What can I say? With 300 million users claimed, this has to be one of the most valuable web site these days. I am still lost as to how Yahoo! failed to buy it for a mere $2 billion when it is clear that the web site is worth many times more than that. Well that’s beside the point.
So why are people so interested and what’s the new trend on Facebook hacking?
The False Sense of Security
Users on Facebook have a false sense of security that they believe since they control who gets to see the information they post, therefore, they can post their most personal moments. We definitely have blogged one of those moments that can get you fired or have everyone knowing about your most miserable moments. As a result, people are intrigued about their friends or co-worker’s personal life. We have also heard recruiters searching on the Net on their prospective applicants. Not to mention, the tabloids are using it to dig dirt.
The fact is, once you post something, your 259 trusted friends get to see it, then what? Well, in most cases, they move on. But there’s that very small chance that they will extract that information and repost it somewhere else, can’t they? Yes they can. And so we have established one of the key reasons why some people have reasons to hack a Facebook account.
Before I go on, I do not endorse any hacking activity what-so-ever. I don’t do it and never have. Facebook or my ISP can attest to that. But I am very interested into learning how to protect myself, my information and of course, yours too.
Now I have blogged extensively before about the old trick of social engineering. This is nothing new and it’s easy to fall traps under. A quick recap for a simple way is just to use the “Add Friend” feature and see if they’ll bite. Now you’ll be surprised what I am going to show you!!!
A person by the name of “Isabella Gonzales” – a rather common name asked me to be her friend. If you’re really serious about not letting people know too much about you, you should absolutely check to see if you know this person by name. Now, I am pretty sure I don’t and I’d simply reject this person’s request. But as I blogged before, I am surprised how many people would accept regardless.
OK, so what you should do at a minimum is to click on the name and check the person.
Now what we found is that Isabella Gonzales has 175 friends. The next step (even if you know the name of the person but not sure if this person is real), is to check if you have any mutual friends. In this case, we don’t because Facebook did not displayed any in the request. But rather than just rejecting it, we gave it the benefit of the doubt, and we click on the list of 175 friends she has and let’s glance through it.
What we found was shocking! Every person in this list has a surname, middle or last name with the word “Daniel”. And we have basically established this is a fake account designed to trick users into accept this person as friend for every person with “Daniel” in their name.
What’s more shocking to me isn’t how it’s done, but rather how many people “Accepted” this impostor as a friend…yep you got it…all 175 of them. And so, we say sorry to the 175 folks who will now exposed all their most personal information, to a female they don’t even know.
So let’s review this hack:
- Create a simple Facebook account, put on an attractive profile for your demographic
- Search for your targets and send them an “Add Friend” requests.
- If you send enough requests, you can probably count on 1-10% of these being accepted.
- Now we can harvest this information for many purpose
Everything has a purpose, why else would someone want a fake account hoping to add as many friends as possible?
The key lies with the new trend (with this hack), is that Google and other search engines are beginning to adopt real time search. Any information that’s twittered or Facebooked will slowly find its way to the internet for all to see. As a result, there’s now a growing trend of fake Facebook accounts that will be used to push some of the soft core and hard core agendas.
How you asked?
Firstly, with real time search, it’s hard to know the accuracy and the value of the content. Using computers, Google and others rely on the keywords. For example, when Michael Jackson’s news came out, millions of people would be blogging or twittering or Facebooking about the event. So we established there’s a value with “keywords” for real time searches. Sometimes even a 30 minute window would be really valuable.
Secondly, social networking is about voices and interactivity. The success with Twitter is based on the number of people following your voice (i.e. followers). Google and other search engine will pick the voice that’s most authoritative. Well how do they know that? A person has 5,000 followers talking about Michael Jackson has got to have more authority than 5 followers, you get my drift?
Thirdly, now with the right keyword and a good amount of followers, we can implement our plot to promote a product, a website or an agenda. What I could do for example is:
- Open up Facebook profile and go to security settings to allow all Facebook contents to be shared on the internet
- Next, I’ll post a status “Michael Jackson passed away, so sad -> http://www.danielpoon.com/lifehacking“
- Automatically, Google will be notified and if I have 5,000 or more followers, chances are people will visit my link to get the latest update both inside Facebook and outside on the internet.
Facebook Hacked?
So how are you harmed in this scenario? Maybe not much, maybe a great deal. We have illustrated one way of leveraging your acceptance as a friend to make profit through Google Real Time Search. We know there’re many other ways.
And so, we will continue to explore these in our series in Part II. Stay tuned.
No comments:
Post a Comment