Mark Zuckerberg's Facebook page hacked
It was for only a few minutes, but on Tuesday, a hacker was able to gain access to Facebook founder Mark Zuckerberg's fan page and post a thoughtful status update.
The hacker's message mused about why Facebook was going to the big banks for capital rather than choosing a "microfinancing" option and letting average people invest in the company.
The poster wrote: "Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Prize winner Muhammad Yunus described it? What do you think? #hackercup2011".
The hack was noticed and deleted quickly. But it was up long enough to generate more than 500 comments and have more than 1,800 people "like" the update.
Facebook has made no public statement about how the hack occurred and computer security expert Chris Davis, the CEO of Defence Intelligence, says it remains a mystery what happened.
"At this point we have no idea," he told CTV's Canada AM Monday from Ottawa.
Davis says on Tuesday night, he logged on to some mailing lists in the security industry that he's part of and asked around, but everyone noted that Facebook is keeping quiet about the incident.
"They're staying very tight-lipped about this," Davis said. "I even know some security people at Facebook and I reached out to them and they came back with ‘Can't talk about it.'"
Davis says it's possible that someone within Facebook itself posted the message.
"The overwhelming opinion – and this is just an opinion -- is that this was an inside job. It was a joke – maybe a joke gone wrong," Davis said.
Some have suggested Zuckerberg may have been careless with his password and someone was able to guess it. Or it may be that because Zuckerberg's page is likely handled by a number of people, the hacker first gained access to one of these assistants' accounts and then got access to the Zuckerberg page.
Another possibility is that Zuckerberg was "sidejacked," meaning his login details were stolen over the air through a wireless network. Finally, it's possible that Zuckerberg simply picked a password that was really easy to guess.
Davis notes that while the hack was big news to the rest of the world, inside the Internet security industry, there has been almost no communication about it at all.
"All the large security companies – the Symantecs, the MacAfees, people like that -- none of their researchers were talking about it publicly."
"I think it's because Facebook is a US$50 billion company," he said. "…If you're a company like a Symantec or a MacAfee, you want that business. You don't want to speak out of turn."
Davis point out that the fallout could have been a lot worse.
"I find it fascinating that they when they got access like that, they went after Zuckerberg's page to essentially poke fun… when what they could have done with that is use it to hack or compromise hundreds of other systems of other people," he said.