The recent attack on Facebook (with almost a billion users exposed to porn and violence spread by spammers), as well as the unreported / undetected attack on Yahoo Finance - with thousands of fake members posting comments against "Occupy Wall Street" (where 5 days ago thousands of possibly fake posters were posting comments in favor of this movement) raise questions about the business value of hiring data scientists, based on the algorithms that they deploy to keep social networks safe.

Another example of a possible attack would consist in 5,000,000 messages being delivered by scammers across multiple social networks within a 15 minutes time period, to recommend some action (buy or sell) against some stock or index. This is far more potent than the stock market scams that we used to see 10 years ago.

So how can this happen? What has changed?

Scammers can open accounts on Facebook, Yahoo Finance, Google+, etc. over a long period of time, either automatically or by paid people from third world countries. Scammers can keep these accounts dormant for years, until some event (e.g. a news about feral humans beings on the loose in NYC) triggers them to react, and to benefit from the event (e.g. politically, or by stealing money).

Detection

In the case of the Yahoo attack, the patterns about poster profiles changed: suddenly, we were seing hundreds of posters with no picture / no profile, the number of comments was growing very fast, traditional posters that did not agree with the political agenda being broadcasted were erased in a matter of seconds (thanks to manufactured unlikes), and the number of posting was growing much faster than what you can expect from a Yahoo Finance article.

On Facebook, similar attacks could be achieved using thousands of dormant accounts awakening suddenly on a same day, automatically (or manually!) posting links (to virus-ladden websites or porn) on Facebook pages and friend pages, in a matter of seconds via tools such as Twitterfeeds. This could be accomplished by dormant accounts that have accumulated thousands of friends over several years, just to deliver an attack on a specific day.

We will publish more about how to prevent these attacks, but for now, let's say that it is critical for social networks to

• Detect dormant accounts
• Detect dormant accounts with many friends
• Terminate dormant accounts