Recent Facebook Porn Attack Highlights Dangers of Misleading 'Security' Warnings
Published on 17th November 2011 by Brett M. Christensen
For two or three frantic days in November, 2011, many Facebook News Feeds were hit by a wave of pornographic and violent images. Understandably, this caused a great deal of anger and concern across the network. Especially since it was at first unclear exactly how the unsavoury material was spreading. Perhaps somewhat belatedly, Facebook took action
to curtail the threat and subsequently issued the following statement:
Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.
This article is not about the spam attack itself - which has been discussed in detail elsewhere
- but about how a series of inaccurate and misleading "hacker" and "virus" warnings, that circulated the network well before the attack, contributed greatly to the general confusion, and ultimately, just made matters worse.
As far back as November 2010, the following "warning" was moving rapidly around Facebook:
FACEBOOK FRIENDS!!! SOME APPS ARE SENDING NOT VERY NICE MESSAGES USING YOUR NAME!!! IF YOU DON'T WANT TO GET INTO TROUBLE WITH YOUR FRIENDS, COPY PASTE AND SHARE THE POST!! IF YOU HAVE RECEIVED ANY FROM ME, BE ASSURED I DIDN'T SEND IT
A series of other "warnings" of a similar ilk have followed in 2011, including those shown below:
HACKERS ARE DOING DAMAGE AGAIN ON FACEBOOK!
PORNOGRAPHIC MOVIES ARE BEING POSTED ON OUR BEHALF ON THE WALLS OF OUR PROFILES! WE DO NOT SEE THEM, BUT OTHER PEOPLE DO, AS IF IT WERE OUR PUBLICATION! SOMETIME EVEN OUR SUPPOSED COMMENTS APPEARS. IF YOU SEE SUCH A THING IN MY HOMEPAGE, ALERT ME AND DO NOT OPEN IT BECAUSE IT IS A VIRUS! ...COPY AND RE POST THIS MESSAGE
THE HACKERS ARE PUTTING SEXUAL VIDEOS TO YOUR NAME IN THE WALLS / PROFILES OF YOUR FRIENDS WITHOUT YOU KNOWING IT. YOU DONT SEE IT, BUT OTHER PEOPLE CAN SEE IT, AS IF THESE WERE A PUBLICATION THAT YOU MADE! SO IF YOU RECEIVE SOMETHING FROM ME ABOUT A VIDEO OR A STRANGE INBOX MESSAGE, IT'S NOT ME! copy this in your wall. It is for the security of YOUR OWN IMAGE!!! And REPORT IT!!!!! ALSO IF U ARE ASKED TO VOTE ON A PICTURE. DO NOT GO & VOTE: IT'S A HACKER!! POST THIS TO YOUR WALL FOR YOUR FRIENDS
DISCLAIMER: Hackers are busy on Facebook!!! They post some insulting messages on the wall of your friends with your regards, without you knowing about it. If you receive one of those messages in my name, it wasn't me posting them. Put this on your wall and warn your friends. Share the news!!!
Thus, these old warnings were inadvertently perpetrating damaging misinformation about the spam attack that served only to cause even more confusion and angst across the network. Why? Because, they inaccurately laid the blame on sinister hackers or viruses and made no attempt to identify any genuine or probable reasons for the attack. Because they perpetrated the dangerous myth that the porn was spreading without any user interaction. And, perhaps most importantly, because the warnings gave users no credible or useful advice for dealing with the threat.
The bottom line? All of these silly warnings were circulating long before the porn attack took place and any relevance that they seemed to have to that attack was coincidental and ultimately illusionary.
It could well be argued that Facebook took too long to respond to this porn attack. But, in general, Facebook's users, in my opinion at least, should also take more responsibility for the material they repost.
To be in any way helpful, circulated security warnings really must be clear, accurate, up-to-date and contain information that allows users to identify and avoid the specific threat described. Vague and misleading warnings like those shown above help nobody and serve only to sow confusion and muddy Facebook's already troubled waters. Especially, as in this case, when events transpire that seem to give such warnings a degree of - albeit totally undeserved - credibility.
Before reposting a security warning across your social network, it is important, therefore, that you carefully check its veracity.