Facebook has turned to the courts for help in scraping off a pesky spammer who allegedly keeps coming back to do things like hijack victims' accounts and automatically post celebrity porn, including a fake Justin Bieber-Selena Gomez sex tape.
According to a complaint Facebook filed on Friday in the US District Court of the Northern District of California, the defendant - Christopher Peter Tarquini, of the US state of New Jersey - is allegedly a "recidivist" spammer who's inundated the site with messages purporting to link to pornographic celebrity images.
Facebook says that when users clicked on the posts or their racy images, the messages were then automatically shared with the victims' Facebook friends.
Meanwhile, Facebook users' browsers were being redirected to marketing websites that paid Tarquini and his associates for the traffic.
From the complaint:
In short, Facebook users who clicked on Tarquini's deceptive messages immediately, and without their knowledge or consent, became unknowing participants in and victims of Tarquini's scam.
Facebook says it spent thousands to track Tarquini down and stop the alleged scam.
But even after Facebook notified Tarquini that he was breaking Facebook's rights, and even after it yanked his Facebook account and told him he was no longer authorized to access the site and services, he kept right on doing what he was doing, Facebook said in the complaint.
Facebook terms prohibit a slew of things that Tarquini is accused of doing, including:
- Posting pornographic content,
- Collecting users' information without their consent,
- Using Facebook to do anything unlawful or misleading,
- Creating a new account after a prior account has been disabled, and
- Soliciting login information or accessing somebody else's account.
According to Facebook, Tarquini designed software scripts to trick users into handing over their access tokens.
With those access tokens, Facebook says that Tarquini and his associates could take over others' Facebook accounts and post content that, when clicked, redirected users' browsers to third-party websites.
In February 2013, one such script, called "Jacked", automatically posted messages, images and links to the bogus sex tape featuring Bieber and Gomez.
Users who clicked got sent to a site off Facebook that featured a doctored, blurred image of what looked to be the celebrities, designed to look like a still shot from a video that might be clicked on to watch a supposedly leaked sex tape.
But when users clicked, what they got was a prompt to grant access to the user's Facebook account.
Jacked presented users with a "Verification Code" that purportedly verified whether the user was human but actually tricked them into copying and pasting in their access tokens.
With that, Facebook alleges, Tarquini was able to hijack users' accounts and to further spread the scam by posting links to the bogus sex video.
Facebook sent Tarquini a cease-and-desist letter in March 2013, revoking his permission to use the site, services or platform, and disabled his Facebook account and applications.
According to Facebook, Tarquini responded, confirming that he had indeed created the devious software script:
Tarquini responded to the March 11 letter and admitted that he had created the Jacked script that was used in the Bieber/Gomez spam campaign; admitted that he had distributed the script to a number of associates; and admitted that the Bieber/Gomez spam campaign redirected users to a non-Facebook website.
As news of Tarquini's work splashed across headlines, Facebook says, the news besmirched the social media network as it "tainted and continue[s] to taint the Facebook experience for Facebook users."
Still, Tarquini turned around and created a new Facebook application, Facebook charges - one called the Fly Photo Editor. That one violated Facebook terms by serving unauthorized third-party ads, Facebook says, so it shut it down.
So Tarquini made another Fly Photo Editor, Facebook alleges, and that one does the same thing that the first one did.
Facebook is asking the court to get a jury trial going so as to swat this irksome fly. Facebook also wants to be reimbursed for its botheration, and it wants Tarquini to hand over proceeds from his alleged scams.
Tarquini faces charges of breach of contract and violations of state and federal computer laws.
Note that Tarquini's alleged scam differs a bit from the one Naked Security reported on in February.
That scam also used a purported Gomez/Bieber sex tape to lure Facebook users, but it wound up leading to a survey scam.
It's not clear if the two scams have the same author, but either way, the lesson is the same: Don't trust your Facebook friends.
They may be sharing links and stories that simply aren't true, including the phony "Justin Bieber died in a car crash" Facebook scam from March.
Then again, they may have rashly clicked on a supposed sex tape, had their accounts hijacked, and not even be aware what rubbish their newsfeeds are showing you.
Be careful clicking out there - scammers know which of our buttons it pays to push, and obviously, many of us have very large buttons labeled "Justin," "Selena," "sex" and "porn."
If you use Facebook and need help fine-tuning those buttons, you can stay on top of the latest attacks by joining Sophos's Naked Security Facebook page.Follow @NakedSecurity