No Hacking Required: Group Gets Control Of Facebook Sites
November 11, 2009 12:26 PM ET
In an unusual move to bring attention to weak security within Facebook Groups, an organization called Control Your Info has infiltrated the administration of roughly 300 of those Facebook Groups.
The breach was first reported by the blog Loose Wire.
Facebook, in a statement, was careful to assert the action taken by Control Your Info was not a hijacking of those Groups, because the Groups had no administrators to hijack.
According to Control Your Info, it simply found -- through a simple Google query -- which Facebook Groups had no administrator. It then logged into the Groups as their administrator.
Once it became administrator, Control Your Info had carte blanche over settings and data in the groups. "We chose to change the picture, the name and the description of every group," wrote Control Your Info on its blog.
The organization posted this note on the affected Group sites:
Hello, we hereby announce that we have officially hijacked your Facebook group.
This means we control a certain part of the information about you on Facebook. If we wanted we could make you appear in a bad way which could damage your image severly. [sic]
For example we could rename your group and call it something very inappropriate and nasty, like "I support pedophile's rights". But have no fear - we won't. We just renamed it Control Your Info. Because this is really all we want:
Think about the safety in your social media life to the same extent you do in your real life.
Watch the videoclip for more information or check out www.controlyour.info for more tips soon!
We promise to restore your group name and leave the group by the end of next week. Don't worry - we won't mess anything up.
Best regards
/controlyour.info
Of course, that broke the social networking site's code of conduct.
"During the process we broke the terms of service, as defined in the Statement of Rights and Responsibilities of Facebook, and were rightfully banned," wrote Control Your Info on its blog.
Control Your Info seems to have perpetrated the takeover as a public service. At the very least, it has generated quite a bit of buzz about Facebook's privacy holes -- again.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
