What a wild and woolly week it has been for Mark Zuckerberg! The young Facebook mogul, perennially under scrutiny for missteps concerning privacy and data security, has just upgraded Facebook’s security measures. Hardly shocking, since Zuckerberg’s own Facebook page was hacked the day before.
When you run a social media titan, getting hacked is embarrassing, to say the very least. With users becoming more and more concerned about the treatment and security of their data, it is rather underwhelming for the end users. That’s exactly what happened to Mark Zuckerberg, when an unknown hacker got into his Facebook fan page and had some fun. Allie Townshend, a writer for TIME magazine’s Techland, shares what the hacker posted, and her thoughts on the hacker’s possible motivation:
An update, seemingly from Zuck himself, read: ‘Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011′
The message seems to be in response to the recent Facebook-Goldman deal, which could bring in up to 750 new investors all grouped together as one fund through Goldman, and ultimately, bring about a soon-to-be publicly traded Facebook. The recent mysterious status was deleted soon after it was discovered, but not before it garnered more than 1,800 likes and nearly 500 comments (says Tech Crunch).
Only time will tell what, if any, SEC involvement we will see on the Facebook-Golden dealings. What is interesting is the way that Facebook deployed new security measures within 24 hours. Security measures that, according to Ryan Tate, a writer for Gawker, were not on the table as of last week. Here’s the pertinent excerpt:
Amid all the hoopla over Facebook’s iPhone press event, a spokesperson for the social network acknowledged to Forbes.com’s Kashmir Hill that the company is aware of a recently-released tool that makes it super easy to hijack Facebook accounts on open wireless networks like Starbucks’, but won’t be fixing the problem any time soon. ‘We have been making progress testing SSL access across Facebook and hope to provide it as an option in the coming months,’ the spokesperson said. ‘We advise people to use caution when sending or receiving information over unsecured Wi-Fi networks.’ Of course, using an ‘unsecured’ Wi-Fi network would be perfectly harmless if sites like Facebook transmitted people’s login secrets via encrypted connections like they were supposed to.
One week after that blog post, Facebook rolled out the ability to use HTTPS for all of your Facebook activity, but, as usual, you have to: A) know about it; and B) find the proper setting. (I highly advise doing it.) This would really raise some ire were it more well-known. Despite knowing full well about Firesheep, the Facebook team was not going to prioritize a fix. Then the owner’s page gets hacked, and new security rolls out in a day? I don’t know about you, but I think that shows both egocentrism and disrespect for the users off of whom they are cashing in on.
Now let’s see what we can find out about our hacker. For those of you on the more tech-oriented end of the spectrum, check out Charles Arthur’s take on things, as he has managed to pierce several layers of digital camouflage to trace it to the following IP address — 220.127.116.11. As technology editor for the Guardian, Arthur has some experience in this sort of thing. For the rest of you, here is the summation, which is fascinating to say the least:
So who’s behind 18.104.22.168? A quick whois query tells you that it’s… the US department of defense in Williamsburg.
In other words: this might be someone in the military. Most likely those edits don’t come from one person — they come from all sorts of people in the Williamsburg location. Or, just as possible, it was someone who had hacked into the computers there from outside (not as difficult as you’d hope it would be) and is using them as a proxy to make the Wikipedia edit, and, quite possibly, hack Zuckerberg’s page. (We’ve asked Facebook whether Zuckerberg’s page was accessed from that IP, but haven’t had an answer yet.)
Following the data can lead you to strange places indeed. A Department of Defense IP? Whether that is the source or simply a proxy, it still raises some very uncomfortable questions about national data security. Of course, in the wake of the WikiLeaks saga, they might go unnoticed by most.
I’ve stated repeatedly that in order for Facebook to tighten up on security, something major would have to happen. Of course, I envisioned something of the order of millions of people’s private data going public, not an attack on Zuckerberg’s online presence. In hindsight, it should have been high on my probability list.
Source: “Facebook Unveils New Security Measures ,” National Journal, 01/26/11
Source: “Mark Zuckerberg’s Facebook Page Was Hacked. Everybody Panic,” TIME Techland, 01/26/11
Source: “Facebook Drags Its Heels On Your Security,” Gawker, 01/26/11
Source: “Mark Zuckerberg Facebook fan page hack: who was behind it?,” Guardian, 01/26/11
Image by o5com, used under its Creative Commons license.
George "Loki" Williams is the community and brand manager for award wining game company Savage Mojo, Ltd. and the owner of SocialGumbo, LLC, an online consultancy specializing in Web content and online communications. Loki has produced content for clients including the Open Society Institute, National Association of Broadcasters, Kobold Press, and Kaiser Permanente. His work has been seen or written about in The New York Times, The BBC, Air America, The Gambit Weekly, and NOLA.com, among others.