Don't live in fear of Facebook hacking . . .
Published 04/02/2012 | 06:00
So there you are surfing Facebook when you learn that one of your closest friends has decided he wants to be a woman. He's just posted a status update announcing he is going for a sex-change operation and henceforth wishes to be known as Samantha.
Your jaw smacks the keyboard before it dawns on you he's been the victim of a clumsy stitch-up. Someone has accessed his account and entered a 'hilarious' fake post.
The practice is known as Facebook hacking and it happens more than you think. The really worrying thing is you don't have to be a computer genius to do it. All it takes is little carelessness on the part of the victim.
Such is the popularity of Facebook hacking that it is has spawned its own zeitgeisty handle: 'fraping' which is short for -- and please don't be offended -- 'Facebook rape'.
This isn't to single out Mark Zuckerberg's globe-conquering networking tool. The phenomenon isn't confined to Facebook. If you are absent-minded or naive, pranksters -- or those of more malign intent -- will find it just as easy to commandeer your Twitter feed or email.
You could be sending a pornographic link to work colleagues, or informing your legion of Twitter followers that you've smeared yourself in chocolate and dashed naked down the street.
Stephen, a professional in an international financial services firm, was on the receiving end of what was probably intended as a 'hilarious' fraping prank, when someone accessed his Facebook account and announced that he was fed-up and had decided to exit the office early to spend the rest of the day in the pub.
He suspects he knows who the guilty party was -- but decided to quietly remove the post rather than marching to HR and making an issue of it.
Sometimes, 'fraping' can seem relatively innocuous. Ben was able to laugh off an incident at a party where practical jokers took his smartphone to 'reveal' he'd blocked the loo (frapists have an odd obsession with bodily functions).
There are more pernicious examples, however. In one case someone infiltrated a Facebook user's account to let it be known that he was about to come out of the closet. Nothing wrong with that -- apart from the fact it was untrue.
Then there was Shane, who told his Facebook friends he was going to be a father, with a girl he'd been seeing for less than a fortnight (to add to the humiliation, it was an office romance they were trying to keep under the radar).
Someone hacked Aisling's account to drop the bombshell she'd recently been diagnosed with syphilis, while Ciara received lots of odd looks having apparently provided details of her bizarre sexual predilections.
"When I found out someone had accessed my account, I was angry," says Stephen. "But then I realised I had brought it on myself in a way by not logging out. People will do those things to you if you give them a chance."
The really damning part, of course, is that once the misinformation is out there, it is impossible to erase. What goes online stays online.
"Information you put on the web is there forever," says Dermot Williams, of internet security consultants Threatscape.com. "Even if you delete it half an hour later, there are still Google indexes and mirror sites."
'Fraping' has become such a sport a multitude of websites have sprung up that celebrate outrageous Facebook hacks and offer tips on how to hijack someone's account. On one such site, would-be 'frapists' are advised to have fun by changing their target's relationship status, 'liking' all that is embarrassing and posting lame status updates.
Another kind of identity hijacking is the creation of a false Twitter account. Recently a Twitter user managed to pass themselves off as Rupert Murdoch's wife Wendi Deng, using the platform to chide the press magnate about the forthright opinions he was expressing on his own feed and generally fulfilling the stereotype of bossy wife.
Twenty-four hours elapsed before the fraud was identified, leading some to question whether Murdoch's own Tweets were authentic (apparently they are). Last year, several Irish celebs were on the receiving end of similar stings as Twitter accounts purporting to belong to writer John Banville and celebrity chef Rachel Allen were rumbled. Told of the deceit, a troubled Banville described the incident as "creepy".
A phoney Twitter war actually broke out between Linda Martin and Sinéad O'Connor, after someone claiming to be Martin attacked O'Connor over her on/off/on 16-day marriage. Furious O'Connor branded Martin a 'granny' and 'past it' -- only to apologise after it emerged the Twitter account was bogus. Martin reported the hacking to the gardaí.
This has all raised questions over Twitter's verification process. If someone can pose as Wendi Deng, they can pose as you.
"If (Twitter) is going to continue to ask for the trust of its users, it is going to have to be more transparent about how it manages the network, or risk losing the faith that it has spent so much time building up," says Mathew Ingram of technology news website GigaOM.
When the hijacker possesses even a modicum of technical savvy, the risks are much greater.
Easily installed hacking software such as Firesheep allows you to anonymously break into a person's Facebook account over public wi-fi networks.
Without knowing the subject's password, you won't be able to update their status.
However, you can read their private messages, look at their photographs and generally behave like a licentious burglar rifling someone's underwear drawer. Another application, FaceNiff, lets you do much the same using an Android smartphone.
More generally, data-protection experts caution about how much information we share online. What is in the interest of a company such as Facebook may not always be in the interest of its users.
"You have to consider how Facebook makes its money. It makes it through advertising," says Williams.
"They have a clear commercial motive to have as many people as they can viewing content on the site."
Even if the victim of a social-networking hack does not suffer any immediate consequences, they may pay a heavy price in the future. That's the problem with your digital profile -- once besmirched, you cannot ever scrub it clean again.