A rash of clickjacks has led to the spread of violent and pornographic images across Facebook in the last day, causing outrage among users and raising concerns that it is part of an attack by a faction of the hacker group Anonymous.
The attack demonstrates the vulnerability of the service to social engineering attacks that take advantage of Facebook's application framework. It uses a link disguised as a seemingly innocuous news story as bait—made more prominent thanks to the recent changes Facebook made in how it displays users' timelines. Once the bait is clicked, it uses the victim's news feed to spread the offensive images to followers, and further propagate the clickjack bait.
Some of the images spread by the attack, including images of Justin Beiber edited into sexual situations and photos of animal cruelty, are characteristic of the ____ site's "b" discussion board where the ______ group was born, Sophos senior technology consultant Graham Cluely reported in the Naked Security blog. Previously, messages purportedly from _______ had threatened to take down Facebook on Guy Fawkes Day, November 5, in protest over Facebook's weak privacy protections—an attack that failed to materialize on that date. The attack does come, however, on the heels of Facebook reaching an agreement with the Federal Trade Commission to alter its policies to make all future changes to privacy settings "opt in."
No one purporting to be associated with ______ has taken credit for the clickjack so far, but it is driving users away from the service.