Facebook has lifted the lid on the security systems they use to protect their enormous userbase from spam. Facebook Immune System, as it has been called, uses artificial intelligence to detect spam, and monitors literally everything posted on the site – every photo, link, status update, video and more. This adds up to about 650,000 actions per second. That is a huge amount of data to sift through. The system uses user complaints as well as keywords and has proved effective enough that only 4% of content posted on Facebook is spam. When a spam attack broke out last April, luring people into inputting computer code directly into their browser with the hopes of getting a free iPad, the site was able to create a signature and tackle the issue almost immediately.
Social media spam exploits the trust that users have in their friends. That trust gets people to fall for scams they wouldn’t give a second look to had they been sent via email because most people now know to never click links in email from strangers. Spammers are likely to be working on new and better ways to use that trust to their advantage, and the social networking equivalent of a botnet may be one of them.
Researchers at the University of British Columbia have created what they call socialbots. These bots open Facebook accounts and pretend to be real people. They then send friend requests out to random people. Users that accept the request have the personal info (email and postal addresses, birthdates, etc) harvested and the bot also sends friend requests to everyone on their friends lists (because most people are more willing to accept friend requests from people who share mutual friends with them) and the cycle continues. The harvested info would make a targeted phishing attack and even identity theft a possibility. While socialbots don’t appear to exist outside of the ones the researchers created to test Facebook’s security system, the fact that they are possible and that they were able evade detection by FIS is worrisome to say the least.