Feeds

Facebook warns investors of potential SPAM DELUGE

IPO filing: Spamvalanche could kill us

Protecting against web application threats using SSL

Facebook has been the first internet company to baldly state the risks it faces from hacking and spam to the markets since the SEC issued guidance on the issue.

In October last year, the US Securities and Exchange Commission told publically listed companies that it was about time they talked about the cyber-attacks they had suffered, particularly because online mischief could financially damage their products.

One of the basic rules of listing on a stock market is that firms have to make their financial comings and goings public so that investors can make (relatively) informed decisions about whether or not to buy their shares. But up until last year, there was no push in the US for companies to 'fess up when they'd been hacked.

Now the SEC says:

Registrants should address cybersecurity risks and cyber incidents in their MD&A [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.

Facebook's widely anticipated IPO, for which the social network hopes to net a cool $5bn, is the first to actually use the words "hacking" and "spam" in their list of risk factors for investing in the firm.

"Computer malware, viruses, and computer hacking and phishing attacks have become more prevalent in our industry, have occurred on our systems in the past, and may occur on our systems in the future," the company's filing stated. "Because of our prominence, we believe that we are a particularly attractive target for such attacks."

Facebook naturally hedges its bets a bit by saying that it's not easy to say what damage an attack may do, but admits "any failure to maintain performance, reliability, security, and availability of our products and technical infrastructure to the satisfaction of our users may harm our reputation and our ability to retain existing users and attract new users".

Moving onto the pesky issue of spam, the social network said that spam could embarrass or annoy its users and make the site less user-friendly.

"We cannot be certain that the technologies and employees that we have to attempt to defeat spamming attacks will be able to eliminate all spam messages from being sent on our platform. As a result of spamming activities, our users may use Facebook less or stop using our products altogether," the filing added.

Although Facebook is the first of the big web boys to talk so openly about hacking in its initial filing, most internet firms to make some nod to the inherent dangers of doing business online.

All the way back in 2004, when Google was entering the stage, it listed "malicious third-party applications" among its risks for initial investors.

"Our business may be adversely affected by malicious applications that make changes to our users’ computers and interfere with the Google experience," the Chocolate Factory said.

"These applications have in the past attempted, and may in the future attempt, to change our users’ internet experience, including hijacking queries to Google.com, altering or replacing Google search results, or otherwise interfering with our ability to connect with our users."

And more recently, when LinkedIn filed to go public in January last year, it said: "If our security measures are compromised, or if our website is subject to attacks that degrade or deny the ability of members or customers to access our solutions, members and customers may curtail or stop use of our solutions."

But not all of the stock market entrants have been so forthcoming. Groupon, which had its delayed IPO in November, but filed with the SEC in June, listed almost every risk imaginable including their vulnerability to "earthquakes, other natural catastrophic events or terrorism", but made no mention of hacking.

The daily deals site did say it is dependent on good network infrastructure – where it mentions viruses and security – and good "internet infrastructure" – under which heading it mentions "viruses, worms, malware and similar programs [that] may harm the performance of the internet".

"The backbone computers of the internet have been the targets of such programs," the filing added, which rather made it seem like Groupon could only break if the whole internet was broken.

High-profile attacks on big firms and bodies like Sony, Citigroup and the US Air Force in the last few years brought hacking into the public consciousness and prompted a lot of governmental scrutiny.

The SEC issued its new guidance after US Senator Jay Rockefeller asked the commission to look into the issue.

"Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark," he said.

When the commission issued the guidance, it warned that companies had "increasing dependence on digital technologies to conduct their operations" so the risks associated with cybersecurity had also increased "resulting in more frequent and severe cyber incidents". ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.