Home > Technology > Mark Zuckerberg Facebook fan page hack: who was behind it?

Mark Zuckerberg Facebook fan page hack: who was behind it?

There are some clues left in the hacking of Mark Zuckerberg’s Facebook fan page on Wikipedia – but what do they add up to?
Facebook chief Mark Zuckerberg’s fan page was hacked. Photograph: Robert Galbraith/Reuters
I decided to follow up some of the trail left in the Mark Zuckerberg Facebook fan page hacking incident.
(Update: Facebook tells us that “A bug enabled status postings by unauthorised people on a handful of Pages. The bug has been fixed.”)
only – and best clue – is the link left by the hacker in the status
update posted on Zuckerberg’s wall, which reads “Let the hacking
begin: if facebook needs money, instead of going to the banks, why
doesn’t Facebook let its user invest in Facebook in a social way? Why
not transform Facebook into a ‘social business’ the way Nobel Price
[sic] winner Muhammad Yunus described it? http://bit.ly/f26rT3 What do
you think? #hackercup2011″
That contains a bit.ly link. Well, you can find out what the original URL is by adding a plus on the end, so: http://bit.ly/fs6rT3+
From which we can see that about 17,000 people clicked the link. Not
bad (though we have to say that Julian Assange gets more clicks when he
appears on the Guardian … but we digress).
begin with the second part of the long link – the part that starts
“thanksforthecup”: it’s URL-encoded (so “%3D” actually stands for the
character “=”, “%26” for “&”) and leads to a Facebook photo page for the Hacker Cup, a competition run by Facebook itself. So the hacker is saying he thinks he should get the cup. OK, we get it.
back to the first part. If you just click the link, you’ll be taken to
Wikipedia’s page about social business. But not the latest version – to
a specific version in its edit history.
That version
was up for two minutes. That version leads to a web consultancy in the
US mid-west. I have contacted the owner who emphatically denies that he
had anything to do with it, and I have no reason to doubt him as IP
addresses are easily spoofed.
Crucially, the edit was only on Wikipedia for two minutes
on Tuesday 25 – between 19.17EST and 19.19EST – suggesting that whoever
must have created the edt with the link and then deleted it straight
afterwards, but kept the link to the version he had edited. Then he or
she encoded the link for the photo and attached it to the Wikipedia
link, and stuffed the whole lot into bit.ly. Then, having got the
shortened link, he or she went and updated the status on the fan page.
other words, we might be able to find the hacker if we can find out who
changed the Wikipedia page. Unfortunately, it wasn’t done by a
registered user. But because of Wikipedia’s clever tracking system, you
can see the IP of non-registered users: there it is at the top of the
edit page in the screenshot: You can also see what articles machines at that IP address have edited – a very mixed bag–- and also how edits from that IP have been increasingly smacked down by Wikipedia editors
(latest on that page coming from October 2009: “Please stop your
disruptive editing. If you continue to vandalise Wikipedia, as you did
at Lyoto Machida, you will be blocked from editing.”
So who’s behind A quick whois query tells you that it is… the US department of defence in Williamsburg.
other words: this might be someone in the military. Most likely those
edits don’t come from one person – they come from all sorts of people
in the Williamsburg location. Or, just as possible, it was someone who
had hacked into the computers there from outside (not as difficult as
you’d hope it would be) and is using them as a proxy to make the
Wikipedia edit, and, quite possibly, hack Zuckerberg’s page. (We’ve
asked Facebook whether Zuckerberg’s page was accessed from that IP, but
haven’t had an answer yet.)
Technology Blog
Categories: Technology
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: