Facebook t-shirt with whitehat debit card for Hackers

The

social media platform Social media are interactive media technologies that facilitate the creation and sharing of information, ideas, interests, and other forms of expression through virtual communities and networks. While challenges to the definition of ''social med ...

and social networking service

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin Mosk ...

has been affected multiple times over its history by intentionally harmful software. Known as malware, these pose particular challenges both to users of the platform as well as to the personnel of the tech-company itself. Fighting the entities that create these is a topic of ongoing

malware analysis Malware analysis is the study or process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor. Malware or malicious software is any computer software inten ...

Types of malware and notable incidents

Attacks known as

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...

, in which an attacker pretends to be some trustworthy entity in order to solicit private information, have increased exponentially in the

2010s File:2010s collage v21.png, From top left, clockwise: Anti-government protests called the Arab Spring arose in 2010–2011, and as a result, many governments were overthrown, including when Libyan dictator Muammar Gaddafi was killed; Crimea is ...

and posed frustrating challenges. For Facebook in particular, tricks involving

URLs A Uniform Resource Locator (URL), colloquially termed as a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identifi ...

are common; attackers will maliciously use a similar website such as ''http://faceb0ok.com/'' instead of the correct ''http://facebook.com/'', for example. The 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment ( DIMVA), held in July 2014, issued a report condemning this as one of the "common tricks" that mobile computing users are especially vulnerable to. In terms of applications, Facebook has also been visually copied by phishing attackers, who aim to confuse individuals into thinking that something else is the legitimate Facebook log-in screen. In 2013, a variant of the "Dorkbot" malware caused alarm after spreading through Facebook's internal chat service. With suspected efforts by cybercriminals to harvest users' passwords affecting individuals from nations such as

Germany Germany,, officially the Federal Republic of Germany, is a country in Central Europe. It is the second most populous country in Europe after Russia, and the most populous member state of the European Union. Germany is situated betwe ...

India India, officially the Republic of India (Hindi: ), is a country in South Asia. It is the seventh-largest country by area, the second-most populous country, and the most populous democracy in the world. Bounded by the Indian Ocean on the so ...

Portugal Portugal, officially the Portuguese Republic ( pt, República Portuguesa, links=yes ), is a country whose mainland is located on the Iberian Peninsula of Southwestern Europe, and whose territory also includes the Atlantic archipelagos of ...

, and the

United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Europe, off the north-western coast of the European mainland, continental mainland. It comprises England, Scotlan ...

. The

antivirus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...

organization

Bitdefender Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East. The company was founded in 2001 by the current CEO and main shareholder, ...

discovered several thousand malicious links taking place in a twenty-four hour period, and contacted the Facebook administration about the problem. While the infection was contained, its unusual nature sparked interest given that the attackers exploited a flaw in the file-sharing site MediaFire to proliferate phony applications among victims' Facebook friends. The real computer worm "

Koobface Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AO ...

", which surfaced in 2008 via messages sent through both Facebook and MySpace, later became subject to inflated, grandiose claims about its effects and spread to the point of being an

internet hoax A hoax is a widely publicized falsehood so fashioned as to invite reflexive, unthinking acceptance by the greatest number of people of the most varied social identities and of the highest possible social pretensions to gull its victims into pu ...

. Later commentary claimed a link between the malware and messages about the

Barack Obama administration Barack Obama's tenure as the 44th president of the United States began with his first inauguration on January 20, 2009, and ended on January 20, 2017. A Democrat from Illinois, Obama took office following a decisive victory over Republican ...

that never actually existed. David Mikkelson of Snopes.com discussed the matter in a fact-checking article. On 26 July 2022, researchers at WithSecure discovered a cybercriminal operation that was targeting digital marketing and human resources professionals in an effort to hijack Facebook Business accounts using data-stealing malware.They dubbed the campaign as 'Ducktail' and found evidence to suggest that a Vietnamese threat actor has been developing and distributing the malware with motives appeared to be purely financially driven.

Responses

Individual efforts

In the same vein as actions by

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

and

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...

, the company's administration has been willing to hire "

grey hat A grey hat (greyhat or gray hat) is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker. The term came into us ...

" hackers, who have acted legally ambiguously in the past, to assist them in various functions. Programmer and social activist

George Hotz George Francis Hotz (born October 2, 1989), alias geohot, is an American security hacker, entrepreneur, and software engineer. He is known for developing iOS jailbreaks, reverse engineering the PlayStation 3, and for the subsequent lawsuit bro ...

(also known by the

nickname A nickname is a substitute for the proper name of a familiar person, place or thing. Commonly used to express affection, a form of endearment, and sometimes amusement, it can also be used to express defamation of character. As a concept, it is ...

"GeoHot") is an example.

Bug Bounty Program

On July 29, 2011, Facebook announced an effort called the "Bug Bounty Program" in which certain security researchers will be paid a minimum of $500 for reporting security holes on Facebook's website itself. The company'
official page
for security researchers stated, "If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you." The effort attracted notice from publications such as '' PC Magazine'', which noted that individuals must not just be the first to report the security glitch but must also find the problem native to Facebook (rather than an entity merely associated with it such as

FarmVille ''FarmVille'' is a series of agriculture-simulation social network game developed and published by Zynga in 2009. It is similar to '' Happy Farm'' and ''Farm Town''. Its gameplay involves various aspects of farmland management, such as plowi ...

Targeting of specific users

In late 2017, Facebook systematically disabled accounts operated by

North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korean Peninsula and shares borders with China and Russia to the north, at the Yalu (Amnok) and T ...

ns in response to that government's use of state-sponsored malware attacks.

did similar actions. The North Korean government had attracted widespread condemnation in the U.S. and elsewhere for its alleged proliferation of the "WannaCry" malware. Said computer worm affected over 230,000 computers in over 150 countries throughout 2017.

References