Save Facebook from Anonymous

“Remember, remember. The 5th of November.” This is how Anonymous (hackers in short… or hacktivists) warn us, the users of Facebook, that they will shut it down on that day. I’ve made some observations and simple analysis and come to a conclusion how you might help to save Facebook.

Observation #1

Mark Zuckerberg, creator of Facebook, does not mention any preparations for the 5th of November. This might look even weirder if you see all the innovations made to the interface of FB lately. What for if it will stop its existence in a week? That’s a bluff. I assume that Mark keep some FB bugs open with a patch ready for 4th of November. One day will not be enough for Anonymous to find new bugs and take control over Facebook.

Observation #2

We like privacy… but on Facebook we’re too much open. Check your apps permission and tell me how many of them are pretty outdated or have too much privileges. Yesterday I removed about 40 of them. 10 of them had access to my email and could post on my wall without asking.

Observation #3

Do you remember what happened to gmail and Sony accounts lately? They’ve been hacked… or – better to say – someone guessed some passwords. We do not care too much about our passwords. Keeping them simple to remember usually makes them easy to guess. The worst thing you could do is using “password”,
“asd” or “123”. Using “1” at the end is not a good idea too.

Observation #4

We have no idea about sniffing and security. How many of you use WiFi? And I’m not talking about public and not encrypted hot-spots. I’m talking about your home wireless network! It’s enough to have one Anonymous in the range of 100 meters to grab plenty of private data. I made a simple experiment in Warsaw. I’ve placed my laptop in a flat in the city center and left it to capture all the wireless traffic data (unencrypted, WEP and WPA2) in it’s range and save it to external 3 TB storage. Software used after 24 hours was aircrack-ng. Results are: 4 unsecured networks, 16 WEP networks (15 passwords cracked) and 10 WPA2 networks (3 cracked using dictionary attack). Thanks to the data collected I could decrypt ~1 TB of wireless traffic. This includes browsing history and more. What’s worse, by injecting your own packets you can do a lot of mess.

Analysis #1.a

What harm to Facebook can Anonymous do? DDoS (Distributed Denial of Service) attack would be a stupid thing to do. It’s simple and pretty great way for annoying website owners… but it’s pretty useless when you’re fighting with a cloud. It’s more of a warning than an actual attack. For those that don’t know how DDoS works I’ll try to explain it as simple as possible. DDoS attack is based on making as many queries to the host machine as possible (imagine that hundred strangers are asking you different things on the street at the same time). This will overload the server and make it hiccup or fail completely eventually. But what if we’re dealing with a really smart cloud? We would need plenty of computers. And it’ll be 24/7 to make it work.

Analysis #1.b

Bugs. Anonymous might try to find some exploits in the Facebook’s API or anywhere else. As I said in the first observation I would expect fixes day before the planned attack as it will leave not much time for finding new exploits.

Conclusion

Who is the weakest link? You are. If you used wireless networks your Facebook password may already be know to Anonymous. If your Facebook password is week you’re a threat too. Why, you might ask? The most likely attack will be pointed to users like you. After guessing/using your password to your Facebook accout Anonymous can make a lot of mess (you already don’t like polls, imagine all captured accounts will create millions of them; Facebook will be spammed in all possible ways). After “the mess” your account would probably get suspended (because you can’t delete your account)… right after changing the password and all other data. So it’s either zombie-accounts-apocalypse or where-the-hell-are-all-my-friends… or both.

“What can I do to save Facebook from Anonymous”?

  • check your apps permissions and remove any old or not needed ones,
  • change your WiFi home password to something hard to guess and brute-force; and for God sake, use WPA2 and https whenever it’s possible
  • change your Facebook password (same rules – hard to guess and brute-force)
  • right after that stop using wireless connections outside of your home network
  • … 3G is good but there are studies that shows it can be broken

Leave a comment

Your email address will not be published. Required fields are marked *