Tuesday, April 27, 2010

Who owns your Facebook?

ZDNET's Ryan Naraine and Dancho Danchev reported on a blackmarket sale of 1.5 million Facebook accounts. The accounts vary from active accounts with loads of friends to semi-autogenerated acounts that don't have any friends yet. The price depends on how many friends the account has.

The article is a FAQ on a report by Verisign's iDefense team, and covers a lot of ground, far more than I can cover here. But one of the things I find very intriguing is the section on "Cybercrime as a Service" (CAAS), something that I'd never thought about, but that is a logical progression when you think about the development of legal business on the web.

Of course, the real question that's probably on your mind right now is either "How concerned about this should I be," or "What can they do with my Facebook account?" Those might be closely followed by, "Why would anyone, especially a criminal, want my Facebook account?"

To answer the last question first, an established Facebook account is instant trust, allowing a criminal to get things from people with far less risk and effort than sending spam or actually burglarizing a house or robbing a bank. It just makes sense that if you can approach a person as someone they know and trust, they're more likely to agree to risky behaviors you might suggest. They also are more likely to open malware you send them and open links, making Facebook accounts perfect mules for infecting their friends.

So how worried should you be about this? Well, you're probably not one of the 1.5 million accounts being sold, but I'd change my password anyway from a computer that is known free of malware just because you can't be sure. There are reported to be more than 400,000,000 users on Facebook. That means that this list of accounts for sale has less than 1/2 of 1% of all Facebook users on it. I've seen people say they are leaving Facebook because of this breach, but I wouldn't leave Facebook because of this problem alone. Of course, there are plenty of other problems that make Facebook a risky proposition.