Subscribe to DSC Newsletter

Simple Trick to Prevent Cambridge Analytica and Others to Hack into Facebook Data

Cambridge Analytica was caught tampering with elections by exploiting Facebook, but chances are that this is the tip of the iceberg, and that many others, including scammers and ID thieves, are also exploiting Facebook and other social networks. One way that they do this is as follows.

Cambridge Analytica website (front page) - www.cambridgeanalytica.org

The Facebook Hacking Algorithm

This is how bad guys collect data about million of profiles, on Facebook:

  1. Plant fake profiles - as many as 10,000 per campaign, possibly using cheap workers overseas to create and maintain these accounts, used for multiple evil purposes. New fake profiles are added every day.
  2. Target big influencers (people with many friends) on Facebook, using a few of the fake profiles per target, to send friend requests. Chances are that 90% of the big influencers will reject the friend requests. In the process, many of the fake profiles will be disabled by Facebook for having too many unsuccessful friend requests. It is a question of numbers: not sending too many friend requests, creating fake profiles that are specifically designed for the initial target, and being able to create and keep enough  fake profiles long enough, to optimize the process.
  3. Other people connected with big influencers who accepted these fake friend requests (usually portraying attractive women) are then targeted the same way. Knowing that big influencer X is also friend with fake Y, real friends of X are more likely to accept an invite from Y. Over time, Y collects enough friends to become useful for the scammer: friends of X, friends of friends of X and so on.  Read my article on 6 degrees of separation here, to see how fast this scheme could grow, 
  4. Now the scammer has access to all the data (Facebook profiles) of many real Facebook users, thanks to these fake friends. He can now download all the data (accessible to friends only) and collect whatever information you put in your profile (education, your posts, date of birth, hometown, your location, gender, marital status, and so on.) With sentiment analysis algorithms (analyzing your posts, who you are connected with) he can easily and automatically derive valuable information, such as your political or religious affiliation, health condition, wealth, or your age. 
  5. As your list of fake friends grows, you see more and more posts from these fake friends: Mostly fake news and political propaganda, if the purpose of the scam is to temper with elections.

Also, scammers use dozens if not hundreds of IP addresses to create these numerous fake accounts. They do it by recruiting an army of drone workers paid peanuts, or via a Botnet, or recycled or non-static IP addresses, or proxy servers. The smartest ones might even use computer viruses to create Facebook accounts in the background on your hijacked computer (thus via your IP address), without you being aware of it. You may not notice it until your own (real) Facebook account gets blocked for no apparent reason.

What can you and Facebook do for protection?

One way to protect yourself is to not share too much information with your friends, and not accepting friend requests from people that you don't know. If a scammer has access to your date of birth, it could be the only information missing (he already has you social security number from other sources) to hijack your ID. If he knows when you are out of town and that you live alone, it will help him schedule a successful burglary.

Since many naive people will always accept friendship from strangers (for instance hoping to develop a new romance, or to appear more popular) an easy way for Facebook to reduce the risks is, each time a user is about to accept a new friendship,  Facebook should use this trick: You must answer an automatically generated question about your new potential friend, such as the country of residence. This way, it will force you to at least look at the profile in question, rather than blindly accept friendship. And by looking at the profile in question (and his friends -- many of his friends are probably other fake profiles that he created,) it will be obvious that he/she is fake.

Another solution is for Facebook to create dormant fake profiles. I did some tests myself, and any time you create a new profile (someone that does not even exist) you immediately get many friend requests from strangers (fake profiles too.) In some way it is kind of funny, fake profiles interacting with other fake profiles, but for Facebook, it is an easy solution to go fishing after scammers. 

Did you know that there are more US Facebook profiles than there are US residents? If one cell phone number was attached to each profile (a one-to-one mapping), I am wondering how many US Facebook profiles would be left. Of cause, scammers use a bunch of temporary cell phone numbers, so this would not fix everything. Some of the profiles are duplicate, as many real members experience problems (being flagged by Facebook) for no reasons, as Facebook monitoring algorithms currently generate many false positives (as well as many false negatives.)  

False positives on Facebook

Recently, Facebook has been very aggressive at banning  as much content as they can. At the same time, the number of false positives is exploding. I think this is not a glitch in their data science algorithms, but rather, legal pressure. The result is a lot of false positives, and revenue loss for Facebook. Over time, they will fix it, but for now, it looks like the Wild West. Below are a few examples.

Ad rejected by Facebook, official reason: too much text in the picture

Post flagged in a Facebook group: no reason provided, other than "policy violation"

Counter example (false negative): This guy has many fake friends (disguised escort girls) trying to befriend me, but this seems to be OK with Facebook. Maybe connected to Cambridge Analytica?

Example of John Pierce's fake friends -- If you click her profile picture, you will see pornography.

I wrote about this in the past, and it is just getting worse. See here for a recent article on this topic.

Related article

For related articles from the same author, click here or visit www.VincentGranville.com. Follow me on on LinkedIn.

DSC Resources

Views: 1180

Comment

You need to be a member of Data Science Central to add comments!

Join Data Science Central

Follow Us

Videos

  • Add Videos
  • View All

Resources

© 2018   Data Science Central ®   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service