Education is key in war on spammers, Facebook says

6 Mar 2011

Facebook, in response to our coverage of the massive spam waves that hit the social media giant last week, told Siliconrepublic.com it agrees that education and awareness are key to battling cyber crime and how its efforts against criminals are similar to an arms race.

Last week, Siliconrepublic.com reported how Facebook was hit with more than five different spam attacks which security experts ESET said was the biggest spam attack appearing all over people’s walls in such a short time.

ESET’s Urban Schrott said Facebook, which is approaching the 600m user mark, has become a multibillion-dollar hunting ground for cyber criminals. He said anti-virus packages can protect against downloading malware but cannot protect users’ Facebook walls and urged users to “think before you click” on “shocking must see” videos or messages that appear on their walls.

A spokesman for Facebook told Siliconrepublic.com: “We agree that education and awareness is the key to combating online security threats and that this issue is something that we need to tackle together as an industry. For our part, we have launched numerous education initiatives and continue to invest heavily in developing complex and innovative systems to protect the people who use Facebook.

“We encourage people, whether they’re on Facebook or somewhere else on the web, to think twice before clicking on things – do you really think your best friend is going to give you a free iPad for filling out a survey?’’

The spokesman said Facebook treats spam and cyber criminals seriously.

“Online security is a bit like an arms race, with cyber criminals and their targets constantly battling to stay ahead. At Facebook, we take the security and safety of the people who use our site incredibly seriously, and invest constantly in our security processes.

“Facebook faces a security challenge that few, if any, other companies, or even governments, have faced – protecting more than 500m people on a service that is under constant attack. The fact that less than 1pc of Facebook users have ever encountered a security issue on the site is a significant achievement of which we are very proud,” the spokesman said.

He said the security team at Facebook is constantly developing innovative solutions to prevent and crack down on cyber crime – both working to protect people on Facebook from cyber criminals, and reacting swiftly where appropriate on the rare occasions when a spammer may be successful.

The spokesman pointed to the fact that the social media player has invested considerably in its security labs and is taking the offensive against spammers through a combination of innovative technology and litigation.

In 2008, Facebook was awarded US$873m in damages against Canadian Adam Guerbuez and his company Atlantis Blue Capital, who was accused of sending spam messages to its members. The ruling also forbids Guerbuez from using Facebook or interacting with its members ever again.

Facebook’s technology fight against spammers

“Facebook is able to detect unusual activity that suggests a profile has been compromised by a spammer – for example, if a profile starts to send out many more messages than they normally do so,” the spokesman continued.

“As a result of our efforts, the data we have on interactions of more than 500m people using Facebook shows that spam, malware and other attacks have decreased in their effectiveness — the opposite conclusion reached by most people who are trying to sell web security packages.

“Our own technological defences against cyber threats have also evolved and improved over the years and this is something that we continue to focus on and invest in. Some of the recent changes are outlined on the Facebook blog and you can see a number of updates related to security in this topic stream.

“Some of the most recent changes, in October 2010, included the introduction of one-time passwords to make it safer to use public computers; the ability to sign out of Facebook remotely; and a regular prompt for people to update their security information. More recently, Facebook has launched encrypted HTTPS logins to help people use public Wi-Fi as safely as possible,” the spokesman said.

He also pointed to the general Facebook Page and the Facebook Security Page, which have a combined audience in the tens of millions. “There is a lot of information on here to help guide and inform people, including our own tips, which you can find on the Take Action tab.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com