Two Ukrainian men used online quizzes to lure more than 60,000 Facebook users into installing malicious browser extensions that leaked their profile data and friends lists to offshore servers, according to a federal lawsuit filed by the company.
Andrey Gorbachov and Gleb Sluchevsky allegedly used the browser extensions to overlay their own advertisements onto Facebook’s news feed when their victims visited through the compromised browsers, The Daily Beast reported on Friday.
Facebook, in its lawsuit filed on Friday, alleged that the Kiev-based entrepreneurs violated Californian and federal anti-hacking laws, and sued them for fraud and breach of Facebook’s terms of service.
The company also alleged that the scheme primarily targeted Russian-language victims.
“As a result of installing the malicious extensions, the app users effectively compromised their own browsers because… the malicious extensions were designed to scrape information and inject unauthorized advertisements when the app users visited Facebook or other social networking site,” the company wrote.
Both defendants are affiliated with a company called the Web Sun Group.
“In total, defendants compromised approximately 63,000 browsers used by Facebook users and caused over $75,000 in damages to Facebook,” the company claims in its civil complaint, citing the cost of rooting out the activity.
Stung by spread of fake news and privacy violations, Facebook on Monday announced several new tools to protect 2020 US elections from being manipulated by nation-state bad actors, and avoid the repeat of 2018 presidential elections hit by Russian interference.
The social networking giant launched “Facebook Protect” to secure the accounts of elected officials, candidates, their staff and others who may be particularly vulnerable to targeting by hackers and foreign adversaries.
“Beginning today, Page admins can enroll their organization’s Facebook and Instagram accounts in ‘Facebook Protect’ and invite members of their organization to participate in the programme as well,” said three top Facebook executives in a lengthy blog post.
Participants will be required to turn on two-factor authentication, and their accounts will be monitored for hacking, such as login attempts from unusual locations or unverified devices.
“If we discover an attack against one account, we can review and protect other accounts affiliated with that same organization that are enrolled in our programme,” said Guy Rosen, VP of Integrity at Facebook.
The company said it has seen people failing to disclose the organization behind their Page as a way to make people think that a Page is run independently.
To address this, Facebook is adding more information about who is behind a Page, including a new “Organizations That Manage This Page” tab that will feature the Page’s “Confirmed Page Owner”, including the organization’s legal name and verified city, phone number or website.
Initially, this information will only appear on Pages with large US audiences that have gone through Facebook’s business verification.
A new US Presidential candidate spend tracker will share ad details across national, state and regional levels.
“We’ll also make it clear if an ad ran on Facebook, Instagram, Messenger, or the Audience Networks,” said Facebook.
Next month, Facebook will begin labelling media outlets that are wholly or partially under the editorial control of their government as state-controlled media.
This label will be on both their Page and in Facebook Ad Library.
“We will hold these Pages to a higher standard of transparency because they combine the opinion-making influence of a media organization with the strategic backing of a state,” said Katie Harbath, Public Policy Director, Global Elections.
Facebook said it will update the list of state-controlled media on a rolling basis beginning in November.
In early 2020, Facebook plans to expand its labeling to specific posts and apply these labels on Instagram as well.
The company said that over the next month, content across Facebook and Instagram that has been rated false or partly false by a third-party fact-checker will start to be more prominently labeled so that people can better decide for themselves what to read, trust and share.
“The labels below will be shown on top of false and partly false photos and videos, including on top of Stories content on Instagram, and will link out to the assessment from the fact-checker,” informed Nathaniel Gleicher, Head of Cybersecurity Policy and Rob Leathern, Director of Product Management.
Facebook also announced an initial investment of $2 million to support projects that empower people to determine what to read and share – both on Facebook and elsewhere. (IANS)