Home | Search the Site | About Us | Write for Us | Subscribe Free
  MAGAZINE

  - News
  - Articles
  - Hivemind Community
  - Movie/TV Reviews
  - Book Reviews
  - Blogs
  - Polls
  - Groups
  - Games: Scifi Play

   
  More on SFcrowsnest's mag

 STEPHEN HUNT

  - StephenHunt.net

  - Home  
  - Worlds  
  - Biography  
  - Bibliography  
  - Appearances  
  - Reviews  
  - Blog  
  - Community  
  - Press  
  - Links  

  The Court of the Air
 
  The Kingdom Beyond the Waves

  The Rise of the Iron Moon


  Secrets of the Fire Sea

  - Stephen on BookArmy
  - Stephen on FaceBook
  - SH's FaceBook fans
  - Stephen on Twitter

 ONLINE MOVIES

  SCIFI Search

  - Web Site Directory
  - Search the Net

  TOOLS

  - Our Daily RSS Feed
  - Us on FaceBook
  - Add our news widget
  - Google Toolbar scifi

FaceBook Spammer Hijacking Over: Monday 17th Nov 2008 6.30pm

After four long frustrating days of a spammer having seized control of the SFcrowsnest.com Magazine Group on FaceBook, the hijacking is now over.

FaceBook have restored Stephen Hunt's FaceBook account, and as his personal account came back into operation, control functions and sole Admin control of the hijacked SFcrowsnest.com Magazine Group on FaceBook automatically reverted back to Stephen as the group's creator.

If you are on FaceBook (especially if you run a group), read our advice at the bottom of this page to find out how to stop spammers hacking into FaceBook and seizing control of your account!

Emergency announcement from SFcrowsnest.com:

posted: Saturday 15th Nov 2008. Last updated Monday 17th Nov 2008

Hi all,

Stephen here, in the rather ridiculous situation of having to ask all of the readers of my novels for your help.

Friday afternoon (14/11/2008), a minute after posting an update for my novels' readers and fans on the two FaceBook groups I founded, the SFcrowsnest.com Magazine FaceBook group at http://www.facebook.com/group.php?gid=21093694832 and the Rule Jackelia FaceBook group at http://www.facebook.com/group.php?gid=34257537930, FaceBook sent me an automated message to say this was spamming and immediately cancelled my account.

A little odd, I thought. All I did was post a couple of updates to my own FaceBook groups, announcing that I am now the Guest Literary Editor for the SCI FI Channel in the UK and would be doing some work with my chums at NBC.

I wrote this off as a system glitch on FaceBook and thought, well, give it a couple of days and I'll be able to login back to my FaceBook system fine.

Little was I to know.

About an hour after my account was cancelled, I started being flooded by complaints from members of my SFcrowsnest.com Magazine FaceBook group saying that the group now had someone called ‘Tore Heimstad’ installed as Administrator (not appointed as admin by me, I assure you!) who was using the SFcrowsnest.com Magazine FaceBook group’ admin ‘message all’ function to send out a spam via FaceBook to our sci-fi magazine’s thousands of readers that began ‘Hey guys. if u think that u look good and if u have CONFIDENCE, then join our pageant group on eupee .’ (don’t ask, groan).

I can only presume that this seizure of my FaceBook group is a hack of the recently upgraded FaceBook system, but I am currently in the ridiculous situation of not even being able to contact my own FaceBook friends to inform them of this terrible situation, with my account being cancelled.

I have repeatedly been contacting FaceBook’s staff e-mails and as of today have still received nothing but canned autoresponders in return.

PLEASE BEWARE

If you are a FaceBook user, please note, the SFcrowsnest.com Magazine FaceBook group has been hijacked. As of yesterday, any messages sent by it are NOT from SFcrowsnest.com staff or myself and should be treated as hostile – e.g. potentially containing or leading to scams, malware, compromised web pages and the like.

Please post news of this on your FaceBook profile and let all of your own FaceBook friends know as a matter of urgency.

Secondly, if you run a blog or zine, please spread news that the SFcrowsnest.com Magazine FaceBook group at http://www.facebook.com/group.php?gid=21093694832 has been hijacked by hostiles and refer them to this warning which is now prominently linked from our own home page and can be found at http://www.SFcrowsnest.com/facebookhijack.php – I will keep this page updated with developments and any explanation/apology from FaceBook as and when (or if) I get it.

So far only the SFcrowsnest.com Magazine FaceBook group at http://www.facebook.com/group.php?gid=21093694832 has been hijacked, but seeing it was myself that was singled out by FaceBook spammers, I would suggest also treating any messages from my Rule Jackelia FaceBook group at http://www.facebook.com/group.php?gid=34257537930 and my personal Stephen Hunt FaceBook account as being fatally compromised, as I’m certainly not in control of these two accounts either anymore.

THE APOLOGIES

On a personal note, this is grief I really don’t need at the moment.

I’m in the midst of finishing my fourth fantasy novel for HarperCollins, provisionally entitled The Fires of Jago, and am also working furiously with HarperCollins on the February 2009 launch of my third title in the Jackelian sequence, The Rise of the Iron Moon. These are both big calls on my time, and I could do without crisis management of someone else’s technical issues – something that was only intended to provide a bit of extra community for my loyal readers.

As fans of my novels know, I came to the social networking ‘revolution’ a good few years after everyone else, taking the rather curmudgeonly view that it was all a big time-suck and could only be a distraction to my writing. And hey, I was one of pioneers of the Internet, and all this new-fangled web 2.0 stuff was just a cunning ploy to squeeze more money out of gullible venture capitalists etc, right? After being barraged by requests to join various social networks by readers of my novels and friends, however, I belatedly decided to bow to the inevitable and signed up with FaceBook.

I did this in the face of strong and continual opposition from my dear friend and SFcrowsnest.com’s own editor, Geoff Willmetts, who has always refused to join social networks, citing all the usual security concerns you hear trumpeted in the media – they’re a den of identity thieves, you’ll find yourself ripped off, mortgages being taken out in your name by ID creeps etc.

I wrote those views off as being unduly influenced by media hysteria and joined FaceBook anyway. So here my first apology – to Geoff. You were right, old chum. I was wrong. Humble pie eaten. I’ll be sticking to the first rule of web-mastering that has always stood me in good stead with SFcrowsnest.com – if you don’t code it yourself, don’t trust it (it’s a variation on the old adage: if you want something done properly, do it yourself). No more FaceBook for me.

My second apology is to the members of the SFcrowsnest.com Magazine FaceBook group. Sorry for you getting rubbish e-mails from the mysterious FaceBook group hijacker, Tore Heimstad. And Tore, or whoever you really are, all I have to pass onto you is an old Circlist saying much favoured in my Kingdom of Jackals - what goes around, comes around. Sooner or later, Tore, you’ll be getting yours.

And lastly, a word to the ghosts of my fellow fantasy authors at HarperCollins, JRR Tolkien and CS Lewis, in whose shadow I always inexpertly stumble; guys, you don’t know how lucky you were to have been writing your novels in an age when Bebo was a sound you would only hear gurgled from inside a pram, and a FaceBook was a school jotter that someone had inked with ‘Kilroy Was Here’.

Yours, deeply frustrated and angry

Stephen

www.StephenHunt.net
www.SFcrowsnest.com

Here's the spammer who has somehow managed to seize control of our SFcrowsnest.com Magazine Group on Facebook, Tore Heimstad. We suspect this isn't his real identity, and that in real life, he doesn't look much like this. The photo rather looks like it's been scanned in from a clothes catalogue selling male underwear.

NEWS UPDATES ON THE FACEBOOK HIJACKING

Friday 14th November 2008

Stephen Hunt's FaceBook account is mysteriously cancelled, and a spammer then seizes master Administrator control of the Admin-vacant SFcrowsnest.com Magazine FaceBook Group, appointing 'Tore Heimstad' as the group's new Administrator and spamming thousands of Stephen Hunt's readers and fans with the usual nonsense online scams.

Stephen is flooded by angry and confused complaints from his readers via FaceBook - but can't even reply directly to them with his FaceBook account pulled out from under his feet.

We report this to FaceBook. No reply from FaceBook to us, beyond a canned auto-response message.

Saturday 15/Sunday 16th November 2008

Stephen Hunt begins an emergency disaster response, alerting c. 800,000 readers and fans through SFcrowsnest.com's own newsletter messaging system that his FaceBook Group has been hijacked, and that messages now being sent out by it are likely to lead to malware, online scams, and all the usual spammer's cons.

There are mass resignations from the compromised FaceBook Group as Stephen Hunt's fans and readers on FaceBook take the necessary precautions to protect their own FaceBook accounts from potential infection.

The science fiction community comes out in support of Stephen Hunt. Old friend, best-selling scottish science fiction author Ken MacLeod' is one of the first, and bloggers like Grasping for the Wind also join in warning their many readers.

No reply from FaceBook to us.

Monday 17th November 2008

AM

Still no reply from FaceBook to us.

The FaceBook spammer is still shown as being in command of the hijacked group, but no more spam has been sent.

Presumably the spammer admin's own personal FaceBook account has now been closed down by FaceBook's automated system in response to the angry response from thousands of irate readers of Stephen Hunt's novels who are members on FaceBook?

PM

Finally, FaceBook restore Stephen Hunt's account, and doing this seems to automatically revert him back to being the hijacked group's creator. Tore Heimstad is demoted back to being a mere FaceBook spammer, and Stephen promptly bans him from the group for life using his now restored FaceBook Admin controls.

Worringly, however, FaceBook shows no signs of even realizing a group hijacking has occurred. Stephen just receives a standard cut-and-paste reply which reads...

Facebook has limits in place to prevent behavior that other users may find annoying or abusive. These limits restrict the rate at which you can use certain features on the site. Unfortunately, we cannot provide you with the specific rates that have been deemed abusive. Your account was disabled because you exceeded Facebook's limits on multiple occasions when creating groups, despite having been warned to slow down. However, after reviewing your situation, we have reactivated your account, and you should now be able to log in.

FaceBook dudes, some spammer just gamed your own security system to get Stephen Hunt booted off, then hijacked the group he created, and spammed thousands of his readers, fans and friends! That doesn't even warrant a 'sorry' or a 'we fixed the code that allowed them to do this to you'?

We frakking give up! We won't be using FaceBook too much in future, that is for certain. And frankly, we advise you not to either.

FACEBOOK SECURITY ADVISORY 1

Here's our best guess at how spammers could pull off a stunt like this on FaceBook. Please note, it's only our uninformed technical speculation (FaceBook quite rightly don't publish or comment on their own security systems), but this guess seems to match the timings and pattern of what happened to us.

We're publishing this as an answer to the queries from other celebrity authors, movie and TV types etc who were FaceBook friends of Stephen Hunt who also have followings of many thousands of readers/fans etc, who have been wanting to know how to protect their groups on FaceBook.

Lets use the example of a fictional celebrity, Vienna Hyatt, who has a personal FaceBook account and is Admin of the We Love Vienna Hyatt FaceBook Group with six million followers. Vienna Hyatt rarely does the FaceBook work herself, of course, it's really her PR people passing on the odd tit-bit of gossip, but fake or not, her fans love that IT Girl and hang on her every word.

And hey, six million actual real, live people waiting to be spammed through FaceBook. Now there's a target that's going to earn a spammer a nice fat pay cheque.

Step 1 - Dropping the Pilot: getting Vienna Hyatt 's FaceBook account cancelled for spamming

Easy. The only way FaceBook's anti-spam measures can work with as many users as FaceBook has to deal with is if their security system is automated, and guess what, it is. A media celeb like Vienna Hyatt will have hundreds of people requesting to be her friends on FaceBook each day, her PR people will login every day as Vienna, and the first thing they will do each morning is just hit 'accept' to wave through all the new friend requests.

The more the merrier, as far as the PRs are concerned. That's their job.

But what if some of these requests are not from real fans? What if a certain amount of those friend requests came from fake FaceBook accounts set up by spammers? Vienna Hyatt 's PR people don't do due diligence on Vienna's friend requests - it's impossible, they simply don't have the time to verify each fan's identity - any more than an author is going to personally know the thousands of readers of their novels who might want to be their FaceBook friends.

The FaceBook spammers are now on Vienna's friends list as well as members of her group, and just sit and wait, and every time Vienna sends them an update via her personal account's message-all function, or publishes a news update on the We Love Vienna Hyatt FaceBook Group, the spammers immediately click on the 'report this as spam' button that comes attached with every incoming FaceBook interaction.

The spammers do this in the form of a wave attack (probably bot-run) and the automated security system at FaceBook immediately kicks in and suspends Vienna Hyatt 's account.

The only way Vienna Hyatt can get her account reactivated now is a manual appeals process via e-mail - some poor grunt at FaceBook who, we suspect, has hundreds of thousands of these things to wade through, and - as a boring admin function that brings in no money - probably gets about as much respect for this tedious job as the choice of toilet paper in the bogs at FaceBook HQ.

Well done, you evil spammers, you've just pulled the ejector seat on the pilot of the We Love Vienna Hyatt FaceBook Group.

Six millions innocent FaceBook fans of Vienna Hyatt are now blithely flying along in her group, and passengers, please quickly adopt the brace position, because there's no Admin any more sitting behind your group's control panel!

Step 2 - Storming the cockpit - the real hack: hijacking the group

This is the clever bit, and to be honest, we haven't got a clue how the spammers could do this - but they appear to have done it to SFcrowsnest.com's FaceBook group in style.

The We Love Vienna Hyatt FaceBook Group is now a pilotless aircraft, it's captain has been ejected by the spammers, its has no Admin, and the group is ripe for hijack.

Whatever technical black magic the spammers use - and Facebook programs, their own jobs page notes, primarily using PHP, Javascript, and C++ on a Linux/Ajax platform (so lots of well-documented open source goodies to mine for vulnerabilities) - the spammers appoint their own Admin for the group.

The spammers now have access to all the FaceBook group's membership details for them to sell on to their associates, and extra bonus, they also get to spam all six million of The We Love Vienna Hyatt FaceBook Group using FaceBook's own messaging system - no pesky spam filters at the user's end to stop their nasty messages getting through.

Ker-ching! Spammer pay day! High fives all around in some dodgy mafia-financed third world shit-hole. Take that, decadent western civilization. That'll teach you to invent the Enlightenment, drag the world out of the Middle Ages, and open up a coffee chain down the street from us in a blatant act of cultural aggression.

How to stop this happening to you

Here's the vital lesson that we now wish we had taken on board for the SFcrowsnest.com Magazine Group -

(A) appoint multiple Admins to your FaceBook Group and (B) make sure at least one of those Admins is a shell or dummy account owned by yourself that never, ever, ever, accepts any friends on FaceBook or undertakes any FaceBook activity whatsoever.

The spammers can't launch a false 'report this person for spam' wave attack on you if you don't have any interactions with the rest of the FaceBook community.

That means no posts, no friends, no accepting silly viral games and the like for your shell Admin account. IGNORE EVERYTHING SENT TO THIS FACEBOOK ACCOUNT. That way, you will have at least one Admin running clean who can wrest control of your group away from FaceBook hijackers when spammers try to board your group and storm your cockpit.

To put is simply, the more co-pilots you've got as group Admins on your flight crew, the harder it is for FaceBook hijackers to simultaneously kill all of your group's personal accounts at once and seize your group's controls.

Keeping one of your FaceBook Admins faceless, friendless, and anonymous, that Admin, my friend, is going to be your very own Sky Marshal.

And by heck, you will be glad you had him or her on board when you get picked on by the FaceBook hijackers.

FACEBOOK SECURITY ADVISORY 2

Troo over at the British Fantasy Society - one of our group's members - has just sent in this warning too, about her FaceBook account possibly being raided for her financial details during the time of the hijacking.

We're not sure if this is related to our group's hijack, but she asked us to post it alongside our own warning, so here it is...

A few days ago (coincidentally during the Great Hostile Takeover of 2008) my PayPal account was plundered. Not for a great deal, true, but for payments to Skype and Iocom which I never made. I received the notifications from Paypal and thought "Huh. These must be phishing emails", yet try as I might I could't find any shred of evidence in the emails that they were - no fake links, no requests that I enter my password anywhere, no spurious email addresses. They looked dubiously kosher.

I logged into my Paypal account (not via any link in an email. Via bookmark) and lo and behold, these payments had indeed been made.

I link this to the Facebook takeover because I once used my Paypal account to pay for a trial run of some advertising on Facebook. I suspect this could've happened to any Facebook user who was a member of the group and has also ever used their Paypal account with Facebook (e.g. to pay for one of those $1 "gifts" - ever sent a friend a cupcake, a ninja, or a Christmas tree?).

I raised queries via Paypal's automated system and have had the funds refunded. They were, however, taken out and refunded in US Dollars, so I may still lose some cash in all the exchange rates. I've also changed my Paypal account's password and reminder questions.

While the initial amounts were small, I've no doubt that should an account remain accessable for too long it will start getting plundered for larger amounts. Users who've been part of a hijacked group and who've ever used Paypal in conjunction with Facebook, beware!

 

 

 

 

 

 

Home | About Us | Write for Us | Subscribe to our Free Magazine

All content, unless otherwise indicated, is © www.SFcrowsnest.com 1991-2009 - our content management proudly powered by CuteNews



Recent news items