back to article Army of 'socialbots' steal gigabytes of Facebook user data

A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks, researchers said in an academic report to be presented next month. The 102 “socialbots” included a name and picture of a fictitious Facebook user and used …


This topic is closed for new posts.
  1. trarch


    I think what's really interesting is that people are just accepting friend requests left and right. What's the point of 'friending' people you don't even know? Is it to boost your friend count as though that holds some sort of social credibility? Are people really that insecure/lacking that much self-esteem that they want to 'friend' everyone?

    Back when I used Facebook, I only ever accepted people whom I was actually friends with and spoke to on a regular occurence. Sure, I only had a few dozen friends on there, but I'd go for quality over quantity anytime.

    1. Anonymous Coward
      Anonymous Coward


      Making new friends, of course. Who doesn't want to be friends with a scraper bot?

      It does mean that no matter how many privacy controls social networks would introduce (even if they were well-thought-out, which Teh Zuck wouldn't be able to do to save his life) you're still dependent on other people. Well, good luck with that.

      As a privacy mechanism, it's entirely worthless. And by now people are so addicted to the inane banter and lure-you-to-stay stupid little (and not so little) games that they're not going to choose privacy, automatically giving themselves up to the data trolls instead.

      I still don't have a facebook account but I do see an increase in things you can only see with such a thing, announced on non-fb sites, as if "everyone" has an account and is willing to be tracked. The walled privacy-eating garden is slowly enroaching. If we want to get serious about privacy we have our work cut out for us.

      1. Anonymous Coward
        Anonymous Coward

        " if "everyone" has an account..."

        That is what it feels like sometimes (and perhaps what some would like), but reality is that take up apparently seems to flatten off at about 50 percent in most countries, not accounting for duplicate or inactive accounts. Perhaps the rest of us ought to be a bit more vocal about the fact we are in a (slim) majority, rather than allowing facebok to present itself as a near inevitability in everyone's lfe.

      2. Peter Kay

        Social engineering

        You're on Facebook, bored and single. Suddenly a hot man/woman/horse (delete according to taste) in your area asks to friend you.

        Personally I'm not a fan of using Facebook as a dating tool and don't add anyone I've not met in real life, but you can see why other people might..

  2. trottel

    Turing test 2.0

    Machine passes, if you can not tell your new friend is not human...

    1. LaeMing

      That assumes

      the human on the other end is Turning-capable. Many aren't!

      1. Noons

        who is Turning?

        I deduce you are human because you made a mistake, and to err is human. Do you want to be friends now?

        bzzt... blip-blip... All your data are belong to us!

      2. This post has been deleted by its author

    2. Marvin the Martian

      Are you sure they were actual researchers?

      Maybe the title should be "journalists accept story concocted by robots".

      Because there the same happens: once an outrageously improbable story gets accepted somewhere online by a legitimate journal (the "Sydney Bugle & Watchtower" or so), then other papers suddenly copy it en mass.

  3. This post has been deleted by its author

    1. This post has been deleted by its author

    2. Stumpy

      Cats are, and always have been, anti-social little buggers...

  4. Anonymous Coward
    Anonymous Coward

    Not just the users

    It's not just those who sign up who get shafted by data scraping like this, their non-facebook using mates get screwed too. I've never used facebook or any other so-called 'social network', but every time someone I know dumps their Gmail address book or mobile to their facebook account, my data is up for getting scraped too. I find it offensive enough that fscebook can and does benefit from this in building a 'shadow' profile of me, but it really takes the Michael that their slack-arsed approach to security allows everyone from the penis pill pushers to the Friends of Miriam Abacha to get hold of my information and a picture of who I know.

    Data protection law ought to start taking a far dimmer view of the care of the data of third parties who have no control over it's distribution. Facebook has the capacity to remove details not belonging to signed up users. Its should be compelled (preferably violently) to do so. Yeah, right...

  5. Big-nosed Pengie

    It's entirely unsurprising to find out what happens on Faecesbook.

  6. Anonymous Coward
    Anonymous Coward

    Will work for the greater greed

    ""Overall, our research goal is ... to help Facebook and the wider community to build more secure systems that are less vulnerable to both human exploits... and technical exploits...."

    Don't DO that; some would call it accommodation, but the short-term effect of any such effort is to encourage the (quite obviously mistaken) belief that "it's secure". ...right. Doesn't a data suck of 30G/week not tell you that there's a serious problem in personnel?

    Academics! Head, orifice, insert.

  7. Willy the Jackass

    No doubt the people who were mined were asking for it by not taking their responsibility for the own security seriously.

    1. Alpha Tony

      'No doubt the people who were mined were asking for it by not taking their responsibility for the own security seriously.'

      Indeed. They were using facebook.

  8. Anonymous Coward

    Legitimate research?

    An interesting result, nicely illustrating the essential weakness of a system based on a hierarchy of trust (certificates come to mind), but the researches have falsely represented themselves within facebook and broken its terms of use. Further, they've annoyed and deceived a lot of FB users.

    At the very least the ethics is questionable, and it may be considered illegal in some jurisdictions.

    Makes me wonder how much e-mail spam is the result of similar research.

    1. Jimbo 6

      how much e-mail spam is the result of similar research

      I'm imagining knob-boffins down at the Institute of Penis Enlargement, scratching their heads and saying "why the hell has NO-ONE contacted us back about our miracle breakthrough ??? We've sent gazillions of emails..."

    2. Tom 13

      Re: "they've annoyed and deceived a lot of FB users."

      Only one part of that statement is probably true, the other is highly doubtful. And I say that as someone who still has a FB account.

  9. Anonymous Coward
    Anonymous Coward

    The whole "wow this girl/guy looks nice/hot and wants to friend me, must accept" happens in all social networks, even real ones.

    Just smile and you can pretty much get a lot of,data on any number of people.

  10. Pen-y-gors

    Something for the next Reg reader survey

    It would be interesting to know what proportion of Reg readers are also 'serious' facebook/Twitter users (as opposed to having half a dozen accounts under fake names for test purposes) - methinks might be a fairly low number!

    1. Tom 38

      What is this 'facebook' of which you speak?

    2. Anonymous Coward 15


    3. Winkypop Silver badge

      "test purposes" eh?

      Just like those midget porn site accounts, no doubt!

  11. Chuunen Baka

    I smell BS

    250 gigabytes worth of personal info? How much is that per "friend"? Sounds like they had access to a lot of cat photos.

    1. Elmer Phud
      Thumb Up


      I have practically no personal info on Facebook.

      The email address is one knocked up for Facebook, location and everything else is either non-existant or bogus.

      Seems to work as even close friends have asked if it was me who posted stuff.

      With any social network system it's all down to how much you want to tell world+dog about your intimate details.

      I've not even got any cat photos - must drag a load off t'intertnet and put them there for those who want such things.

  12. BoxedSet

    Farcebook by another name

    Another article on the security, or apparent lack of it, on the social website linked to a book.

    It must be a very thin line between real friends and those on FB, you know... people you see at school or work, "I shared a bus trip with you don't you remember?". Why not distinguish between friends and people I vaguely know by granting appropriate security to them rather than some totally lame system which resets to open access each time those allegedly in charge tinker with it?

    PaedoBook was probably the funniest rename of it I heard.... although FarceBook seems wholely appropriate!

  13. JimmyPage Silver badge

    Nothing new ...

    In "The Mighty Micro" (pub 1979) by the late, and sadly missed Dr. Christopher Evans, he recounts a tale of using a proto chat system which was in use at a conference, to talk to other delegates. One delegate he was chatting to had to leave suddenly, and the system happily carried on burbling for a few minutes, before Evans twigged he was talking to a machine, not a person.

  14. Peter Kay

    Trusted IP addresses?

    I wasn't aware that criminals went around with special naughty IP addresses. Obviously if they were stealing someone's personal details in real life they'd be easy to spot because of the black and white striped top and the large bag marked with 'SWAG'..

  15. Phil O'Sophical Silver badge

    they received 331 requests from Facebook users

    People so thick that they try to make friends with a 'bot. Should we laugh or cry?

    It's either a great illustration of how dumb farcebook users are, or shows that a substantaial number of those users are also unrecognised 'bots. Wonder how long it will be until > 50% of farcebook users aren't real people?

    Which reminds me, where's Second Life these days? Haven't heard anything about it in ages.

  16. Winkypop Silver badge

    Failbook rides again

    See above

  17. raving angry loony


    As I only accept "friend" requests from people who are actually "friends" (or at least people I know exist in real life), i guess that makes me (a) an old curmudgeon and (b) immune to this kind of social engineering.

  18. auburnman

    I'd be interested to know

    What the Academics do with the data they slurped? Do they consider it fair game as the friend request was accepted? Is it destroyed, stored anonymised or just stored by them? They've already used the data (friends lists harvested from the first trawl) to do the second trawl run.

    Not that I'm having a go at the Academics though, it seems obvious this is an issue that needs highlighted. More for FB and the like to (try to) step up the warnings that friend requests might be a stranger trying to con you.

    1. Dan Goodin (Written by Reg staff)

      Re: I'd be interested to know


      In the report linked in the article, the researchers said they strongly encrypted the data and then permanently destroyed it once their project was completed.

  19. Anonymous Coward
    Anonymous Coward

    Just Laugh

    ....Hard and Loud at the FB losers!

    They will all get what they rightly deserve.

    No one would leave their door keys in the lock when leaving the home, so if they are stupid enough to leave their personal information with someone they have never met, they deserve, indeed asking for the trouble they will receive.

  20. Mark H

    Did they ask Facebook's permission before carrying out this work?

    If not why not?

  21. RajSri

    Its so frustrating and weird to see the comment from the FB spokesperson. Hello Sir, have you heard of insider attach which contributes to the max number of hacking incidents in any organization. What the researchers have done is one form of insider attach were they had taken advantage of the special status given to the IP addresses and hacked your system. It is good that it were researchers but imagine if some one with malicious intent had done it.

This topic is closed for new posts.

Other stories you might like