Facebook Denies Hijack
A group calling itself "Control Your Info" appears to have taken control of several dozen Facebook groups, inserting its own logo and stating "Hello, we hereby announce that we have officially hijacked your Facebook group."
With a link back to a site, the apparent members -- using the names "Bella Roregit," "Burstin Woltan" and "Janis Roukkos" -- began leaving their mark on various Facebook groups intended for topics that include entertainment, business and sports. The Control Your Info statements declared: "This means we control a certain part of the information about you in Facebook. If we wanted, we could make you appear in a bad way which could damage you severely."
According to the Control Your Info Web site, the group's mission is to bring attention to security weaknesses in social media.
"Social media has become a natural part of most people's daily lives. Unfortunately, the security aspects of social media have been more or less neglected." Control Your Info did not immediately respond to a request for comment about its activities.
Facebook, however, has issued a statement about the incident that says, "There has been no hijacking and there is no confidential information at risk. The groups in question have been abandoned by their previous owners, which means any group member has the option to make themselves an administrator in order to continue communication to the group. Group administrators have no access to private user information and group members can leave a group at any time. For small groups, administrators can simply edit a group name or info, moderate discussion and message group members. The names of large groups cannot be changed nor can anyone message all members. In the rare instances when we find a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups."
Some users in the groups affected by the Control Your Info takeover were obviously displeased about the turn of events and scornful of Control Your info's explanation about how it's making a point about security by taking control.
"I have an idea, why don't I teach you about traffic safety by running you over with my car? wrote one irate Facebook user in a group that had been commandeered by Control Your Info. "Is that how it works?
Michael Sutton, vice president of security research at zScaler, said he doesn't think the Control Your Info takeovers constitute a major security concern. That's because the person who creates a group of this sort on Facebook is by default the administrator, and when this individual decides to abandon that by de-listing as the admin, anyone else in the group can step in to promote themselves be the administrator. That's the way Facebook designed this type of group and is clear about it, though other types of Facebook groups, such as closed ones, have different security procedures. In that case, the Control Your Info people simply did a search to discover the type of Facebook groups that had the administrator position abandoned, and stepped in with their dramatic hijacking routine. "This is really making a mountain out of a molehill," he said.