[Article first published as Does the Facebook Spam Wave Reflect Deeper Issues with User
Habits? on Blogcritics.]
It’s been a while since I jumped into a good old-fashioned
rant. As there is, as the kids say these days, no time like the present,
I figure now would be a good time. On the morning news as well as all
over the internet were reports of a massive Facebook spam attack that flooded users’ profiles with violenct
and pornographic images. So I thought to myself, “That’s kind of
messed up. Let me go to my account and make sure I’m good.”
And of course I was. And there was nothing in my
friends’ feeds either. Not because we did anything special or have
security settings configured in a certain way, but because there are still some
of us left who have some common damn sense. After reading about how this
attack was executed, it became clear to me that, while it was through trickery,
the exploitation was invited by the affected users themselves.
The attack tricked Facebook users into pasting a malicious
snippet of javascript into their web browsers and running it, which then
exploited a browser vulnerability causing them to “share” and “like” the
malicious content without even knowing it.
That’s when I stopped reading for a while. I had to
weigh my feelings on this one – on the one hand we as tech people have a
responsibility to educate our friends and the public at large as to how to
protect themselves in the digital age. On the other hand, we’ve been doing that forever and no one
seems to care. And while attacks and malware have evolved, the
method for preventing this type hasn’t, as it’s one of the big ones we’ve been
advocating for years – don’t
click on crap that looks suspect. This case takes it a step
further – now someone’s telling you, “Hey, stick this code in your browser and
run it. Cool stuff to follow,” and users mindlessly do it. Then the
public end result is a number of Facebook users on Twitter expressing their disgust
and delivering empty threats to close their accounts, as if the internet is a
magical and safe place where nothing bad has ever happened and people honestly
just want to give you free stuff.
While spam on Facebook is nothing new, it’s never been this
bad or spread at such a rapid pace before. But at the time I’m writing
this, Facebook has already claimed to have eliminated the malicious pages and
identified the users responsible. “Our team responded quickly and we have
eliminated most of the spam caused by this attack,” a Facebook statement said.
“We are now working to improve our systems to better defend against similar
attacks in the future.” This must have been a tough one for them to
counter, seeing as the spread not only was user-generated, but exploited
vulnerabilities in browsers, not actually Facebook itself. I didn’t see
any info on which browsers were the ones jacked, but I can guarantee that it
affected the people who don’t follow their tech friends’ advice to “make sure
everything’s always updated.”
Standard advice: Keep
your software updated, keep your antivirus updated, don’t click links from
people you don’t know, and be
suspicious of people sending you links about free iPads, trips, or naked
Beyoncé videos, no matter how hopeful you are to see all the single ladies.
So let’s consider the world to be “techs” and “users.”
Techs’ responsibility has to end at some point and users’ responsibility has to
begin. We do all we can to make sure people are educated and browsing
safely. Some onus has to be put on the users, because you’ve been
informed of how things work. It makes me wonder how we’re still in the
age of “I wonder what this button does?”
Computers, the internet, smartphones and mobile devices –
these are the things we use in our everyday lives now. They govern a
large percentage of what we do – which is why it’s infuriating that it’s so
easy for people to throw their hands up in the air and say “Oh, it’s tech, I
don’t understand it and I don’t want to.” That attitude makes people not
take steps to protect themselves, and complain and whine when they get
hit. So don’t tell me things like how you forgot to install antivirus on
your computer because you’re not a tech or you clicked a link because “how
could I know” without being a tech person.
You’re not a mechanic either, but you still know you need
gas in the damn tank to drive your car to work.
