Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Founder Accused of Hacking Into Rivals' Email

Posted by kdawson on from the what-we-in-bitter-tears-did-sow dept.

An anonymous reader notes a long piece up at BusinessInsider.com accusing Facebook founder Mark Zuckerberg of hacking into the email accounts of rivals and journalists. The CEO of the world's most successful social networking website was accused of at least two breaches of privacy. In a two-year investigation detailing the founding of Facebook, Nicholas Carlson, a senior editor at Silicon Alley Insider, uncovered what he claimed was evidence of the hackings in 2004. "New information uncovered by Silicon Alley Insider suggests that some of the complaints [in a court case ongong since 2007] against Mark Zuckerberg are valid. It also suggests that, on at least one occasion in 2004, Mark used private login data taken from Facebook's servers to break into Facebook members' private email accounts and read their emails — at best, a gross misuse of private information. Lastly, it suggests that Mark hacked into the competing company's systems and changed some user information with the aim of making the site less useful. ... Over the past two years, we have interviewed more than a dozen sources familiar with aspects of this story — including people involved in the founding year of the company. We have also reviewed what we believe to be some relevant IMs and emails from the period. Much of this information has never before been made public. None of it has been confirmed or authenticated by Mark or the company." The single-page view doesn't have its own URL; click on "View as one page" near the bottom.

59 of 261 comments (clear)

  1. And you thought Mob Wars was nasty by Anonymous Coward · · Score: 5, Funny

    Lawyers throughout the US just had orgasms....

  2. Wow.. by Anonymous Coward · · Score: 2, Insightful

    just wow.

  3. Serious Allegations by Afforess · · Score: 5, Insightful

    This is a serious allegation. With all of the information Facebook aggregates, they potentially could unlock many people's emails and various other accounts with the family and personal information. Lots of people use simple things like their pets or parents birthdays as those reminder question answers, and Facebook could easily hold all the correct information to gain access to those accounts. If this case is proven true, I can see some new laws on how companies with this kind of information have to structure and protect it. Hopefully people will wake up and stop putting their personal information where Facebook and others can see...

    --
    If our elected representatives no longer represent us, do we still live in a Democracy?
    1. Re:Serious Allegations by jo42 · · Score: 3, Insightful

      What about all the e-mails, calendars, documents and what not else that people store with Google? Are they no less to be wary of?

    2. Re:Serious Allegations by Anonymous Coward · · Score: 5, Funny

      Yeah but Google is different. They are nice. They do no evil, right?

    3. Re:Serious Allegations by icepick72 · · Score: 4, Informative

      Don't forget the facebook Friend Finder asks for your email account password to log into your email account automatically and match your contacts against the facebook user base. Although they promise not to keep that password, they could.

    4. Re:Serious Allegations by Draykwing · · Score: 2, Insightful

      Why do you think that when I used it, I changed my password, gave them the changed one, and immediately after changed it to a third, unrelated password?

    5. Re:Serious Allegations by Selfbain · · Score: 5, Funny

      Do they have sarcasm on your planet?

      --
      Well, it has never been successfully tested.
    6. Re:Serious Allegations by Capsaicin · · Score: 2, Funny

      Do they have sarcasm on your planet?

      Sarcasm?!!

      Sarcasm is prevarication and prevarication is sarcasm. Wake Up! Sarcasm is just as evil as all the other rhetorical devices.

      --
      Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
    7. Re:Serious Allegations by gparent · · Score: 5, Funny

      Because you're Jason Bourne?

    8. Re:Serious Allegations by TehDuffman · · Score: 2, Funny

      My only question is, the alleged hacking took place in 2004, how does it take until 2010 for it to be presented as news on Slashdot?

      Sounds about right for Slashdot.

    9. Re:Serious Allegations by Sir_Lewk · · Score: 3, Insightful

      If you were paranoid about it, why bother even giving them your password in the first place?

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    10. Re:Serious Allegations by Philip_the_physicist · · Score: 2, Interesting

      Of course we should be wary of them, but hopefully this sort of thing will help drive enough people to use secure email to get a critical mass.

      As it is, I can't encrypt most of my outbound mail, because people don't have public keys (even unsigned ones are a lot better than nothing), and most people's clients don't seem to automatically save keys and then apply them when replying, which is really needed if we want non-technical people to use encryption.

      IMO, all mail programs should prompt the user to choose a key when they add an account, and if they don't have one already, create one and start using it.

    11. Re:Serious Allegations by Dishevel · · Score: 2, Funny

      Wait till its reported again in 30 minutes with a different title.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
  4. Stupid Users by muphin · · Score: 3, Informative

    using the same password for their email account as they do with their social networking sites then people should expect to be compromised.

    I suggest you use 4 types of passwords, one for accounts that wouldnt effect u much, one for email, one for social sites and IM, and one for bank accounts; with none of the passwords having anything to do with each other, e.g redball, orangeball,greenball... or whiteball, soccer, redflag ... as this limits the guess work.
    this "hack" was probably just stupid curiosity which will probably get him arrested, and once that happens he will loose a lot of control of the company.

    --
    It's not a typo if you understood the meaning!
    1. Re:Stupid Users by Torodung · · Score: 5, Insightful

      Actually, Facebook directly asks you for your email password so it can "Automatically connect you to others" through your ISP information (phonebook, etc.). They get quite clever with it, even using the ISP's logo, making it seem like it is an official service of the ISP.

      This goes a bit beyond, "stupid." This is a confidence scam.

      --
      Toro

    2. Re:Stupid Users by quantaman · · Score: 5, Informative

      using the same password for their email account as they do with their social networking sites then people should expect to be compromised.

      I suggest you use 4 types of passwords, one for accounts that wouldnt effect u much, one for email, one for social sites and IM, and one for bank accounts; with none of the passwords having anything to do with each other, e.g redball, orangeball,greenball... or whiteball, soccer, redflag ... as this limits the guess work.

      Supposedly they did,

      "Here's how Mark described his hack to a friend:

      Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members' Harvard email accounts. He successfully accessed two of them."

      this "hack" was probably just stupid curiosity which will probably get him arrested, and once that happens he will loose a lot of control of the company.

      I have no idea whether this stuff it true or provable, but if the article is accurate this wasn't curiosity. This was some seriously immoral/dishonest stuff.

      --
      I stole this Sig
    3. Re:Stupid Users by Culture20 · · Score: 4, Interesting

      Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members' Harvard email accounts. He successfully accessed two of them.

      This is why I always have an "OH &*#$#^!" moment whenever I accidentally enter the wrong password into the wrong form. It's a mad rush to change the password to whatever service/server the password really belongs to. Thankfully, it's usually different usernames...

    4. Re:Stupid Users by Bob+Cat+-+NYMPHS · · Score: 2, Funny

      >one for accounts that wouldnt effect u much

      YOU are the CANCER that is KILLING the INTERNET

      --
      The latest Slashdot meme.
  5. Re:Different password by santax · · Score: 5, Informative

    And what if all those other sites have a admin that can't be trusted? It's really not about facebook this issue. It's about broken trust and you can't really protect yourself against it. At least not if you want to use their services.

  6. Not Really Surprised by Kartoffel · · Score: 5, Insightful

    When you look at Facebook's dismal history of privacy policies and changes, it's really not that surprising. A person with flawed ethical standards tends to do unethical things.

    1. Re:Not Really Surprised by Hurricane78 · · Score: 4, Insightful

      Best comment on the story.

      While we must note, that accusations are only accusations. I could accuse you of rape right now. Wouldn’t make it a single bit more true.

      But Zuckerberg to me has no better moral standards than a criminal. You know. Like an agent of some totalitarian state. Or like someone who steals other people’s identities for a living.

      I really want Facebook to die and be replaced by a version that honors privacy. Something with an ethical code.
      Oh, even better: A P2P social network. Wouldn’t that be something?

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
    2. Re:Not Really Surprised by Dracos · · Score: 2, Interesting

      A person with flawed ethical standards tends to do unethical things.

      They also tend to gather people around them who have similar ethics. For everything he has done, who knows what his employees have done, either independently or at his request.

    3. Re:Not Really Surprised by im_thatoneguy · · Score: 5, Informative

      And that's not even mentioning the history of accusations against Zuckerberg for questionably ethical behavior:

      http://www.rollingstone.com/news/story/21129674/the_battle_for_facebook

    4. Re:Not Really Surprised by Pecisk · · Score: 2, Interesting

      About P2P social network - XMPP aka Jabber just allows that :)

      --
      user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
    5. Re:Not Really Surprised by daver00 · · Score: 2, Insightful

      The point is to honour what the user wishes to be private. Facebook lured people in by saying everything you post is private if you wish it to be, or only available for your friends to view. But then it became obvious how much money could be made by targeted advertising if this were not the case, and suddenly the rules changed mid game.

    6. Re:Not Really Surprised by digitalchinky · · Score: 2, Insightful

      WTF is wrong with having some information public, some information accessible to your friends, other information only for your family, etc. The parent said nothing at all about wanting a social network that is entirely private. He wants a social network that honors its privacy protocols and access controls. For the duration. Is that too much to ask? Apparently you are incapable of comprehending there might just be an option B somewhere between A and C.

      Since when did social networks have to be everything or nothing?

  7. Re:And what will the Register say? by Kartoffel · · Score: 4, Funny

    If at all possible, they'll use the word "boffin" in there somewhere, too.

  8. Breach of privacy by SilverHatHacker · · Score: 5, Insightful

    Kinda puts his comments that "No one has any reasonable expectation of privacy anymore" into a whole new light, doesn't it?

    --
    Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
    1. Re:Breach of privacy by SilverHatHacker · · Score: 2, Insightful

      Very true; let's be careful not to forget he is innocent until proven guilty, regardless of how likely this may seem given his recent words and actions.

      --
      Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
  9. What else? by spruce · · Score: 2, Funny

    Did he offer to buy the Caprica Bucs as well?

  10. He'll Probably Get Off Easy by IonOtter · · Score: 4, Insightful

    A friend once made the observation that no big-time, fast-track success story in the world of IT ever makes it without doing something that gets them into serious hot water at least once. Once they do that, they offer a bunch of mea culpas, make a few donations here and there, then make bank. (The slow-track success stories don't usually fit that theory.)

    This is a bit different, seeing as he's already made bank, and it's a skeleton coming out of the closet, but I still think he'll get off easy.

    Remember, it's not how much justice you can get, it's how much you can afford.

    --
    [End Of Line]
    1. Re:He'll Probably Get Off Easy by phantomfive · · Score: 4, Interesting

      In fairness, in the corporate world there are so many pitfalls that it's essentially impossible to navigate through them all without a strong team of lawyers and accountants.

      Laws in America are so complex and vague that the average american commits three felonies a day. The same difficulties apply to companies. Even something as straightforward as paying a CEO takes legal specialists dedicated to that specific area of law. Even think of the difficulties of complying with Sarbanes Oxley from an IT perspective. It takes time to set up all the infrastructure, and if you were a startup, you may not even have had a dedicated sys admin. Then suddenly you have all these regulations you have to comply with.

      Not that I'm trying to excuse Zuckerberg. If he was stealing other people's emails, he should go to jail, a much better candidate for jailtime than Terry Childs.

      --
      Qxe4
    2. Re:He'll Probably Get Off Easy by GigsVT · · Score: 3, Insightful

      Yeah so many pitfalls like accidentally hacking into people's email accounts using stolen passwords.

      Is that something like the woman falling on your cock and you accidentally raping her?

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
  11. Color me surprised... by xlsior · · Score: 4, Informative

    He isn't exactly known to believe in privacy in the first place, after all:

    http://www.guardian.co.uk/technology/2010/jan/11/facebook-privacy
    The rise of social networking online means that people no longer have an expectation of privacy, according to Facebook founder Mark Zuckerberg.
    Talking at the Crunchie awards in San Francisco this weekend, the 25-year-old chief executive of the world's most popular social network said that privacy was no longer a "social norm".

  12. Re:Different password by Bronster · · Score: 5, Interesting

    Facebook also had a thing "give us your gmail or hotmail password and we'll log in and retrieve your contact email addresses and offer you to add them as friends if they have a Facebook account already" - presumably they stored those passwords as well.

  13. Wasnt Mark by gmuslera · · Score: 2, Interesting

    Was Chuck Norris

  14. n00bsauce by cosm · · Score: 3, Interesting

    The hilarity would be if his tracks could be traced down through their own system's perverse logging, maybe then would he regret his company's policy of practically 100% data retention. Pwned Mark Fuckerberg. Pwned.

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
  15. That's the issue with all those 'cloudy' things by obarthelemy · · Score: 2, Insightful

    The issue is my ASS: Availability, Safety, Security.

    I want my apps and data to be accessible at all times. Even when I'm off-line, or they are, or somethings dies in-between.

    I want my data to be safe, which means off-site, off-line backups.

    I want my data to be secure, which means no hacking. For every high-visibility CEO that gets caught, how many 3rd-world subcontractors' trainees don't ?

    --
    The Cloud - because you don't care if your apps and data are up in the air.
    1. Re:That's the issue with all those 'cloudy' things by dkf · · Score: 3, Insightful

      The issue is my ASS: Availability, Safety, Security.

      Sensible things to want. Are you willing to pay what it takes to get them? Availability is expensive. So is Safety. And Security makes everything else more expensive and awkward (sometimes not much more expensive – ssh is very good for example – but the cost over being without security is still there, even if it is worth it).

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
  16. More to come by oldhack · · Score: 2, Insightful

    Expect a lot more of these stuff.

    The people who start social networks are a different breed than those that cooked up tech startups of past decades.

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  17. Well Duh! by coaxial · · Score: 2, Funny

    And this is why don't provide any site any more information that the bare minimum that it needs.

    Nah. Facebook is a scam.

    Now excuse me, I've got to update my status.

  18. Re:Different password by Anonymous Coward · · Score: 5, Insightful

    Facebook also had a thing "give us your gmail or hotmail password and we'll log in and retrieve your contact email addresses and offer you to add them as friends if they have a Facebook account already" - presumably they stored those passwords as well.

    And I had a thing, "Anyone who asks for your password is lying. Don't give it to them. And if they say they really need it, don't do business with them."

    Of course, it was 1989. But the neckbeard taught me right.

  19. Facebook users get what they deserve by Anonymous Coward · · Score: 5, Insightful

    Web 2.0 has proven itself nothing more than a private takeover of the public infrastructure of the net. FB wants to displace everything from email to irc. If people want to commit their information to sharks who want to mnetize their personal information, they get what they deserve.

  20. no surprise by Anonymous Coward · · Score: 2, Interesting

    Anyone familiar with the mechanics of Facebook's rise to prominence should not be surprised at the alleged ethical and legal violations. Zuckerberg et al. hacked and social engineered their way into dozens of college freshman admit lists so they could be the first to get new students online. This is not speculation. The "virality" of early facebook was not viral at all, it was good old fashioned spam to ill-gotten mailing lists.

  21. Uh, where's the hacking? by Jeian · · Score: 2, Interesting

    It took me about 10 minutes to skim through the backstory, but it's pretty sparse on the details and supporting evidence.

    "Instead, he decided to access the email accounts of Crimson editors and review their emails. How did he do this? Here's how Mark described his hack to a friend:"

    Oh, a friend said Mark said... right.

    "Nevertheless, during 2004, Mark Zuckerberg still appeared to be obsessed with ConnectU. Specifically, he appears to have hacked into ConnectU's site and made changes to multiple user profiles, including Cameron Winklevoss's."

    "At one point, Mark appears to have exploited a flaw in ConnectU's account verification process to create a fake Cameron Winklevoss account with a fake Harvard.edu email address."

    It "appeared" that way? According to whom, and based on what?

    Seriously, the whole article is a long string of "it looks like" and "he said she said Mark said" with nothing to back any of it up.

  22. Nothing about this is surprising by Anonymous Coward · · Score: 5, Interesting

    This doesn't surprise me, only confirms what I've thought about Zuckerberg.

    1) I believe he stole Facebook from the ConnectU founders. I believe the assertions that he was hired as a developer and dragged his feet while forming his own company which eventually became Facebook.

    2) I believe he has no scruples when it comes to Facebook users' data. He has publicly stated that he knows what's best for "his" users and this arrogance shines through every time the UI is abruptly changed.

    3) I believe he will do whatever he pleases with users' information. I don't think that privacy laws provide guidance to him but instead are constraints that he will bypass given any opportunity.

    I'm pleased to see that he is being publicly exposed - I doubt anything will come of it - but am glad for him to be seen as he truly is, an arrogant and unscrupulous bad person. This latest revelation may finally send him where he belongs . . .

    banking.

  23. Re:Different password by Like2Byte · · Score: 3, Interesting

    Yeah, Linkedin.com also asks for passwords to your multiple email accounts to scan them for contacts. Wow. What a gold mine that could be. If there's an email addy that they don't know or a name they don't recognize, they could start spamming them for registrations and, potentially, saying a friend or colleague provided your email address to us thinking you might be interested in joining our social club....

  24. Re:Different password by hughperkins · · Score: 2, Interesting

    I was basically thinking about services such as Amazon EC2 et al, and the possibility of outsourcing computing power from inside an organization into the cloud, and my observation that such an organization cannot really escape having to trust the administrators of the cloud facility, since there is no way of securing a cloud server's memory against the cloud organization's administrators.

    Yes, Lastpass does not fall into this category at all, and seems potentially secure.

  25. Re:So will he get a mug shot now? by GigsVT · · Score: 4, Informative

    Good thing you are not a lawyer, it's from the date it was committed.

    The point of such statutes is because after a long time has passed, the defense is less able to form a coherent defense since a lot of the evidence is gone.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  26. Re:So will he get a mug shot now? by ehrichweiss · · Score: 2, Informative

    Actually, it can also be the case that the statute of limitations applies when the crime was discovered, not necessarily when it was committed. I am told this is especially so if they're trying to convict someone of "habitual criminal". I only know of this because a friend had to file embezzlement charges against an employee who had been stealing from him for longer than the statute of limitations and he was able to get them convicted of the entire string of crimes stretching back several years.

    In civil court one only need look at The Knack v. Run DMC where it's been since 1986 but The Knack are able to sue, so far, because they claim they knew nothing of the song "It's Tricky" until recently despite its massive popularity at the time.

    --
    0x09F911029D74E35BD84156C5635688C0
  27. The difference by copponex · · Score: 5, Insightful

    The heads of Google take their job seriously. Zuckerberg is just a douchebag who was at the right place at the right time.

    1. Re:The difference by Yvanhoe · · Score: 3, Interesting

      Just be prepared for the day they won't be in charge anymore.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  28. Re:So will he get a mug shot now? by Third+Position · · Score: 2, Funny

    So will he get a mug shot now?

    If he does, do you suppose he'll use it for his Facebook profile?

    --
    American Third Position
    Finally, a real choice!
  29. Re:So will he get a mug shot now? by JackieBrown · · Score: 2, Funny

    The staue of limitations kicks end after the crime is completed.

    If it is ongoing, then it would kick in when over.

    IANAL but I have watched Law and Order. The sound wasn't on but I think I got the gist of it.

  30. Re:So will he get a mug shot now? by ultranova · · Score: 2, Funny

    So will he get a mug shot now?

    Why would he? He's a CEO, he's supposed to act like a cartoon villain.

    The world makes a lot more sense when you stop assuming that various businessmen, politicians etc. are trying to further their self-interest in a rational, if ruthless, manner, and instead treat them as villains in a farcical drama movie. That way you don't have to wonder why someone who already has three billions would risk everything to get a fourth, or something to that effect. The implications of that are somewhat... disturbing.

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  31. Re:So will he get a mug shot now? by micheas · · Score: 3, Informative

    Good thing you are not a lawyer, it's from the date it was committed.

    The point of such statutes is because after a long time has passed, the defense is less able to form a coherent defense since a lot of the evidence is gone.

    I Am Not A Lawyer, but I have a reasonable amount of experience doing legal research:

    Actually both parent and grandparent are correct. Generally, in civil cases where the standard is preponderance of the evidence or which was more likely, the statute of limitation is from the discovery of the damage, most of the controlling case law in the US in civil matters was established in the dalkon shield cases against A. H. Robins Company. a three year statute of limitations was held to not protect A. H Robbins 16 years after the faulty product was sold, and 15 years after the initial discovery of injury, but less then three years after the discovery of severe internal damage.

    The standards for criminal law are not preponderance of evidence, but beyond a reasonable doubt, and in criminal law, the statute of limitations are a way of saying that there is reasonable doubt by the passage of time, so we will not even try the case because the burden of proof cannot be met. Therefore criminal matters tend to have a statute of limitations that runs from the commission of the crime.

    --
    Work bio at MMWD
  32. Re:And what will the Register say? by Philip_the_physicist · · Score: 2, Funny

    Of course, otherwise where's the Paris Hilton angle?

  33. Shocked... by facebook · · Score: 2, Funny

    I am absolutely shocked that someone would impersonate another human being for personal gain. What has the world come to?