Facebook t-shirt with whitehat debit card for Hackers

The

social media platform Social media are interactive technologies that facilitate the creation, sharing and aggregation of content (such as ideas, interests, and other forms of expression) amongst virtual communities and networks. Common features include: * Onlin ...

and

social networking service A social networking service (SNS), or social networking site, is a type of online social media platform which people use to build social networks or social relationships with other people who share similar personal or career content, interest ...

Facebook Facebook is a social media and social networking service owned by the American technology conglomerate Meta Platforms, Meta. Created in 2004 by Mark Zuckerberg with four other Harvard College students and roommates, Eduardo Saverin, Andre ...

has been affected multiple times over its history by intentionally harmful software. Known as

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

, these pose particular challenges both to users of the platform as well as to the personnel of the tech-company itself. Fighting the entities that create these is a topic of ongoing malware analysis.

Types of malware and notable incidents

Attacks known as

phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...

, in which an attacker pretends to be some trustworthy entity in order to solicit private information, have increased exponentially in the

2010s File:2010s collage v22.png, From top left, clockwise: Anti-government protests called the Arab Spring arose in 2010–2011, and as a result, many governments were overthrown, including when Libyan dictator Muammar Gaddafi was Death of Muammar Gad ...

and posed frustrating challenges. For Facebook in particular, tricks involving URLs are common; attackers will maliciously use a similar website such as ''http://faceb0ok.com/'' instead of the correct ''http://facebook.com/'', for example. The 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment ( DIMVA), held in July 2014, issued a report condemning this as one of the "common tricks" that

mobile computing Mobile computing is human–computer interaction in which a computer is expected to be transported during normal usage and allow for transmission of data, which can include voice and video transmissions. Mobile computing involves mobile commun ...

users are especially vulnerable to. In terms of applications, Facebook has also been visually copied by phishing attackers, who aim to confuse individuals into thinking that something else is the legitimate Facebook log-in screen. In 2013, a variant of the "Dorkbot" malware caused alarm after spreading through Facebook's internal chat service. With suspected efforts by cybercriminals to harvest users' passwords affecting individuals from nations such as

Germany Germany, officially the Federal Republic of Germany, is a country in Central Europe. It lies between the Baltic Sea and the North Sea to the north and the Alps to the south. Its sixteen States of Germany, constituent states have a total popu ...

India India, officially the Republic of India, is a country in South Asia. It is the List of countries and dependencies by area, seventh-largest country by area; the List of countries by population (United Nations), most populous country since ...

Portugal Portugal, officially the Portuguese Republic, is a country on the Iberian Peninsula in Southwestern Europe. Featuring Cabo da Roca, the westernmost point in continental Europe, Portugal borders Spain to its north and east, with which it share ...

, and the

United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...

. The

antivirus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name ...

organization Bitdefender discovered several thousand malicious links taking place in a twenty-four hour period, and contacted the Facebook administration about the problem. While the infection was contained, its unusual nature sparked interest given that the attackers exploited a flaw in the file-sharing site MediaFire to proliferate phony applications among victims' Facebook friends. The real

computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...

" Koobface", which surfaced in 2008 via messages sent through both Facebook and

MySpace Myspace (formerly stylized as MySpace, currently myspace; and sometimes my␣, with an elongated Whitespace character#Substitute images, open box symbol) is a social networking service based in the United States. Launched on August 1, 2003, it w ...

, later became subject to inflated, grandiose claims about its effects and spread to the point of being an

internet hoax A hoax (plural: hoaxes) is a widely publicised falsehood created to deceive its audience with false and often astonishing information, with the either malicious or humorous intent of causing shock and interest in as many people as possible. S ...

. Later commentary claimed a link between the malware and messages about the Barack Obama administration that never actually existed. David Mikkelson of

Snopes.com ''Snopes'' (), formerly known as the ''Urban Legends Reference Pages'', is a fact-checking website. It has been described as a "well-regarded reference for sorting out myths and rumors" on the Internet. The site has also been seen as a source ...

discussed the matter in a

fact-checking Fact-checking is the process of verifying the factual accuracy of questioned reporting and statements. Fact-checking can be conducted before or after the text or content is published or otherwise disseminated. Internal fact-checking is such che ...

article. On 26 July 2022, researchers at WithSecure discovered a cybercriminal operation that was targeting digital marketing and human resources professionals in an effort to hijack Facebook Business accounts using data-stealing malware.They dubbed the campaign as 'Ducktail' and found evidence to suggest that a Vietnamese threat actor has been developing and distributing the malware with motives appeared to be purely financially driven.

Responses

Individual efforts

In the same vein as actions by

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

and

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

, the company's administration has been willing to hire "

grey hat A grey hat (greyhat or gray hat) is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker. The term came into u ...

" hackers, who have acted legally ambiguously in the past, to assist them in various functions. Programmer and social activist George Hotz (also known by the

nickname A nickname, in some circumstances also known as a sobriquet, or informally a "moniker", is an informal substitute for the proper name of a person, place, or thing, used to express affection, playfulness, contempt, or a particular character trait ...

"GeoHot") is an example.

Bug Bounty Program

On July 29, 2011, Facebook announced an effort called the "Bug Bounty Program" in which certain security researchers will be paid a minimum of $500 for reporting security holes on Facebook's website itself. The company'
official page
for security researchers stated, "If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you." The effort attracted notice from publications such as ''

PC Magazine ''PC Magazine'' (shortened as ''PCMag'') is an American computer magazine published by Ziff Davis. A print edition was published from 1982 to January 2009. Publication of online editions started in late 1994 and continues . Overview ''PC Mag ...

'', which noted that individuals must not just be the first to report the security glitch but must also find the problem native to Facebook (rather than an entity merely associated with it such as

FarmVille ''FarmVille'' is a series of agriculture-simulation social network games developed and published by Zynga in 2009. It is similar to '' Happy Farm'' and ''Farm Town''. Its gameplay involves various aspects of farmland management, such as plo ...

Targeting of specific users

In late 2017, Facebook systematically disabled accounts operated by

North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korea, Korean Peninsula and borders China and Russia to the north at the Yalu River, Yalu (Amnok) an ...

ns in response to that government's use of state-sponsored malware attacks.

did similar actions. The North Korean government had attracted widespread condemnation in the U.S. and elsewhere for its alleged proliferation of the "WannaCry" malware. Said computer worm affected over 230,000 computers in over 150 countries throughout 2017.

References