Facebook: The New Soft Security Target

Microsoft has been a hackers’ target par excellence. With a desktop monopoly and a big browser share, Microsoft code was always the best target, for the hacker who wanted to abuse, frighten or exploit the largest number of people possible.

Before about 2002, the situation was worse. Microsoft had a justifiably poor reputation for security practice in building its software, and the company was an easy target – as well as the one which delivered most victims because of its market share.

That old battle is more or less over. Microsoft products – especially older ones like Windows XP – still get a lot of attacks. But companies have – by and large – got the hang of keeping track of those attacks, and Microosft issues regular updates under the Patch Tuesday regime.

The new security frontier is social networking

But new targets have emerged for hackers. Users increasingly run apps in their browsers, and spend more time on social networking sites. While on those sites, some behave very strangely (for instance, hacking an ex’s account to substantiate a rape claim), while others simply let their guard down. After all, they are socialising. And that makes them easy prey.

A bar is the best place to pick up a lost-or-stolen phone, because people relax when they are enjoying themselves. And people have fun on Facebook, so that is the place where they are more likely to to slip up on security.

It will be a big problem for business. There are 400 million people on the site, and many of them are using it for work purposes. Businesses have realised that Web 2.0 is now the main security risk, and Facebook could be the number one target for hackers hitting the social networks – though obviously Skype, Yahoo and others are also in the frame.

What makes it worse is that – while not in the same league as Microsoft pre-2002 – Facebook doesn’t inspire confidence.

It is showing worrying signs of unfortunate security lapses such as the one that exposed user chats last week. There are widespread reports of malware in the adverts that Facebook presents to users and, whenever a user password is compromised, that user’s friends can be hit by scams and other nuisances.

More worryingly, Facebook has a somewhat cavalier attitude to user privacy – founder Mark Zuckerberg believes users don’t require the same level of privacy they used to. The criticism of the company has increased further with its “instant personalisation” tool which shares data with third parties. This attitude problem is enough to cause concern to the US government.

And Facebook’s response is a typical big-company response. It is very defensive. The company has hired the biggest hot-shot lawyer it could get – Tim Muris, the ex-boss of the Federal Trade Commission. That looks like the action of a company that has decided it is right and wants to deflect criticism any way it can.

Rightly or wrongly, Facebook is now seen as an essential tool for many people’s business and professional lives. That makes it a target.

With the current controversy over its privacy functions, Facebook is probably also feeling beleagured, and may be more concerned to defend itself rather than work on genuine issues that crop up. It may well turn out not be fully prepared for the coming hacker onslaught.