Facebook Founder Accused of Hacking Into Rivals' Email 261
An anonymous reader notes a long piece up at BusinessInsider.com accusing Facebook founder Mark Zuckerberg of hacking into the email accounts of rivals and journalists. The CEO of the world's most successful social networking website was accused of at least two breaches of privacy. In a two-year investigation detailing the founding of Facebook, Nicholas Carlson, a senior editor at Silicon Alley Insider, uncovered what he claimed was evidence of the hackings in 2004. "New information uncovered by Silicon Alley Insider suggests that some of the complaints [in a court case ongong since 2007] against Mark Zuckerberg are valid. It also suggests that, on at least one occasion in 2004, Mark used private login data taken from Facebook's servers to break into Facebook members' private email accounts and read their emails — at best, a gross misuse of private information. Lastly, it suggests that Mark hacked into the competing company's systems and changed some user information with the aim of making the site less useful. ... Over the past two years, we have interviewed more than a dozen sources familiar with aspects of this story — including people involved in the founding year of the company. We have also reviewed what we believe to be some relevant IMs and emails from the period. Much of this information has never before been made public. None of it has been confirmed or authenticated by Mark or the company." The single-page view doesn't have its own URL; click on "View as one page" near the bottom.
And you thought Mob Wars was nasty (Score:5, Funny)
Lawyers throughout the US just had orgasms....
Wow.. (Score:2, Insightful)
just wow.
So will he get a mug shot now? (Score:2)
So will he get a mug shot now?
Re: (Score:2)
Re: (Score:2)
Unauthorized access sounds criminal to me. Penalty ceilings probably go way up too, and Zuckerberg's billions are probably starting to look tempting.
Re: (Score:2)
Re: (Score:2)
IANAL, but the window of limitations for criminal prosecution doesn't begin until the crime is (or should have been) discovered. Just because it was hidden for so long doesn't mean he gets away with it.
Re:So will he get a mug shot now? (Score:5, Informative)
Good thing you are not a lawyer, it's from the date it was committed.
The point of such statutes is because after a long time has passed, the defense is less able to form a coherent defense since a lot of the evidence is gone.
Re:So will he get a mug shot now? (Score:4, Informative)
Good thing you are not a lawyer, it's from the date it was committed.
The point of such statutes is because after a long time has passed, the defense is less able to form a coherent defense since a lot of the evidence is gone.
I Am Not A Lawyer, but I have a reasonable amount of experience doing legal research:
Actually both parent and grandparent are correct. Generally, in civil cases where the standard is preponderance of the evidence or which was more likely, the statute of limitation is from the discovery of the damage, most of the controlling case law in the US in civil matters was established in the dalkon shield cases against A. H. Robins Company. a three year statute of limitations was held to not protect A. H Robbins 16 years after the faulty product was sold, and 15 years after the initial discovery of injury, but less then three years after the discovery of severe internal damage.
The standards for criminal law are not preponderance of evidence, but beyond a reasonable doubt, and in criminal law, the statute of limitations are a way of saying that there is reasonable doubt by the passage of time, so we will not even try the case because the burden of proof cannot be met. Therefore criminal matters tend to have a statute of limitations that runs from the commission of the crime.
Re: (Score:3, Informative)
Actually, it can also be the case that the statute of limitations applies when the crime was discovered, not necessarily when it was committed. I am told this is especially so if they're trying to convict someone of "habitual criminal". I only know of this because a friend had to file embezzlement charges against an employee who had been stealing from him for longer than the statute of limitations and he was able to get them convicted of the entire string of crimes stretching back several years.
In civil cou
Re: (Score:3, Funny)
The staue of limitations kicks end after the crime is completed.
If it is ongoing, then it would kick in when over.
IANAL but I have watched Law and Order. The sound wasn't on but I think I got the gist of it.
Re: (Score:2)
I couldn't find a resolution to that case however recently
On February 14th, 2010, lead singer Doug Fieger died in Woodland Hills, California after battling both brain and lung cancer for several years.
Bruce Gary died from lymphoma on August 22, 2006 at the age of 55.
Of the four original members of The Knack (Fieger, Berton Averre - Guitar, Prescott Niles - Bass, and Bruce Gary - Drums), only Averre and Niles still currently play as The Knack.
http://en.wikipedia.org/wiki/The_Knack [wikipedia.org]
Re: (Score:2)
Re: (Score:3, Funny)
So will he get a mug shot now?
If he does, do you suppose he'll use it for his Facebook profile?
Re: (Score:3, Funny)
Why would he? He's a CEO, he's supposed [tvtropes.org] to act like a cartoon villain [tvtropes.org].
The world makes a lot more sense when you stop assuming that various businessmen, politicians etc. are trying to further their self-interest in a rational, if ruthless, manner, and instead treat them as villains in a farcical drama movie. That way you don't have to wonder why someone who already has three billions would risk everything to get a fourth, or something to that effect. The implications of that
Serious Allegations (Score:5, Insightful)
Re:Serious Allegations (Score:4, Insightful)
What about all the e-mails, calendars, documents and what not else that people store with Google? Are they no less to be wary of?
Re:Serious Allegations (Score:5, Funny)
The difference (Score:5, Insightful)
The heads of Google take their job seriously. Zuckerberg is just a douchebag who was at the right place at the right time.
Re:The difference (Score:4, Interesting)
Re:Serious Allegations (Score:5, Funny)
Re: (Score:2, Funny)
Do they have sarcasm on your planet?
Sarcasm?!!
Sarcasm is prevarication and prevarication is sarcasm. Wake Up! Sarcasm is just as evil as all the other rhetorical devices.
Re: (Score:2, Funny)
Wow. That was *so* insightful.
Re: (Score:2)
Re: (Score:3, Interesting)
Of course we should be wary of them, but hopefully this sort of thing will help drive enough people to use secure email to get a critical mass.
As it is, I can't encrypt most of my outbound mail, because people don't have public keys (even unsigned ones are a lot better than nothing), and most people's clients don't seem to automatically save keys and then apply them when replying, which is really needed if we want non-technical people to use encryption.
IMO, all mail programs should prompt the user to choose
Re:Serious Allegations (Score:5, Informative)
Re: (Score:2, Insightful)
Re:Serious Allegations (Score:5, Funny)
Re:Serious Allegations (Score:4, Insightful)
If you were paranoid about it, why bother even giving them your password in the first place?
Re: (Score:2)
Amateur. I created a whole new one-time-use email account for that. You're totally going to get hacked, and I'm gonna laugh. You have viruses in your chips!
Facebook users get what they deserve (Score:5, Insightful)
Web 2.0 has proven itself nothing more than a private takeover of the public infrastructure of the net. FB wants to displace everything from email to irc. If people want to commit their information to sharks who want to mnetize their personal information, they get what they deserve.
Re: (Score:2)
My only question is, the alleged hacking took place in 2004, how does it take until 2010 for it to be presented as news on Slashdot?
Re: (Score:2, Funny)
My only question is, the alleged hacking took place in 2004, how does it take until 2010 for it to be presented as news on Slashdot?
Sounds about right for Slashdot.
Re: (Score:3, Funny)
Re: (Score:2)
Ai (Score:2)
Different password (Score:2)
Actually it was when my account started spamming wall postings with links to Chinese drug sites I changed my password to something unique, but still, virtually the same thing.
Re:Different password (Score:5, Informative)
Re: (Score:2)
Correct. http://lastpass.com/ [lastpass.com] is one of very few cloud services that actually understands that for me to have trust in them they must design the infrastructure accordingly.
There ought to be more than a few people at Slashdot working with cloud companies. I'd love to hear some explanations as to why they believe "oh don't worry, your data can only be seen by our admins and we trust them!" should satisfy the needs of a large corporation :)
Re: (Score:2)
Feel free to study how it works before replying ;) They have all my passwords - encrypted. They cannot decrypt them.
That's how cloud services should work.
Re: (Score:2)
"If" is a very powerful word. There are many possible "ifs" that can protect against an evil cloud service provider as well (hashed snippets of code, client side verification of updates etc) if we would feel the need.
The point is, it's not possible for a rogue admin at Lastpass to sneak a peek (or copy) user data. At most cloud companies, it's routine.
I'm somewhat amazed this isn't a huge topic for discussion in the SaaS space.
Re: (Score:2)
That depends on the type of service. Agree, some cloud services do need to perform manipulation of client data - but not all. Those that don't only need to expose APIs but allow all manipulation to take place client side, with client side decryption (just like lastpass).
Moving from symmetric to asymmetric cipher would increase the amount of services that can be encrypted even further. Yes, it would be computationally more expensive, and storage requirements would increase, but it would at least mean that cl
Re: (Score:2, Interesting)
I was basically thinking about services such as Amazon EC2 et al, and the possibility of outsourcing computing power from inside an organization into the cloud, and my observation that such an organization cannot really escape having to trust the administrators of the cloud facility, since there is no way of securing a cloud server's memory against the cloud organization's administrators.
Yes, Lastpass does not fall into this category at all, and seems potentially secure.
Re: (Score:2)
Re:Different password (Score:5, Interesting)
Facebook also had a thing "give us your gmail or hotmail password and we'll log in and retrieve your contact email addresses and offer you to add them as friends if they have a Facebook account already" - presumably they stored those passwords as well.
Re:Different password (Score:5, Insightful)
And I had a thing, "Anyone who asks for your password is lying. Don't give it to them. And if they say they really need it, don't do business with them."
Of course, it was 1989. But the neckbeard taught me right.
Re:Different password (Score:4, Interesting)
Yeah, Linkedin.com also asks for passwords to your multiple email accounts to scan them for contacts. Wow. What a gold mine that could be. If there's an email addy that they don't know or a name they don't recognize, they could start spamming them for registrations and, potentially, saying a friend or colleague provided your email address to us thinking you might be interested in joining our social club....
Re: (Score:2)
I don't think they stored the passwords (even so I changed my password after letting fb have it), but I'm pretty sure they keep track of everyone you have emailed. I started a work email and it suggested most of the same friends. Even though it was in a different country with a slightly different name. Unless of course, they figured someone with the rare last name of "Smith" must know all the same people.
Re: (Score:2)
I'm still stunned that people would actually give out their passwords.
Re: (Score:2)
So what you're saying is that you use the same password for everything else? I guess that means whoever guesses your email password now also has your online banking password...but whew, your Facebook account is safe. :)
Stupid Users (Score:3, Informative)
I suggest you use 4 types of passwords, one for accounts that wouldnt effect u much, one for email, one for social sites and IM, and one for bank accounts; with none of the passwords having anything to do with each other, e.g redball, orangeball,greenball... or whiteball, soccer, redflag
this "hack" was probably just stupid curiosity which will probably get him arrested, and once that happens he will loose a lot of control of the company.
Re:Stupid Users (Score:5, Insightful)
Actually, Facebook directly asks you for your email password so it can "Automatically connect you to others" through your ISP information (phonebook, etc.). They get quite clever with it, even using the ISP's logo, making it seem like it is an official service of the ISP.
This goes a bit beyond, "stupid." This is a confidence scam.
--
Toro
Re:Stupid Users (Score:5, Informative)
using the same password for their email account as they do with their social networking sites then people should expect to be compromised.
I suggest you use 4 types of passwords, one for accounts that wouldnt effect u much, one for email, one for social sites and IM, and one for bank accounts; with none of the passwords having anything to do with each other, e.g redball, orangeball,greenball... or whiteball, soccer, redflag ... as this limits the guess work.
Supposedly they did,
"Here's how Mark described his hack to a friend:
Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members' Harvard email accounts. He successfully accessed two of them."
this "hack" was probably just stupid curiosity which will probably get him arrested, and once that happens he will loose a lot of control of the company.
I have no idea whether this stuff it true or provable, but if the article is accurate this wasn't curiosity. This was some seriously immoral/dishonest stuff.
Re:Stupid Users (Score:5, Interesting)
Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members' Harvard email accounts. He successfully accessed two of them.
This is why I always have an "OH &*#$#^!" moment whenever I accidentally enter the wrong password into the wrong form. It's a mad rush to change the password to whatever service/server the password really belongs to. Thankfully, it's usually different usernames...
Re: (Score:2)
If HTTP was designed correctly, web sites would never have a copy of a password you typed into a password entry field, ever. Secure hashing would be trivial, for example, making it a practical impossibility for a web site to determine what the original password was. All that would be stored would be a hash that was only good for logging into that web site.
Re: (Score:2)
This is why SuperGenPass [supergenpass.com] is your friend. Using one (or more) master password, you quickly generate a unique password for each domain you log in to, all through a handy bookmarklet. Also there's no password storage (except an optional hash for validation), so you don't have to worry about password product XYZ being hacked.
Re: (Score:3, Funny)
>one for accounts that wouldnt effect u much
YOU are the CANCER that is KILLING the INTERNET
Not Really Surprised (Score:5, Insightful)
Re:Not Really Surprised (Score:5, Insightful)
Best comment on the story.
While we must note, that accusations are only accusations. I could accuse you of rape right now. Wouldn’t make it a single bit more true.
But Zuckerberg to me has no better moral standards than a criminal. You know. Like an agent of some totalitarian state. Or like someone who steals other people’s identities for a living.
I really want Facebook to die and be replaced by a version that honors privacy. Something with an ethical code.
Oh, even better: A P2P social network. Wouldn’t that be something?
Re: (Score:2)
You want a *social* network where everything is private ?
Something like JohnDoe917 has just added you, JaneDoe375 likes this, etc ?
Finding friends will be a blast. Search for JohnDoe ... 7 million results, would you like to narrow your search ? Sorry, no extra criteria available, everything is private.
It's supposed to be public that's the whole point. If you don't want it public, don't post it in the first place.
Re: (Score:3, Insightful)
The point is to honour what the user wishes to be private. Facebook lured people in by saying everything you post is private if you wish it to be, or only available for your friends to view. But then it became obvious how much money could be made by targeted advertising if this were not the case, and suddenly the rules changed mid game.
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
About P2P social network - XMPP aka Jabber just allows that :)
Re: (Score:2)
A person with flawed ethical standards tends to do unethical things.
Gross abuse and misuse of electronic communication has been a staple of Government and Corporations for the better part of 170 years, starting with the telegraph system.
The only difference between then and now is that communications channels have become decentralized.
The ability and desire to tap into those systems still exists and has never gone away.
Re: (Score:3, Interesting)
They also tend to gather people around them who have similar ethics. For everything he has done, who knows what his employees have done, either independently or at his request.
Re:Not Really Surprised (Score:5, Informative)
And that's not even mentioning the history of accusations against Zuckerberg for questionably ethical behavior:
http://www.rollingstone.com/news/story/21129674/the_battle_for_facebook [rollingstone.com]
Re: (Score:2)
Exactly. I laughed when I read this:
The CEO of the world's most successful social networking website was accused of at least two breaches of privacy.
I'd find it strange if he hadn't committed more breaches of privacy than you can count on two hands, even when counting in binary. But then again, maybe we should just listen to what he said earlier:
Privacy is no longer a social norm. [slashdot.org]
After all, how can you breach something that no longer exists? And if that doesn't work, who said anything about doing no evil?
Breach of privacy (Score:5, Insightful)
Re: (Score:2)
Nah. Same old light. I kinda expected him to do even worse things.
And that’s why I am very cautious, since all that happened, is somebody accusing him. It’s illegal to leave out the “accused” (e.g. in newspapers) in Germany for a very good reason.
Let’s see how it turns out in court.
It could just still also be a competitor who tries not-so-nice methods to get some of Facebook’s user share.
Re: (Score:3, Insightful)
What else? (Score:3, Funny)
Did he offer to buy the Caprica Bucs as well?
Re: (Score:2)
Too soon!
He'll Probably Get Off Easy (Score:5, Insightful)
A friend once made the observation that no big-time, fast-track success story in the world of IT ever makes it without doing something that gets them into serious hot water at least once. Once they do that, they offer a bunch of mea culpas, make a few donations here and there, then make bank. (The slow-track success stories don't usually fit that theory.)
This is a bit different, seeing as he's already made bank, and it's a skeleton coming out of the closet, but I still think he'll get off easy.
Remember, it's not how much justice you can get, it's how much you can afford.
Re:He'll Probably Get Off Easy (Score:5, Interesting)
Laws in America are so complex and vague that the average american commits three felonies a day [wsj.com]. The same difficulties apply to companies. Even something as straightforward as paying a CEO takes legal specialists dedicated to that specific area of law. Even think of the difficulties of complying with Sarbanes Oxley from an IT perspective. It takes time to set up all the infrastructure, and if you were a startup, you may not even have had a dedicated sys admin. Then suddenly you have all these regulations you have to comply with.
Not that I'm trying to excuse Zuckerberg. If he was stealing other people's emails, he should go to jail, a much better candidate for jailtime than Terry Childs.
Re:He'll Probably Get Off Easy (Score:4, Insightful)
Yeah so many pitfalls like accidentally hacking into people's email accounts using stolen passwords.
Is that something like the woman falling on your cock and you accidentally raping her?
Color me surprised... (Score:5, Informative)
http://www.guardian.co.uk/technology/2010/jan/11/facebook-privacy [guardian.co.uk]
The rise of social networking online means that people no longer have an expectation of privacy, according to Facebook founder Mark Zuckerberg.
Talking at the Crunchie awards in San Francisco this weekend, the 25-year-old chief executive of the world's most popular social network said that privacy was no longer a "social norm".
Wasnt Mark (Score:3, Interesting)
n00bsauce (Score:4, Interesting)
This just in (Score:2)
In related news, something about hacking some email accounts as well.
That's the issue with all those 'cloudy' things (Score:3, Insightful)
The issue is my ASS: Availability, Safety, Security.
I want my apps and data to be accessible at all times. Even when I'm off-line, or they are, or somethings dies in-between.
I want my data to be safe, which means off-site, off-line backups.
I want my data to be secure, which means no hacking. For every high-visibility CEO that gets caught, how many 3rd-world subcontractors' trainees don't ?
Re:That's the issue with all those 'cloudy' things (Score:4, Insightful)
The issue is my ASS: Availability, Safety, Security.
Sensible things to want. Are you willing to pay what it takes to get them? Availability is expensive. So is Safety. And Security makes everything else more expensive and awkward (sometimes not much more expensive – ssh is very good for example – but the cost over being without security is still there, even if it is worth it).
More to come (Score:2, Insightful)
Expect a lot more of these stuff.
The people who start social networks are a different breed than those that cooked up tech startups of past decades.
Well Duh! (Score:2, Funny)
And this is why don't provide any site any more information that the bare minimum that it needs.
Nah. Facebook is a scam.
Now excuse me, I've got to update my status.
Re: (Score:2)
I like this.
temporary password (Score:2)
Reason #1352... (Score:2)
no surprise (Score:2, Interesting)
Uh, where's the hacking? (Score:3, Interesting)
It took me about 10 minutes to skim through the backstory, but it's pretty sparse on the details and supporting evidence.
"Instead, he decided to access the email accounts of Crimson editors and review their emails. How did he do this? Here's how Mark described his hack to a friend:"
Oh, a friend said Mark said... right.
"Nevertheless, during 2004, Mark Zuckerberg still appeared to be obsessed with ConnectU. Specifically, he appears to have hacked into ConnectU's site and made changes to multiple user profiles, including Cameron Winklevoss's."
"At one point, Mark appears to have exploited a flaw in ConnectU's account verification process to create a fake Cameron Winklevoss account with a fake Harvard.edu email address."
It "appeared" that way? According to whom, and based on what?
Seriously, the whole article is a long string of "it looks like" and "he said she said Mark said" with nothing to back any of it up.
Re: (Score:2)
he said she said Mark said
So wait, Mark's not He or She?
Nothing about this is surprising (Score:5, Interesting)
1) I believe he stole Facebook from the ConnectU founders. I believe the assertions that he was hired as a developer and dragged his feet while forming his own company which eventually became Facebook.
2) I believe he has no scruples when it comes to Facebook users' data. He has publicly stated that he knows what's best for "his" users and this arrogance shines through every time the UI is abruptly changed.
3) I believe he will do whatever he pleases with users' information. I don't think that privacy laws provide guidance to him but instead are constraints that he will bypass given any opportunity.
I'm pleased to see that he is being publicly exposed - I doubt anything will come of it - but am glad for him to be seen as he truly is, an arrogant and unscrupulous bad person. This latest revelation may finally send him where he belongs . . .
banking.
Re: (Score:2)
Power corrupts . . . (Score:2)
Re:And what will the Register say? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Funny)
Of course, otherwise where's the Paris Hilton angle?
Re: (Score:2)
Re: (Score:2)
There, fixed that for you. Not all hacking is bad, nor is all hacking criminal activity.
Re: (Score:2)
Elwood: Illinois Nazis.
Jake: I hate Illinois Nazis.
Re: (Score:2)