A Facebook security flaw, discovered by University of Iowa researchers, can lead to the misrepresentation of how popular a post is.
UI and Lahore University of Management Science researchers found a flaw in Facebook’s security allowing collusion networks to offer fake likes in return for access to accounts. They found more than 1 million likes from these networks.
The process took almost two years to complete. The first half was spent planning the study and collecting the data, which they did by creating their own “honeypot” Facebook pages to find the collusion networks and learn about them.
A “honeypot” is a computer software used to, in this case, act as a decoy network to gain information from attacks on information systems such as Facebook.
After they had analyzed the collusion networks, the researchers collaborated with Facebook to create a set of countermeasures to test on the networks. The only problem, researchers said, was finding a solution that wouldn’t disrupt the rest of the social-media platform.
“When they change this flaw, this is going to impact legitimate applications as well, so we need to find solutions that aren’t going to impact the current work flow of Facebook, and without changing the infrastructure,” said Shehroze Farooqi, a UI Ph.D. student and member of the research team.
Many different types of countermeasures were tested to analyze how much of a blow they dealt to the collusion networks.
“Facebook wanted to collaborate in a way that we would work together to shut down these collusion networks,” Farooqi said.
RELATED: UI ITS department vigilant against hacking schemes
The team employed countermeasures such as access-code restriction and rate limits, which curb activity, but none worked. They created an initial drop in activity, but the researchers wanted to completely stop the collusion networks, Farooqi said. The countermeasure that finally worked was blocking the networks’ access server.
The countermeasures remained in place until April. Then Facebook started implementing its own plans to shut down the collusion networks.
“We have addressed the activity described in this research, and we are no longer seeing it on our platform,” a Facebook spokesperson said in a statement to CBS News. “Meanwhile, we are investigating different techniques that could be used to generate inauthentic likes in smaller volumes. We will take the appropriate action to help ensure that connections and activity on our service are authentic.”
Farooqi noted that while researchers did find the collusion networks, they can’t currently make any real conclusions about who wants these extra likes and why.
“I’ve been asked about who wants these likes, but we can’t say anything definite about that right now,” he said. “That’s something we would like to investigate in the future.”
Farooqi said people have been asking him about everything from Russian connections to people who want to get famous.
One demographic that would certainly benefit from likes are businesses, UI business student Claudio Tekeli said.
“Especially in today’s world, social media is super popular to get to your audience with what you’re trying to sell,” Tekeli said.
When posts generate a large number of likes, they could appear at the top of someone’s feed, which would help businesses promote their products, UI graduate student Garrett Danelz said.