Facebook Puts a Face on Defendants in Hacker Suit
Facebook has named names in a federal lawsuit alleging that hackers illegally intruded on its networks in an effort to steal personal information on the social networking site's users. The effort is not nearly enough to address the weak security on Facebook -- and on social networking sites in general, said Paul Henry, vice president at Secure Computing.
Dec 18, 2007 3:28 PM PT
Facebook has named three individuals and a Canadian porn company as defendants in a federal lawsuit it filed earlier this year in the Northern District of California, which accused unnamed people and companies of unlawfully accessing its servers.
After two Canadian Internet service providers provided information in response to subpoenas, the social networking site named Brian Fabian, Josh Raskin, Ming Wu and Slickcash.com as defendants in the case.
The complaint alleges that in June, the defendants attempted to get Facebook's servers to forward information about its users to their servers. These requests were detected as unauthorized attempts to access the site and to harvest proprietary information.
Not So Safe
Although this case still has to make its way through the court system, it is already clear that social networking sites have safety issues. They are proving to be not only excellent vectors for hackers to plant malware, but also prime hunting grounds for stalkers and pedophiles.
Despite several well-publicized incidents in which victims were identified from information provided in a profile, these sites still have a patina of safety for many users.
"People are under the mistaken impression that their personal information is somehow secure on these sites, and it is not," Paul Henry, vice president at Secure Computing, told the E-Commerce Times.
More troubling, many of the young users they attract don't really think about safety in the first place, he observed.
Blond and Lives Alone
To illustrate the point, Henry described an exercise he undertook for a reporter, identifying a potential made-to-order "victim" in a certain city.
"We were looking for a woman under 21 who lived alone, was blond and blue-eyed, and didn't have family close by. We found such a person -- and not only that, she provided information about where she worked and other similar information," he related.
"You don't have to have special expertise to search for this kind of data," Henry emphasized. "Anyone has the ability to harvest information like this."
MySpace and Facebook have made several well-publicized attempts to secure users against such attacks. However, Henry is dismissive of their efforts -- including, to a large extent, the lawsuit.
"[It's] a step, but not enough to make the site secure as far as I am concerned," he said. "These companies have the ability to go much further in locking down their servers."