Friday, October 2, 2009

Facebook's Newest Challenge

Hackers have found a way to bypass the Captchas needed to create new user profiles as numerous Facebook profiles created in an automated process have popped up over the past few days. Captchas are supposed to ensure that only humans can register. These profiles, which have different names but the same profile picture, send links which if clicked, download malicious software. A spokesperson said the threat does not seem particularly serious, and Facebook is disabling such accounts as soon as they are discovered. "Even so, the fact that hackers got past Facebook's Captchas highlights a continuing trend by attackers to try and exploit social networks."

The Captcha used by Facebook is supposed to be top of the line, leading to speculation that humans may have done it manually. In fact, there is the possibility that people were paid to enter the information necessary for each account. Tasks like this could even be outsourced for a very small amount of money. Based on my own experience with registering for Facebook, I find either of these scenarios likely. However, if someone has created a program which can bypass human involvement with Captchas, then this would pose a significant security threat for many different websites, and it would be important that Captchas be improved.

The URL which these profiles are trying to spread has already been blacklisted by most web browsers and disabled from being shared on Facebook. This URL is the same as one that was early being spread through compromised accounts of actual people. Furthermore, Facebook has already publicized that users should be wary of clicking on strange links. Using common sense, most people should know better than to click on a link sent to them by someone who they do not know, especially since most of the messages in which these links are contained are obviously not legitimate. However, as we have learned, many people using the Internet lack this type of common sense. Facebook may need to improve their user verification system. I had heard of the possibility that a cell phone number could be used. After signing up, Facebook would send a text containing a code to the new user, and that code would be used to activate the account. Repeat cell phone numbers could not be used. However, this would eliminate people who do not have cell phones or texting from using Facebook, even if they are legitimate. Since this idea may not be realistic, Facebook will need to continue to monitor accounts, and users need to be aware of these schemes.

Source: http://www.computerworld.com/s/article/9138780/Facebook_Captchas_broken_?taxonomyId=17
Posted by TMGP at 10/02/2009 12:09:00 AM
Labels:

8 comments:

  1. AzerusOctober 2, 2009 at 11:27 AM

    This looks like an uphill battle for Facebook if these users did manually input all of their data. When reading this the first thing that came to mind was to not allow people to use the same picture. However a lot of people, mainly couples, like to use the same profile picture. Also a hacker could crop the picture to make it different enough that facebook wouldn't be able to recognize it. I think what it comes down to is people need to be aware of who their friends are on facebook and be cautious of any weird activity. Also people need to be more cautious of links posted on facebook.

    ReplyDelete
  2. UrbanMikeOctober 2, 2009 at 9:20 PM

    I remember back when MySpace started to get big, and then there were a ton of hackers and malicious software spreaders. It just annoyed me to get all of these messages that I knew weren't legitimate and made me quit using it. I would hate to see the same thing happen to facebook. I know that in the past week I've had 2 or 3 random friend requests from people who I had no idea who they were. It makes sense for these people to attack facebook since so many people use it, but as a user it would be frustrating to see it fall victim to too many of these kinds of attacks. It would probably discourage me and probably many others from using the site. I feel it's definitely in facebook's interest, financial and reputation, to make sure that this doesn't happen.

    ReplyDelete
  3. TMGPOctober 3, 2009 at 12:13 PM

    I remember the same thing with MySpace back when I still used it. One of the reasons I quit using it was because I got sick of so many people's accounts getting hacked. Thus far, Facebook seems to have done a far superior job about preventing these types of things, although it does of course still happen. I agree with Azerus that if it is actual people entering the information, it would be very difficult to stop, but no doubt, it is in Facebook's best interest to try to eliminate these false accounts as much as possible.

    ReplyDelete
  4. slp7October 4, 2009 at 6:31 PM

    Facebook will never be as bad as MySpace because they carefully monitor the users and they are proactive about fixing the hacking problem. MySpace has no age limit or no way to prove people's legitimacy and therefore creepers get on their all the time. The good thing I see that Facebook does is that they acknowledge people's ignorance when using the internet and they try to work around that and make getting access to things more difficult. Facebook is going to have to stay on top of any suspicious activities in order for it to keep it's popularity and credibility.

    ReplyDelete
  5. Will HarfordOctober 4, 2009 at 9:13 PM

    One of the problems with any of these public information posting websites such as MySpace and Facebook is that you are putting personal information about yourself on the internet. Advertising companies and hackers will access your account sooner or later. In response to a couple previous posts, I can agree that while Facebook does a better job than other websites, they cannot and will not be able to stop everyone from hacking. Everyday people find new ways to hack websites and access information illegally. Likewise, they use this access to spread malware, spyware, and viruses to other computers. Therefore, I think it is important for websites such as Facebook who have millions of users everyday to continue to increase security and protect their users from any fraudulent or suspicious activity from occuring

    ReplyDelete
  6. Thomas KopkoOctober 5, 2009 at 7:15 PM

    I've always wondered when hackers would eventually attempt to use facebook or any other of these various social networks to their advantage. Whether it be the massive identities facebook stores or the ability for hackers to upload malicious software onto others' computers, having a facebook profile involves a great amount of risk. I see it all the time, people just accept anyone as a friend not knowing who the person is. With this trend throughout internet social networks, hackers can easily can the necessary access to cause mayhem. I have a facebook profile. However, I have consistently accepted random friendship requests by putting them on a "limited profile" list where not all my personal information is revealed. This helps with my personal security but would not be successful in blocking malicious software being uploaded to my computer. This story definitely makes me think twice as to how I should deal with random friend requests.

    ReplyDelete
  7. KAKOctober 8, 2009 at 3:22 PM

    As mentioned previously, I would hate for these attacks on Facebook to occur so often that many people stop using it. It is such a great network tool that individuals of all ages use, but sadly, hackers have become aware of this. To a certain extent, I blame facebook because they are supposed to maintain a high level of security on their site. Mostly, however, I blame the users. Individuals using the website must be smart enough to accept friends that they are familiar with. Facebook cannot monitor every individual's move considering the amount of users Facebook has. It is up to the individual to use his/her common sense. If users are smart with their actions, they should not encounter most of the problems mentioned in this article.

    ReplyDelete
  8. Ryne29October 11, 2009 at 10:51 PM

    First of all anyone who uses any of these big social networking sites needs to be very careful about what they put on their about me section. Any personal information like email, aim screen names, and cell numbers can then be used by phishers trying to get at your personal info that way. With the extremely high number of new users everyday on facebook comes the risk of people wanting to do harm. Facebook seems like they have been doing a decent job in regards to security. I had a myspace acct and it got hacked and then you end up sending every friend you have a comment about how you got a $100 gift card to Macy's.

    ReplyDelete

Subscribe to: Post Comments (Atom)