You are viewing a read-only archive of the Blogs.Harvard network. Learn more.

Koobface: Hacking the Credibility of Friends

In the past two weeks, I’ve received a number of Facebook messages with unprintable subjects and what resembled YouTube links. It turns out I’m a little late on this, but these messages are really the Koobface worm that has been making the rounds on Facebook and MySpace since early August. Suspecting spam, I had deleted the messages right away. But then I took a step back and thought, “Why don’t I see more viruses on Facebook?” This was the first time I had encountered a worm on Facebook, and I can’t find any reports of it happening on the site before.

Don’t get me wrong, I’m perfectly happy with that situation; I’m just surprised more people haven’t taken advantage of it. What the Koobface is worm purposely exploits is the social credibility that drives online networking. We lend more credibility to our friends than a complete stranger, and that difference may be enough to make us click the link. To use Facebook as a particular example, the value of the site lies in how easily it allows users to share and receive information with people whom they care about. Every Page I “fan,” every band I put in my profile, every group I join is essentially an endorsement capitalizing on my credibility within my social network. The Social Ads campaign attempted to monetize this principle, and perhaps the backlash to that campaign, all top of privacy issues, was also colored by the unease of one’s credibility being used for the monetary gain of a third party.

This credibility of friends concept has been thoroughly exploited through email attachment viruses, such as the Love Bug. From a security standpoint, Facebook is in a much better position than individual email hosting services to eliminate any worms in its system. (Perhaps early action is the reason this isn’t more common?) It is in Facebook’s interest to protect the credibility of its users and thus the integrity of its site, so their response has been immediate and serious. A Facebook Security page is dedicated to dealing with these issues.

The whole subject of computer viruses reminded of the excellent Mattathias Schwartz article on trolling in NYT Magazine. It has already been covered from a different angle, but I wanted to pull out a quote that especially struck me. Despite these attacks that aim to undermine the very credibility of friends, the view out is not necessarily pessimistic:

So far, despite all this discord, the Internet’s system of civil machines has proved more resilient than anyone imagined. As early as 1994, the head of the Internet Society warned that spam “will destroy the network.” The news media continually present the online world as a Wild West infested with villainous hackers, spammers and pedophiles. And yet the Internet is doing very well for a frontier town on the brink of anarchy. Its traffic is expected to quadruple by 2012. To say that trolls pose a threat to the Internet at this point is like saying that crows pose a threat to farming.

In drafting up this post, I tried looking for research on how youth determine with credibility of friends and applied that to the digital world. What I found was a good deal more information on youth and the credibility of media, including the excellent “Digital Media, Youth, and Credibility” volume of The MacArthur Foundation’s series on Digital Media and Learning that John Palfrey blogged about just last week. (I had also spent the summer interning at MacArthur – it’s good to be back blogging with Digital Natives.) The issues of friends and credibility are complex and extend well into the offline world, but I’m curious to explore this a little further. If anyone has any resources, insights, opinions to share, leave them and a follow-up post may be in order!

– Sarah Zhang