Normally when I log onto Facebook.com, I am greeted with images of weddings, babies, and my 28 going on 18 friends doing shots at a bar downtown. Though these images are in their own right slightly disturbing, they don’t even compare to the horror I witnessed while using Facebook on Monday night. After doing everything else I could think of to procrastinate writing another blog post, I logged onto Facebook, expecting to see the typical updates from my friends. Instead, I was greeted with a series of awful, graphic, violent images. I’m friends with many people I don’t know, so seeing odd images is par for the course when I view my normal news feed. However, seeing an image of a murdered dog was more than abnormal — especially after I saw the picture had over 600,000 comments and over 20k “Likes.” Minutes later, I clicked to see new posts in my feed — and was then bombarded with a stream of more murdered animals and then an aborted fetus. Hopefully you have never seen such gore — but if you have, you probably understand why I completely freaked out.
It wasn’t until after gaining my composure that I stumbled upon a post on ZDNet by Violet Blue that highlighted the fact this spam was “Spiraling Out of Control.” Of course, that still didn’t help me sleep at all on Monday night. On Tuesday, most tech blogs and even mainstream media were covering the spam — and even my own Facebook friends shared that they had been subjected to images of hardcore porn over the previous weekend, too — but it wasn’t until Monday night that the attack became more prevalent. In the midst of these images appearing in users’ news feeds, many suggested to just change your Facebook password. Unfortunately, this attack worked somewhat differently. In a statement to press via email, Facebook said that “during this spam attack users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content. No user data or accounts were compromised during this attack,” said a Facebook spokesman via email. “Our engineers have been working diligently on this self-XSS vulnerability in the browser.”
So why did users like me — who have very few apps and know better than to click on almost anything on Facebook — see the images? The image in my news feed appeared because one of my Facebook friends had commented on the image. With Facebook’s new algorithm, any activity by your friends appears in your news feed, including comments on images. Facebook is also now promoting images, so when your friends comment on or like an image, the entire image shows up in your news feed. This functionality of Facebook, paired with the initial “code” users fall victim to that promotes the images from their own profile, mean that even the most tech-savvy were subjected to pornographic and violent images over the last few days. (In addition to the images I saw, other users reported murdered people and images of the Devil.)
And why did it take so long for Facebook to respond to this attack, which lasted for at least three days? In a blog post by Chester Wisniewski, a senior security advisor at Sophos Canada, Facebook had a difficult time responding due to the method by which the attack was propagated. He said that, “Considering that the flaw is not within Facebook’s website, it appears to have been rather difficult for [it] to respond to this threat.” This, of course, does not bode well for those who are already concerned about their privacy while using Facebook.
Other Facebook users who are concerned that Facebook is going the way of MySpace (e.g., littered with porn, other spam, and malicious code) have a legitimate concern, though they should know that, in regard to this week’s spam attack, Facebook is working to remove the holes that allowed these spammers to infiltrate the social network and prevent the network’s downfall. Facebook said that “We’ve built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place back end measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”
But will that be enough for people to continue using Facebook, instead of abandoning it for another social network, such as Twitter or Google+? Many people have threatened to delete their Facebook accounts because of the spam. Obviously, Facebook has severe vulnerabilities — but like I said a few weeks ago — could its users really leave Facebook behind entirely?
As of the time of this post, no one has been identified as causing this spam attack. Facebook, however, did say it was a “coordinated” attack, leaving many — including me — wondering whom or what entity has such grievances with Facebook that it would terrorize its users (many of whom are under 18) with such violent imagery.
Did you see pornographic or violent images in your news feed earlier this week? Let us know what you think Facebook — and its users — should do about it in the comments.