Facebook disputes researchers’ claims it was hit by socialbots

2 Nov 2011

Social networking giant Facebook has hit out at claims by university researchers that its systems have been compromised by an army of socialbots that infiltrated the social network using false personal profiles and made away with 250GB of user information.

Earlier today, we reported on claims by a research team at the University of British Columbia in Vancouver that it was able to create programmes that resembled humans and managed to infiltrate Facebook. The findings are included in a report titled The Socialbot Network: When Bots Socialize for Fame and Money.

Over the course of an eight-week investigation, the researchers deployed 102 socialbots onto the social network and each bot was able to assume a name and profile picture of a fictitious person and friend requests were sent to more than 5,000 random accounts.

The researchers claimed a 19pc success rate in the first two weeks and a 59pc success rate in the following six weeks.

However, Facebook has disputed the findings on the grounds that the test – which it says may have been illegal – was not realistic as it came from a trusted university address.

It warned also that because its security systems learn from behaviour such an attack could cause extra security checks to be imposed on people associated with the IP addresses used in the tests.

Facebook also said the research team’s results do not tally its own analysis, claiming it was able to disable more of the bad accounts far quicker than the team claims.

“We have numerous systems designed to detect fake accounts and prevent scraping of information,” a spokesman explained.

“We are constantly updating these systems to improve their effectiveness and address new kinds of attacks. We use credible research as part of that process.

“We have serious concerns about the methodology of the research by the University of British Columbia and we will be putting these concerns to them.

“In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behaviour they observe on the site,” the spokesperson said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com