Zuckerberg Gaslights Congress Before The Hearings Even Start [The Fix is in]

www.thedailybeast.com ^ | 04.10.18 5:02 AM ET | Kevin Poulsen

[Red Badger]

Mark Zuckerberg swears he found out just two weeks ago that bad actors were harvesting users’ private info by the millions. But the company was alerted long, long before that.

Facebook was warned five years ago that the “reverse-lookup” feature in its search engine could be used to harvest names, profiles, and phone numbers for virtually all its users. But the company ignored the red flags until last week, after it happened.

In prepared testimony to Congress released Monday, Mark Zuckerberg acknowledged that malefactors had used the reverse-lookup “to link people’s public Facebook information to a phone number,” he wrote (PDF). “When we found out about the abuse, we shut this feature down.” He said that Facebook only discovered the incidents two weeks ago.

Zuckerberg is set to testify at a joint hearing before the Senate’s Judiciary and Commerce committees on Tuesday, and then return to Capitol Hill on Wednesday to appear before the House Energy and Commerce Committee. This will be the first time Facebook’s billionaire founder and CEO has ever appeared before Congress. Last fall the company’s vice president and general counsel Colin Stretch appeared at the hearings probing Russia’s election interference campaign.

“You could use this technique to build up a database of phone numbers and associated accounts without targeting any specific phone number or account.” — Security researcher Bennett Haselton in 2013

The hearings are a response to last month’s revelations that Cambridge Analytica, a U.K.-based consulting firm that worked for the Trump campaign, harvested data on as many as 87 million Facebook users without their knowledge.

Facebook revealed the separate reverse-lookup data spill while responding to the Cambridge Analytica controversy.

The issue was that Facebook allowed users to find anyone on the site by entering either their phone number or email address. In 2010, computer science researchers in Greece showed how spammers could use that feature to validate address lists and “craft personalized phishing emails that are far more efficient than traditional techniques by using personal information publicly available in social networks” (PDF).

But Zuckerberg’s written testimony reveals for the first time that it was phone number lookups that were used in the large scale scraping. That’s a more potent weapon for bulk harvesting, because a data miner can programatically cycle through every possible phone number to get a complete corpus. With some exceptions—custom privacy settings or accounts with no phone number attached—sequential mining would yield every Facebook profile.

Facebook didn’t respond to inquiries for this story.

Though Facebook is professing surprise at the data spill, in 2013 security researcher Bennett Haselton warned Facebook publicly and privately of this exact scenario.

“You could use this technique to build up a database of phone numbers and associated accounts without targeting any specific phone number or account,” Haselton wrote in a prescient post to the technology website Slashdot. “Not only would you know the names associated with each of the numbers, you could associate the phone number with anything else that was discoverable from the person’s Facebook profile—which usually includes their location, their interests, and the names of their other friends.

“It would only have to be done once to put the users’ data permanently in the hands of the attackers, with Facebook unable to put the cat back into the bag,” he added.

Facebook’s primary countermeasure against bulk profile harvesting was rate-limiting, i.e., blocking rapid-fire search queries originating from the same Internet Protocol, or IP, address. The unidentified perpetrators bypassed that protection by cycling “through many thousands, or hundreds of thousands, of IP addresses to evade rate limiting,” Zuckerberg said last week. “Facebook’s response to bad news has been more spin than win. When the company found hundreds of Russian fake accounts, it... published statistics that seemed hand-picked to minimize the Kremlin’s reach.”

In an interview with The Daily Beast, Haselton said Facebook never responded to his reports. He says removing the reverse-lookup search was the right move, even if it came five years late. “This is not functionality they had to leave in.”

Facebook removed the email and phone search capabilities entirely last Wednesday. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” wrote Facebook chief technology officer Mike Schroepfer in a blog post.

Overall, Facebook’s response to bad news has been more spin than win. Zuckerberg initially scoffed at the notion that Facebook played a significant role in Russia’s campaigning. When the company finally found hundreds of fake accounts created by Russia’s troll farm it refused to publicly identify them, instead publishing statistics that seemed hand-picked to minimize the Kremlin’s reach—just $100,000 in ad spending, a mere 470 fake accounts. One oft-heard talking point noted “the majority of the Russian ad spend happened AFTER the election,” a stat that wouldn’t have worked if Facebook had cut off the Kremlin seven months after the election instead of 10. Eventually, last October, Facebook reluctantly revealed the number that mattered: the number of Americans reached by the Kremlin’s Facebook campaign—126 million.

There are signs the company is taking a more forthright approach now—when it booted another batch of Russian troll accounts last month, it identified some of them by name, and even showed screenshots of some content. The most promising indicator is Zuckerberg’s voluntarily appearance on Capitol Hill, under oath, where spin has a legal limit.

[Red Badger]

Deleted my account in June of last year....................

[mac_truck]

Enforce the 2012 consent decree that FakeBook is operating under and slap this punk with the biggest fine in US history.

[StAnDeliver]

Hell back then you could scrape FB’s public API for just about everything. Once you friended someone, forget it, sky’s the limit.

[Da Coyote]

Of course the fix is in.
Liberal congress (both Dems and Repubs), corrupt inept press, and Facebook users constituting the most naive and uninformed groups of sheep in the multiverse.

No bother watching the “hearings”. An inept corrupt set of folks who have never had a real job questioning a liberal billionaire who controls them all.

Folks, let’s just cordon off those blue areas on the election map, and starve them.

[Zathras]

One thing about SV Engineers...
They know way more than anyone in Congress or the MSM.
Zuck is going to make them look like fools and get off free.

There is NO WAY the DNC and FB are going to let the rest of the world know what they have been doing since 2009.

[GOPJ]

Zuckerberg needs to understand this:

In the 30’s and 40’s the ‘in’ group “the Elites” hated were Jews.

In the 50’s and 60’s the ‘in’ group “the Elites” hated were blacks.

In 2018 the “in” group “the Elites” hate is conservative traditional Americans.

Maybe Zuckerberg needs to rethink who’s ‘in the community’... and and what ‘groups’ he’s standing with...

[StAnDeliver]

"Google does the same damn operation."

But Google has been paying off the Swamp since almost the beginning: Schmidt was behind Obama's rise, funded a Google DC hq that is the size of the White House.

OTOH, Facebook has been derided in DC for not spreading the same kind of large$$e, because their CEO is a psychotic automaton who disdains politics and politicians.

Gage: "Mr. Zuckerberg, do I have your full attention?"
Mark Zuckerberg: [stares out the window] "No."

Gage: "Do you think I deserve it?"
Mark Zuckerberg: [looks at the lawyer] "What?"
Gage: "Do you think I deserve your full attention?"
Mark Zuckerberg: "I had to swear an oath before we began this deposition, and I don't want to perjure myself, so I have a legal obligation to say no."
Gage: "Okay – no. You don't think I deserve your attention."

Mark Zuckerberg: "I think if your clients want to sit on my shoulders and call themselves tall, they have the right to give it a try, but there's no requirement that I enjoy sitting here listening to people lie. You have part of my attention – you have the minimum amount. The rest of my attention is back at the offices of Facebook, where my colleagues and I are doing things that no one in this room, including and especially your clients, are intellectually or creatively capable of doing." [pauses] "Did I adequately answer your condescending question?"

[subterfuge]

Blah, blah, blah. All”social” platforms have been subverted and are controlled by our corrupt “intelligence” agencies. All this talk and so-called testimony is for show.

[StAnDeliver]

I greatly enjoy how back then, just over a year ago, when I first posted that, and this, FReepers would come on FB threads and literally BRAG about how much time they spent on FB, and what a WEALTH of information was available there.

And now they avoid these FB threads like the plague...

"You are probably going to be a very successful computer person. But you're going to go through life thinking that girls don't like you because you're a nerd. And I want you to know, from the bottom of my heart, that that won't be true. It'll be because you're an asshole."

[grania]

Call me a crazy outlier. I don’t want DC swampthings to pass laws to “protect” us. Those laws in the future will forever curtail freedom of speech. Let the marketplace get Mr. Zuckerberg in line. Let Congress start doing their job, which is saving the US from globalists and crazy liberals.

[DAC21]

Assuming these shenanigans we’re going on in Europe they have a history of issuing big fines, hopefully in the billions

[Red Badger]

FB - Zuckerberg is in trouble with the EU as well...............

[tbw2]

Funny, When Obama Harvested Facebook Data On Millions Of Users To Win In 2012, Everyone Cheered
https://www.investors.com/politics/editorials/facebook-data-scandal-trump-election-obama-2012/

[StAnDeliver]

If you all aren't watching this live, Zuckerberg is sucking wind...badly...

[zeestephen]

Slightly Off Topic...

I was browsing through Google headlines a few minutes ago and learned that Mark Z. was not required to testify under oath...

Try making that happen if you are Conservative Republican business owner!

[PIF]

I watched him answer questions for a few minutes ... the lies were fast and furious ... what a Chinese stooge he is .. but the Senators ate it up and are awaiting more donations from him after he’s done.

[Neoliberalnot]

All of this theft and resale of personal data to the demrats will be blamed on the republicans who have a death wish for the party. The old media empire will further blame republicans and Trump, and impatient freepers will follow the lead putting all blame on republicans and demrats alike. As usual, the demrats, liberfarians, Muslims and leftists will be laughing themselves silly.