Facebook Clickjacking

Facebook Clickjacking

Facebook clickjacking has been an ongoing problem with the social media network over the years and finally Facebook has decided to take the issue to court.  Some of you may not know what clickjacking is, but chances are you’ve experienced it if you use the social media site.  Here’s the definition that Wikipedia gives us for clickjacking:

Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.[1][2][3][4] A vulnerability across a variety of browsers and platforms, a clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.[5]

The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008. The exploit is also known as UI redressing.

So how would you know if you’ve experienced Facebook clickjacking?  Well if you’ve clicked on a link inside of Facebook and it suddenly sent out that link to the rest of your network without asking for your permission prior to doing so, then you’ve experienced Facebook clickjacking.

Facebook Clickjacking | The Case

Facebook really wants to clear up this problem before they begin their IPO (initial public offering) sometime in the near future.  The supposed clickjacking perpetrators that Facebook is taking to court is a group called Adscend.  Mashable explains Facebook’s defense in their recent article on the Facebook clickjacking case:

“Security is an arms race,” said Facebook general counsel Ted Ullyot said in a post on the site. “And that’s why Facebook is committed to constantly improving our consumer safeguards while pursuing and supporting civil and criminal consequences for bad actors.”

The Attorney General of Washington state filed a separate lawsuit, also accusing Adscend Media of clickjacking.

“We don’t ‘like’ schemes that illegally trick Facebook users into giving up personal information or paying for unwanted subscription services through spam,” said Washington State Attorney General Rob McKenna with a nod to one of Facebook’s most well-known features. “We applaud Facebook for devoting significant technical and legal resources to finding and stopping scams as soon as possible, and often before they even start. We’re proud to join forces in order to protect Washington consumers.”

It probably doesn’t hurt either that Facebook spends tons of money lobbying Washington each year, which has helped them to gain a lot of high profile government friends over the years.

To give you an example of a Facebook clickjacking scheme, usually a copywriter will write up a post offering some great incentive and then when a user clicks on the add, the “like” button is embedded within the link, so they unintentionally like the post and this is then shared with their entire network.

Facebook Clickjacking | Adscend’s Defense

Adscend is denying all claims about clickjacking and say that all of their practices are completely legal and abide by Facebook regulations engaging in no deception whatsoever.  Here’s what Adscend had to say about the Facebook clickjacking claims:

“Adscend Media will provide a vigorous defense against these false claims. Adscend Media strictly complies with its legal obligations under federal and state law. We are undertaking an investigation to determine whether any of Adscend Media’s affiliates engaged in the activity alleged by the Attorney General’s office and Facebook. If they did, we are fully certain that the activity was conducted without the company’s knowledge.”

So basically they are claiming that they have no knowledge of Facebook clickjacking, but it’s possible that their affiliates were engaging in this practice.  Facebook truly wants to present itself as a company that is constantly trying to fight security threats especially since they are going public very soon.  What do you think about the Facebook clickjacking case?
Image attribution: http://webcovery.com/page/5/