Thursday, March 22, 2012

Another Pointless Facebook Warning - Hackers Posting Insulting Messages In Your Name

"Hacker alert" circulating on Facebook claims that, without your knowledge, hackers are posting insulting messages that appear to come from you on the walls of your friends.

Important Note
 Versions of these messages have been circulating for more than six months. However,a porn attack that took place on Facebook in November 2011 in some ways mirrored the claims in these older "warnings" and this has caused a great deal of confusion among Facebook users. In fact, the warnings began circulating long before the November porn attack was launched and the two are not connected in any way. 

Detailed Analysis
According to this "hacker alert" message, which is circulating rapidly via Facebook, hackers are infiltrating Facebook accounts and using them to post insulting messages on the Facebook Walls of people's friends. Insulting messages that these friends will think came from the owner of the hacked account. The message asks users to share the information on their own walls as a means of alerting other Facebook users of this supposed hacker activity.

However, the message is so vague that it has no real value as a security warning and reposting it will serve no useful purpose. This feckless warning provides no information about how these supposed hackers go about compromising Facebook accounts. Nor does it provide any details about how people might protect themselves from said hackers, how widespread the hacker attack is, or what date the alleged nefarious activities began. It does not provide references that might allow people to find out this information for themselves. It does not even include so much as a single example of a hacker generated "insulting message" that might help users identify an attack.

Moreover, there are no credible computer security reports about a Facebook account hijacking campaign like the one alluded to in the message.

In fact, the message seems to be nothing more than a mutated version of earlier - and equally useless - Facebook driven warnings that claimed that inappropriate videos or messages were being posted in the names of Facebook users without their knowledge.

Of course, some rogue Facebook apps, if given the necessary permissions by a user during the installation process, may automatically post spam, scam or malware messages on the user's wall. And, if the user inadvertently divulges Facebook login details via a phishing scam, then Internet criminals could subsequently access the compromised account and post any messages that they wanted to. However, "hackers" no matter how "busy" they are on Facebook cannot randomly access Facebook accounts and use them to send messages insulting or otherwise. To allow such activities to take place, users must have first taken some overt action such as installing a rogue app, opening an attachment or website that harbours malware, or providing personal information via a phishing scam. Thus, even if a user is not aware of the consequences of his or her actions, that user must actually DO something that opens the door for the hijacker or rogue app. Hackers do not possess magical powers that allow them to take over Facebook accounts at will. And, your average cybercriminal is likely much more interested in getting your money or sensitive personal information than he is in sending insulting messages to your friends.

To be useful, security warnings need to be up-to-date, accurate, and contain enough detailed information to allow recipients to recognize and deal with the perceived threat should it come their way. Reposting vague and unsubstantiated security warnings like the one above will not enhance security on Facebook in any way whatsoever. These silly warnings do nothing other than to cause confusion among recipients and clutter our social networks with even more utterly pointless nonsense.

No comments:

Post a Comment