Feeds

Facebook warns investors of potential SPAM DELUGE

IPO filing: Spamvalanche could kill us

The Power of One eBook: Top reasons to choose HP BladeSystem

Facebook has been the first internet company to baldly state the risks it faces from hacking and spam to the markets since the SEC issued guidance on the issue.

In October last year, the US Securities and Exchange Commission told publically listed companies that it was about time they talked about the cyber-attacks they had suffered, particularly because online mischief could financially damage their products.

One of the basic rules of listing on a stock market is that firms have to make their financial comings and goings public so that investors can make (relatively) informed decisions about whether or not to buy their shares. But up until last year, there was no push in the US for companies to 'fess up when they'd been hacked.

Now the SEC says:

Registrants should address cybersecurity risks and cyber incidents in their MD&A [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.

Facebook's widely anticipated IPO, for which the social network hopes to net a cool $5bn, is the first to actually use the words "hacking" and "spam" in their list of risk factors for investing in the firm.

"Computer malware, viruses, and computer hacking and phishing attacks have become more prevalent in our industry, have occurred on our systems in the past, and may occur on our systems in the future," the company's filing stated. "Because of our prominence, we believe that we are a particularly attractive target for such attacks."

Facebook naturally hedges its bets a bit by saying that it's not easy to say what damage an attack may do, but admits "any failure to maintain performance, reliability, security, and availability of our products and technical infrastructure to the satisfaction of our users may harm our reputation and our ability to retain existing users and attract new users".

Moving onto the pesky issue of spam, the social network said that spam could embarrass or annoy its users and make the site less user-friendly.

"We cannot be certain that the technologies and employees that we have to attempt to defeat spamming attacks will be able to eliminate all spam messages from being sent on our platform. As a result of spamming activities, our users may use Facebook less or stop using our products altogether," the filing added.

Although Facebook is the first of the big web boys to talk so openly about hacking in its initial filing, most internet firms to make some nod to the inherent dangers of doing business online.

All the way back in 2004, when Google was entering the stage, it listed "malicious third-party applications" among its risks for initial investors.

"Our business may be adversely affected by malicious applications that make changes to our users’ computers and interfere with the Google experience," the Chocolate Factory said.

"These applications have in the past attempted, and may in the future attempt, to change our users’ internet experience, including hijacking queries to Google.com, altering or replacing Google search results, or otherwise interfering with our ability to connect with our users."

And more recently, when LinkedIn filed to go public in January last year, it said: "If our security measures are compromised, or if our website is subject to attacks that degrade or deny the ability of members or customers to access our solutions, members and customers may curtail or stop use of our solutions."

But not all of the stock market entrants have been so forthcoming. Groupon, which had its delayed IPO in November, but filed with the SEC in June, listed almost every risk imaginable including their vulnerability to "earthquakes, other natural catastrophic events or terrorism", but made no mention of hacking.

The daily deals site did say it is dependent on good network infrastructure – where it mentions viruses and security – and good "internet infrastructure" – under which heading it mentions "viruses, worms, malware and similar programs [that] may harm the performance of the internet".

"The backbone computers of the internet have been the targets of such programs," the filing added, which rather made it seem like Groupon could only break if the whole internet was broken.

High-profile attacks on big firms and bodies like Sony, Citigroup and the US Air Force in the last few years brought hacking into the public consciousness and prompted a lot of governmental scrutiny.

The SEC issued its new guidance after US Senator Jay Rockefeller asked the commission to look into the issue.

"Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark," he said.

When the commission issued the guidance, it warned that companies had "increasing dependence on digital technologies to conduct their operations" so the risks associated with cybersecurity had also increased "resulting in more frequent and severe cyber incidents". ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.