By Alex Wigglesworth | 12 July 2018 | 11:10amHacking a fake profile on Facebook can be as easy as typing in a username and password, according to experts.
The process, called impersonation, is often done in order to trick people into signing up with a fake account that is then used to post content and share information that the person does not want others to see.
A study published in the Journal of Cybersecurity, for example, showed that some 3.3 per cent of people said they had faked their Facebook profiles in the last three months.
But now researchers at Stanford University and Cornell University have found a way to hack into Facebook’s internal infrastructure and use the information they obtain to make fake accounts.
“This is the first time we have actually used that data to create fake accounts and fake Facebook accounts,” said John Schmitt, a researcher at the University of Michigan, who led the study.
“We think it’s a way for people to create an identity online without necessarily being detected.”
In this case, we can get access to data like your password.
“The researchers used a custom-built botnet to make more than 100,000 fake Facebook profiles for the purpose of exploiting Facebook’s own code to identify and compromise its internal infrastructure.”
Facebook’s code is so complex that a single botnet could make thousands of Facebook accounts, and potentially millions of Facebook users,” Mr Schmitt said.”
The botnet was able to take advantage of Facebook’s privacy policies and build an incredibly sophisticated botnet that could use this information to build fake Facebook pages.
“He said the technique could be used to target individuals, including governments and financial institutions, as well as to gain information about the Facebook accounts of those who post on the social media platform.”
When you put together a botnet like that, it can easily and rapidly gain access to Facebook’s data,” Mr Schlmitt said, noting the number of fake accounts is not known.”
For example, if you have 10,000 Facebook accounts and you’re just going to take one of them down, it could have hundreds of thousands of accounts.
“The technique is known as impersonation because Facebook posts are sent through fake accounts, not real ones.”
It’s not like if you’re making a Facebook profile for your ex-girlfriend,” Dr Schmitt told ABC News.”
So if you were to impersonate someone who’s a friend, it wouldn’t necessarily be a bad thing.
“But it would still have the same effect of making you appear to be the person you’re pretending to be.”
The method was discovered by Mr Schlimts team after the social network noticed a high number of people posting fake accounts on their site.
“As a result of this, we were able to identify about 2,500 accounts that we knew were posing as friends,” Mr Schwett said.
The research found that more than half of the accounts used by the bots were fake.
While the researchers were able get access into Facebook accounts using the botnet, the method can only be used for a limited number of users.
“Once the accounts are compromised, it’s like if the person in that account can access their information,” Dr Schwett explained.
“If you are impersonating someone, the only thing you’re doing is taking their username and passwords and putting them into your botnet.”
However, the researchers said that they were able exploit the technique to get access in more than 200 of the most common social media accounts, including Facebook and Instagram.
“There are tens of thousands if not hundreds of millions of accounts that Facebook is aware of,” Dr Schlmitt explained.
Facebook has since responded to the research and warned users that the company had been hacked and that a password reset was required.
“While the research team has been in contact with the research group, we cannot confirm or deny that the research has been conducted in any way,” a Facebook spokesperson said in a statement.
“Our research is focused on finding ways to help protect our users from cybercrime.
We are continuing to work with law enforcement agencies, cyber security researchers, and others in our industry to help prevent this from happening again.”
The researcher also said that he believed Facebook could be hacked using the same method.
“I think that Facebook could have been hacked by a different group using a similar method, but I don’t think that it’s impossible,” he said.