Facebook under attack
CALIFORNIA — Porn, violent images and other graphic pieces of content are spreading across Facebook in what appears to be a widespread and ugly spam attack.
Cluley wrote on the Sophos blog that the images have included hardcore porn; photoshopped images of celebrities, including teen pop star Justin Bieber, in sexual positions; “extreme violence;” and at least one image of an abused dog.
The researcher said it wasn’t clear Tuesday how the images were spreading.
One possibility: “Clickjacking,” when clicking on a friend’s image shares it in your own feed.
Hackers also may have compromised the accounts of users with weak passwords or tricked people into installing malicious code.
“What’s clear,” Cluley wrote, “is that mischief-makers are upsetting many Facebook users and making the social networking site far from a family-friendly place.”
Several CNN.com staffers reported seeing some of the images by Tuesday morning.
Facebook says it is aware of the images.
“Protecting the people who use Facebook from spam and malicious content is a top priority for us and we are always working to improve our systems to isolate and remove material that violates our terms,” spokesman Andrew Noyes said in an email. “We have recently experienced an increase in reports and we are investigating and addressing the issue.”
The blog AllFacebook reported that the social-media giant has been quietly taking down the images.
Writer Jackie Cohen said a request for comment on the images merely got a reply thanking her for “flagging” the images.
“The fact that these photos spread for as long as 48 hours unchecked [shows] how much Facebook relies on individual users to flag inappropriate content: people were commenting on the images more than flagging them,” she wrote.
Users were, understandably, distraught.
“Seeing a dead dog on my Facebook news feed …….. Officially deactivating it,” said one Twitter user in a post collected by Sophos.
“I saw a dead dog, Justin Bieber [performing a sex act] and a naked grandma,” said another. “Time to delete facebook.”
With questions still abounding, speculation on the Web turned — as it often does in online hacking cases — the controversial “hacktivist” collective Anonymous.
A group claiming allegiance to Anonymous announced it was going to make November 5 “Kill Facebook Day.” That day came and went with little noticeable activity.
But last week, an Anonymous-affiliated group announced in a YouTube video that it had created the “Fawkes virus,” a sophisticated tool that would attack Facebook.
A handful of Twitter feeds widely acknowledged as being run by Anonymous members had made no mention of the Facebook posts Tuesday morning.
At least two members had previously distanced themselves from Operation Facebook, saying it was doomed to fail and that Anonymous is not a cohesive group with unanimously approved goals.
“Using a simple Facebook account, the worm can be carried into other accounts with little or no interaction,” an automated voice says in the video posted on the account “AnonSecurity157.” “We did not expect the intensity with which this would spread.”
The video claims the worm can be controlled remotely and that once it’s fully understood it “will use this to its advantage against corruption.”
Source: CNN 15 November 2011
10:22 a.m. PST