How To Detect A Potential Facebook Hijacker

Account hijacking really exploded on the Internet scene lately with the release of the Firesheep extension for Mozilla’s Firefox web browser.

The Hijackers Toolkit

Firesheep is really just a very automated way to use a technique called session hijacking that has been around for a long time. What happens is that when you connect to various websites (this problem isn’t limited to Facebook but it’s a popular example) a small file is created on your system related to that particular session. Maybe we can think of it like a movie ticket or ski pass. It’s a pass for a session of cinema enjoyment or shredding on the slopes right?

Well any prankster or malicious person can download the Firesheep extension which is then added onto their Firefox web browser. If the prankster \ villain activates Firesheep while their computer is connected to an open network like you’ll find in cities everywhere, Firesheep will attempt to grab the virtual, digital “ski passes” floating around on the network. It can then use this pass to impersonate you when connecting to a website.

The villain (I’m tired of calling him a prankster \ villain so we’ll just say he’s all evil) is given a list of available people to impersonate which looks similar to the list of friends available for chat in IM. Click on anyone from the list and a connection is made to Facebook or whatever site the victim is using. Get this though: it’s made with the victim’s “ski pass” so the website lets the villain into the account just like it would the authentic user. It’s as if two people are on the slopes using the same pass but the ticket checker at the lift doesn’t know the difference.

From there it’s a simple matter to mess with account settings, post embarrassing updates and so on. More than embarrassment is at stake though. Remember the stories about people getting fired for things they put on Facebook or MySpace? People have been investigated by the cops for tweets as well.

How Can I Detect A Hijacker?

Okay, you get the idea that bad things can happen and how they happen. What’s a simple and free way to detect villains trying to find someone to impersonate?

Shortly after the popularization of Firesheep a company called Zscaler came out with a detection add-on for Firefox called Blacksheep. You have my sincere apologies for all these name permutations. I didn’t come up with them!

Blacksheep creates fake session information (a fake “ski pass” to continue with our example) and sends it floating out on the network. Firesheep essentially grabs these fake passes and asks for more identifying itself in the process. Really?! What would you expect to happen if you walked up to a stranger and asked insistently for his ski pass a couple times?

When Blacksheep has detected an active Firesheep villain it then throws up a notice telling you “Somebody is using Firesheep on this network…”. That’s your cue to avoid logging into any accounts that could be hijacked such as:

  • Facebook
  • Twitter
  • WordPress
  • And so on…

Beyond Detection

For real security and protection from hijacking attempts like this you want to use a Virtual Private Network (VPN) or connect only over a Wi-Fi connection that has WPA security enabled. Most public wireless is completely open \ insecure so if you do a lot of surfing at Starbucks or another public hotspot you’ll want to consider getting VPN service. Check out the Topics section for other posts on actually protecting your system from this kind of snooping instead of just detecting attempts.