CRM News: ID Security: Facebook Puts a Face on Defendants in Hacker Suit

Facebook Puts a Face on Defendants in Hacker Suit

By Erika Morphy
E-Commerce Times
Part of the ECT News Network
12/18/07 3:28 PM PT

Facebook has named names in a federal lawsuit alleging that hackers illegally intruded on its networks in an effort to steal personal information on the social networking site's users. The effort is not nearly enough to address the weak security on Facebook -- and on social networking sites in general, said Paul Henry, vice president at Secure Computing.

eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.

Facebook has named three individuals and a Canadian porn company as defendants in a federal lawsuit it filed earlier this year in the Northern District of California, which accused unnamed people and companies of unlawfully accessing its servers.

After two Canadian Internet service providers provided information in response to subpoenas, the social networking site named Brian Fabian, Josh Raskin, Ming Wu and Slickcash.com as defendants in the case.

The complaint alleges that in June, the defendants attempted to get Facebook's servers to forward information about its users to their servers. These requests were detected as unauthorized attempts to access the site and to harvest proprietary information.

Not So Safe

Although this case still has to make its way through the court system, it is already clear that social networking sites have safety issues. They are proving to be not only excellent vectors for hackers to plant malware, but also prime hunting grounds for stalkers and pedophiles.

Despite several well-publicized incidents in which victims were identified from information provided in a profile, these sites still have a patina of safety for many users.

"People are under the mistaken impression that their personal information is somehow secure on these sites, and it is not," Paul Henry, vice president at Secure Computing, told the E-Commerce Times.

More troubling, many of the young users they attract don't really think about safety in the first place, he observed.

Blond and Lives Alone

To illustrate the point, Henry described an exercise he undertook for a reporter, identifying a potential made-to-order "victim" in a certain city.

"We were looking for a woman under 21 who lived alone, was blond and blue-eyed, and didn't have family close by. We found such a person -- and not only that, she provided information about where she worked and other similar information," he related.

"You don't have to have special expertise to search for this kind of data," Henry emphasized. "Anyone has the ability to harvest information like this."

MySpace and Facebook have made several well-publicized attempts to secure users against such attacks. However, Henry is dismissive of their efforts -- including, to a large extent, the lawsuit.

"[It's] a step, but not enough to make the site secure as far as I am concerned," he said. "These companies have the ability to go much further in locking down their servers."

Next Article in ID Security

Dollars and Sense: Calculating PCI Noncompliance Costs
December 12, 2007

Without question, there is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short- and long-term costs of noncompliance as well as the benefits of meeting the requirements.

More by Erika Morphy

Ballmer Gives Shareholders - and Dell - Cause for Optimism
November 20, 2009

Microsoft CEO Steve Ballmer was all smiles at the company's shareholders meeting, as he touted the early success of Windows 7. Ballmer's cheer may have been contagious; after posting a massive earnings decline for the third quarter, Dell needed some good news to latch onto, and the prospect of broad enterprise adoption of Windows 7 could spur PC sales.

AA.com Sucks the Fun Out of Trip-Planning
November 20, 2009

Using AA.com to book a flight was a painful experience. Densely packed, disorganized information was displayed in an unattractive format. On the plus side, it did seem as though the deals American Airlines advertised were real and not mere bait-and-switch lures. For anyone who wants a travel-planning Web site to inject a little pleasure into the experience, though, I say look elsewhere.

Salesforce.com Pumps Up Volume of Workplace Chatter
November 19, 2009

Salesforce.com has developed a collaboration platform that puts social networking to work. Salesforce Chatter facilitates employee collaboration on projects through Facebook-like profiles, status updates, feeds and groups. The question remains whether employees will be as open to social networking in the workplace as they are in their personal lives.

[Search More...]

Facebook	Activate Alert \| Search Archives

MySpace	Activate Alert \| Search Archives