My LinkedIn post this morning, “Code Literacy: A 21st Century Requirement,” led me to read this article from the New York Times, and to consider just how complex the cyber world has become for all of us.
Managing your internal IT environment is becoming a thing of the past, passe’ and utterly inadequate in the face of the new cyber world. Privacy is dead in the realm of Big Data, and this week’s investigation of General Petraeus‘ emails only underscore the issue. So-called “bots” troll the Internet, pinging here and there, looking for security holes to exploit. The ingenious “stuxnet bot” may have been the first sophisticated cyber warfare weapon, and it surely will not be the last. Designed exclusively to find and infect a very specific and very small Siemens industrial controller module, it appears to have set back the Iranian nuclear program by as much as five years. The global search engines send out their own “bots” to scan Web pages. Created by armies of Ph.D mathematicians employed by Google, Microsoft, Yahoo and others, they are designed to “optimize” your search results, with each company employing a slightly different set of algorithms. Cookies have been around for ever, and are the currency of e-commerce. Try blocking cookies and see what happens. Spyware and malware have replaced old-fashioned viruses. The global war on SPAM has reduced the amount of it making its way into your inbox. But as cyber security experts remind us, in any covert war each new defense creates a new offense, and so on ad infinitum. Facebook, perhaps due to its own popularity (rather like the well-known security problems with Windows and Internet Explorer), is now targeted by humans and “bots” with false pages, posts and “likes.”
By SOMINI SENGUPTA
Published: November 12, 2012
SAN FRANCISCO — The Facebook page for Gaston Memorial Hospital, in Gastonia, N.C., offers a chicken salad recipe to encourage healthy eating, tips on avoiding injuries at Zumba class, and pictures of staff members dressed up at Halloween. Typical stuff for a hospital in a small town.
But in October, another Facebook page for the hospital popped up. This one posted denunciations of President Obama and what it derided as “Obamacare.” It swiftly gathered hundreds of followers, and the anti-Obama screeds picked up “likes.” Officials at the hospital, scrambling to get it taken down, turned to their real Facebook page for damage control. “We apologize for any confusion,” they posted on Oct. 8, “and appreciate the support of our followers.”
The fake page came down 11 days later, as mysteriously as it had come up. The hospital says it has no clue who was behind it.
Fakery is all over the Internet. Twitter, which allows pseudonyms, is rife with fake followers, and has been used to spread false rumors, as it was during Hurricane Sandy. False reviews are a constant problem on consumer Web sites. Fakery also can ruin the credibility of search results for the social search engine that Facebook says it is building.
Gaston Memorial’s experience is an object lesson in the problem of fakery on Facebook. For the world’s largest social network, it is an especially acute problem, because it calls into question its basic premise. Facebook has sought to distinguish itself as a place for real identity on the Web. As the company tells its users: “Facebook is a community where people use their real identities.” It goes on to advise: “The name you use should be your real name as it would be listed on your credit card, student ID, etc.”
Fraudulent “likes” damage the trust of advertisers, who want clicks from real people they can sell to and whom Facebook now relies on to make money. Fakery also can ruin the credibility of search results for the social search engine that Facebook says it is building.
Facebook says it has always taken the problem seriously, and recently stepped up efforts to cull fakes from the site. “It’s pretty much one of the top priorities for the company all the time,” said Joe Sullivan, who is in charge of security at Facebook.
The fakery problem on Facebook comes in many shapes. False profiles are fairly easy to create; hundreds can pop up simultaneously, sometimes with the help of robots, and often they persuade real users into friending them in a bid to spread malware. Fake Facebook friends and likes are sold on the Web like trinkets at a bazaar, directed at those who want to enhance their image. Fake coupons for meals and gadgets can appear on Facebook newsfeeds, aimed at tricking the unwitting into revealing their personal information.
Somewhat more benignly, some college students use fake names in an effort to protect their Facebook content from the eyes of future employers.
Mr. Sullivan declined to say what portion of the company’s now one billion plus users were fake. The company quantified the problem last June, in responding to an inquiry by the Securities and Exchange Commission. At that time, the company said that of its 855 million active users, 8.7 percent, or 83 million, were duplicates, false or “undesirable,” for instance, because they spread spam.
Mr. Sullivan said that since August, the company had put in place a new automated system to purge fake “likes.” The company said it has 150 to 300 staff members to weed out fraud.
Flags are raised if a user sends out hundreds of friend requests at a time, Mr. Sullivan explained, or likes hundreds of pages simultaneously, or most obvious of all, posts a link to a site that is known to contain a virus. Those suspected of being fakes are warned. Depending on what they do on the site, accounts can be suspended.
In October, Facebook announced new partnerships with antivirus companies. Facebook users can now download free or paid antivirus coverage to guard against malware.
“It’s something we have been pretty effective at all along,” Mr. Sullivan said.
Facebook’s new aggressiveness toward fake “likes” became noticeable in September, when brand pages started seeing their fan numbers dip noticeably. An average brand page, Facebook said at the time, would lose less than 1 percent of its fans.
But the thriving market for fakery makes it hard to keep up with the problem. Gaston Memorial, for instance, first detected a fake page in its name in August; three days later, it vanished. The fake page popped up again on Oct. 4, and this time filled up quickly with the loud denunciations of the Obama administration. Dallas P. Wilborn, the hospital’s public relations manager, said her office tried to leave a voice-mail message for Facebook but was disconnected; an e-mail response from the social network ruled that the fake page did not violate its terms of service. The hospital submitted more evidence, saying that the impostor was using its company logo.
Eleven days later, the hospital said, Facebook found in its favor. But by then, the local newspaper, The Gaston Gazette, had written about the matter, and the fake page had disappeared.
Facebook declined to comment on the incident, and pointed only to its general Statement of Rights and Responsibilities.
The election season seems to have increased the fakery….
Kudos for Prof.David, for a very informative,educative and enlightening update,about. spyware, malware and limitations of even Facebook’s tall claims. This is highly commendable dig-in the operation of cyber world as it’s today. The questions raised are so well-founded and work as trigger to do more with out casting aspersions on any individual or institution, across the world. All this made me proud of my friendly relationship with Prof.David Mayes, a gem of man and entirely emancipated from,biases,prejudices and fixations of all types.
Thank you for your kind words. In another example of the ease of information flow on the Web, this post was viewed by 9 people from Pakistan yesterday. Why such an unusual number from one country? The best probable explanation may be that my post included highlighted reference to the Iranian nuclear program and the tag “cyber war.” I can think of no other reason. Those “tags” were not even the main point of the post.