According to the survey data I collected, around 18% of respondents were concerned about hackers collecting and having access to their personal information. Hacking has come to public attention via various media outlets in the digital age of computers that we exist in today. For example, the hit drama TV show Mr. Robot (below) portrays the life of Elliot, a cybersecurity engineer by day and a vigilante hacker brought on my a mysterious hacking organization by night. Furthermore, the real-life hacking vigilante group Anonymous has made a name for itself by targeting individuals and groups it deems evil or immoral (think ISIS). In essence, the art of hacking and the hacker himself is no longer a futuristic caricature of an 1980s TV show, but rather a very relevant aspect of our technological lives.
In 2015, Reza Moaiandin, a technical engineer at the Salt Agency, published a study asserting that he had found a way to hack Facebook users' personal data using a simple loophole in the privacy settings. Not a malicious hacker himself but rather an engineer working to reveal to the social media giant a problem in their programming, Moaiandin said hackers utilizing the same loophole could gather user information including names, telephone numbers, locations, and images. Using a phone number generator, he sent the numbers to Facebook's API (Application Program Interface) and gathered user IDs linked to those numbers; after collecting those IDs, he gained access to personal details (See the screenshot of the Privacy Settings page below). That this information could be attained by an attacker might be concerning to some and not to others--but what is undoubtedly concerning is this: Moaiandin and other experts asserted that this and other such loopholes could very well reveal other details as well. Facebook has since further encrypted its API to make it more difficult for hackers to take advantage of this loophole, but the fact remains that attackers can figure out ways to gain access to the personal data of users (Vaas).
In December of 2016, another method of hacking was revealed by security researcher Ysrael Gurt at Cynet. Using a simple and fairly old trick, he was able to gain access to private Facebook messenger conversations. The attacker simply needs to get a user to click on a malicious link--commonly called a "Trojan Horse"--to gain access to every conversation he/she has through messenger (past or future), both on the mobile app and online. According to Gurt, this trick is made possible by the fact that the Facebook messenger server is housed at a different location than the actual domain. Cynet and other cyber companies believe that this attack could have affected nearly 1 billion users. Gurt and his company posted a video proving that the attack was possible (See below) (Kumar).
More recently, in March of 2017, another way that hackers can gain access to user accounts and data was revealed. Duke University's Twitter account was compromised by attackers who posted propaganda--including Tweets with swastikas--supporting Turkish president Recep Erdogan. Though the attack took place on Twitter, experts say that the loophole hackers took advantage of could also be translated onto Facebook. Eric Limer of Popular Mechanics noted that the attack was made possible via a 3rd party app called "Twitter Counter" (Limer). The app, seemingly innocuous on the outside, was logged into through Duke's main Twitter account (essentially, the account was used as a "key" of sorts); the practice of allowing 3rd party apps access to your information through your main social media accounts is not uncommon and not necessarily dangerous outright. But if that app is compromised by attackers--which is more likely than a social media giant such as Facebook or Twitter due to weaker encryption techniques--the data you have granted it access to can fall into the wrong hands. So, via these 3rd party apps, hackers can either gain access to our data or post from your account--both issues that have the potential to be compromising (Novak).
Though to many it might seem that our personal information being in the hands of hackers is less concerning than something like the government collecting user data, it is evident that the threat of hacking is a prevalent part of social media use. Using loopholes and other general attacking tricks, hackers can gain access to a great deal of our information. And while it may seem that a Facebook attack might not be too detrimental, experts have revealed that with the right information, hackers can actually do a good deal of damage. As mentioned in previous sections, someone with access to one's full name, birthdate, birthplace, and phone number could--through a series of complex processes--figure out one's social security number. Thus, information that is seemingly innocuous by itself can be combined in a malicious way to steal an individual's identity. It is imperative to understand the implications of hacking as it relates to Facebook (and social media more generally) and take all steps to ensure that our information is secure.
Click here to return to the home page, and here to move on to the next page.
Sources:
Kumar, Mohit. "Simple Bug Allows Hackers to Read All Your Private Facebook Messenger Chats." The Hacker News. N.p., 14 Dec. 2016. Web. 20 Apr. 2017.
Limer, Eric. "How Hackers Can Break Into Your Accounts Without Your Password." Popular Mechanics. N.p., 15 Mar. 2017. Web. 20 Apr. 2017.
Novak, Matt. "Hundreds of Twitter Accounts Hacked with Swastikas Through Third Party App 'Twitter Counter'." Gizmodo. Gizmodo.com, 15 Mar. 2017. Web. 20 Apr. 2017.
Vaas, Lisa. "Change This Facebook Setting so You Can’t Be Searched for by Phone Number." Naked Security. N.p., 11 Aug. 2015. Web. 20 Apr. 2017.
Sources:
Kumar, Mohit. "Simple Bug Allows Hackers to Read All Your Private Facebook Messenger Chats." The Hacker News. N.p., 14 Dec. 2016. Web. 20 Apr. 2017.
Limer, Eric. "How Hackers Can Break Into Your Accounts Without Your Password." Popular Mechanics. N.p., 15 Mar. 2017. Web. 20 Apr. 2017.
Novak, Matt. "Hundreds of Twitter Accounts Hacked with Swastikas Through Third Party App 'Twitter Counter'." Gizmodo. Gizmodo.com, 15 Mar. 2017. Web. 20 Apr. 2017.
Vaas, Lisa. "Change This Facebook Setting so You Can’t Be Searched for by Phone Number." Naked Security. N.p., 11 Aug. 2015. Web. 20 Apr. 2017.