2 Aug 2013

How hackers are hijacking your Facebook ‘likes’

Facebook likes are at the heart of the site’s interactive appeal. But Channel 4 News can reveal that cyber criminals are hijacking users’ accounts to like pages their victims want nothing to do with.

At first sight, Richard Southard looks like a regular Facebook user. He likes a couple of dozen films, TV shows, and a handful of games.

But then you see the number of pages he likes: 4,787.

Apparently Richard Southard likes everything from “Sex and Sexy Girls” to “Muscle Gain Supplements” and even “I Love Welding”.

Except that he doesn’t. Channel 4 News tracked down the real Richard Southard. He is a senior executive at a US TV network, and told us he believes his profile has been hacked.

“I don’t think I’ve ever ‘liked’ something. I don’t really have time for Facebook,” he said. “I went in there a little while ago and noticed there were lots of likes. I tried to delete them, but then they came back.”

Watch Dispatches on Monday at 8pm: Celebs, Brands and Fake Fans

Fans for sale

Mr Southard’s thousands of likes are just a fraction of the 4.5 billion likes on Facebook every day – a figure that has grown by 67 per cent since last year.

But Channel 4 News has uncovered evidence that this growth is fuelled in part by computer hacking, with cyber criminals breaking into websites and using viruses to stoke a massive black market in Facebook likes.

As Facebook has grown to 1.15 billion users, gaining “likes” or fans, the social network has become a valuable marketing opportunity for companies. One social intelligence company put the value of a like at £114, and the number of Facebook fans – along with Twitter followers and YouTube hits – has become a marker of popularity in the digital age.

But while legitimate marketing businesses have sprung up to help boost fans, there are just as many illegitimate companies that offer fans for sale.

An ‘uncomfortable feeling’

Penny Walker: Facebook profile page

Mr Southard was one of 1,000 people who liked a page set up by Channel 4 News, as part of the Data Baby investigation.

We bought batches of Facebook fans from online companies – a bargain, at just £12.99 for 500 – and asked them to be assigned to a cupcake fan page and a brownie fan page, created by our Data Baby identity Rebecca Taylor.

Read more: Introducing the Channel 4 News Data Baby

Within three days, the likes arrived, including one from Richard Southard’s account. Another was from Penny Lewis (pictured), a chef in Abergavenny, Wales. As well as Rebecca’s brownie fan page, Penny’s account has liked “Hot Fun”, “Polygamy Uncensored” and “Matters of Size”, a penis enlargement site.

These “likes” show up on her account’s news feed and can be viewed by all her Facebook friends.

Ms Lewis told Channel 4 News: “I never considered that there would be any reason not to feel safe about Facebook.

“I didn’t realise that it could be abused. It’s an uncomfortable feeling. It’s embarrassing to think that my friends would think I like some of these pages”.

Someone, somewhere, had taken the money and delivered the service by hacking Richard and Penny’s Facebook accounts – and more.

Facebook likes

‘A serious industry’

Who are the businesses behind these dodgy practices? The first company Channel 4 News bought likes from, New Pixel Studio, said it outsourced its “likes” service. New Pixel Studio then cancelled the service altogether after it was revealed how some of the likes purchased had come from hacked accounts.

We traced the service back to a company called Social Booster. When contacted by Channel 4 News a representative of the company claimed that it had recently changed hands and did not respond to further requests for information.

Channel 4 News contacted 10 other companies which sell “likes” on Facebook, none of whom would speak on the record about the service they sell. Several admitted using fake accounts to “like” the specified pages.

There’s a lot of people doing it, people are making livings from it – it’s a very tangible thing that’s happening. Richard Baxter, SEO Gadget

But the trade in Facebook fakery is booming. A search on one of the more popular forums for selling fake Facebook likes showed 14,000 people offering the service.

Richard Baxter, managing director of SEO Gadget told Channel 4 News: “Unfortunately I think there are probably as many people involved in the illegitimate side of this kind of marketing, as there are in the legitimate side of marketing. This is a serious industry. There’s a lot of people doing it, people are making livings from it – it’s a very tangible thing that’s happening.”

As well as making a product look popular, Facebook likes can translate directly into cash.

“If you’ve created a Facebook page, it’s adding lots of value, there are lots of people visiting that page regularly. You could put up a small advertisement or a link to another website and generate some commission from the referral of that traffic if a sale occurs.” said Mr Baxter.

How it works

Facebook told Channel 4 News that Richard Southard’s computer had malware installed that was allowing likes to be attached to his account. The company said that it checks over 25 billion actions every day for spam and fake profiles – and that Facebook does not permit the buying and selling of likes.

But Facebook is not stopping everyone, and there are a number of ways to get around its restrictions – in fact, there are so many fast-changing scams that it is difficult to keep up with them.

One former hacker, who did not want to be named, told Channel 4 News that once a certain type of malware is installed – perhaps via a spam email – the person controlling it could easily use someone’s Facebook account to “like” specified pages. In the past, “Stuart” has created a program that allowed the owner to control hundreds of accounts at a time, making them “like” photos, status updates and pages en masse within a matter of minutes. But after two months of the product being on sale, he received a cease and desist order from Facebook.

In the background, these accounts would be being created, potentially attacking other sites – and you’d have no idea whatsoever. James Lyne, Sophos

Another popular method is to use hijacked personal computers to create hundreds of fake Facebook accounts, which can then be controlled by the cyber criminals, says Sophos security expert James Lyne. This makes it much harder for Facebook to identify the fake accounts, as they are created from a variety of different places.

He is aware of between 15,000 and 25,000 new and unique instances of web pages created every day, that can trigger computers to install some kind of malicious malware – and can be visited by any number of people. All of this goes on without the user noticing.

“Your browser would crash, you would reopen your browser and carry on with what you were doing, and in the background, these accounts would be being created, potentially attacking other sites – and you’d have no idea whatsoever,” said Mr Lyne.

“So it’s quite possible right now, lots of people at home are running this malicious code without knowing it.”

Investigation by Geoff White and Meabh Ritchie

1. Check your Facebook privacy settings are correct
2. Periodically check your Facebook likes to make sure nothing fishy has occurred
3. Make sure you update your internet browser software (Firefox, Chrome, Internet Explorer etc)
4. Make sure you update your operating system regularly (Microsoft Windows, Mac OS, Linux, etc)
5. Install and regularly update some reputable anti-virus software
Read more: Facebook fakery - how to protect your account

Following our investigation Facebook has taken action to remove certain pages flagged up in connection with fake “likes”. A spokesman told Channel 4 News: “A like that doesn’t come from someone truly interested in connecting with the brand benefits no one. If you run a Facebook page and someone offers you a boost in your fan count in return for money, our advice is to walk away – not least because it is against our rules and there is a good chance those likes will be deleted by our automatic systems.

“We investigate and monitor ‘like-vendors’ and if we find that they are selling fake likes, or generating conversations from fake profiles, we will quickly block them from our platform.”