Is Myspace Satan?

Posted June 24th, 2007 by

I’m sitting here on a lazy Sunday afternoon contemplating this question. Hi, my name’s Mike and I’m a security geek. =)

Yes, Myspace is evil when my wife blows a whole week by designing some really cool pictures just so she can put them on MySpace, so I have a little bit of bias (I mean, my $diety, how many times does your profile name need to be changed per day). =)

But it’s interesting if you go poke around on $favorite_search_engine for something like “myspace spam spyware connection”, you start to find some interesting articles.

Looking around, it should be a little bit of an eye-opener if you’re naive and living in the backwoods of Idaho. I’m willing to bet that at the heart of most social networking sites there is a little PII-gathering daemon that threatens to share our innermost secrets for $5 per thousand. I’m pretty sure that my old boss in startup land had a history of playing with Herbalife, pr0n, and spam^wopt-out marketing, and we were building shopping cart software. Makes me cringe to think that the endgame was selling information, only they didn’t tell me about it. =)

But then again, I don’t think we’ve figured out yet what to do with the massive amounts of data aggregation that google does on the average web user.

But anyway, I’ve been thinking about a social networking attack over the past couple of years that works like this:

  • Build social networking site (let’s call it MikeSpace for the purpose of simplicity, shall we?)
  • Harvest email addresses and names from MikeSpace registrations
  • Sell email addresses and names
  • Make a seed file using MikeSpace account names and passwords
  • Probe email accounts using the seed file
  • Auto-forward email accounts to your Big Data Hoover (TM)
  • Spider other social networking sites using the seed file
  • Point the Big Data Hoover at the accounts you’ve compromised
  • Agressively pursue password recovery on other sites using captured email accounts
  • Data warehousing and some bayesian analysis to determine each user’s preferences
  • Sell the aggregated information on people for mucho dinero
  • ????
  • Profit!

About now, all of you are checking the Interweb to see if I’m behind any social networking sites. Rest assured, I’m not, but the scary thing is that when I’m stepping through this process, I can visualize the database backend and the core code for each step of the ‘sploit.

Nor is this a new idea. My friend Lempi always wanted to create her own cult along the same lines, but she was beaten to the punch by some people who will not be named because they actively sue. =)

Similar Posts:

Posted in Diary of a Startup, Hack the Planet, Odds-n-Sods | 2 Comments »

2 Responses

  1.  shrdlu Says:

    Nah, it’s not Satan (or even SATAN ;-). It’s just the latest and greatest in a series of weapons that few people have gotten around to picking up and using (against you).

    It seems to be that there are two waves of Internet technology: the first, or pilot wave, in which there is a small community and things are fine; and then the larger “here comes the neighborhood” wave, when the rest of the world comes in, bringing with it the usual proportion of scum (and by “scum” I mean both psychos and marketers).

    First email wave. Then came AOHell. First came Bitnet Relay and IRC, over seventeen years ago, and then came AIM, Yahoo and MSN. There were “home pages” way before you could really get yourself in trouble on MySpace.

    Thing is, I’m not terribly certain that someone isn’t already quietly doing what you just proposed here …

  2.  Darren Couch Says:

    yeah, but unless it had a feel of “japanese girls gone wild” and someone to write the code for him (ie you) that old boss couldn’t figure out anything good but to hire you and blame his failings on same.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: