Categories: Breaking NewsHackingSecuritySocial Networks

Facebook Friends Mapper – How to crawl Hidden Friends

Hackers have a new tool in their arsenal dubbed Facebook Friends Mapper that allows them to crawl Facebook Hidden Friends list just in a click.

Facebook users can protect their privacy by setting the “privacy level” for every information related their profile or content they post online.

Users can decide to completely set as private the information in a way it results invisible to other users, even to the user’s friends.

There is an option in Facebook that allows the user to set the visibility of his friend’s list to “Only Me“, the settings allow users to keep the friend’s list hidden from other Facebook users, including users’ own friends.

Unfortunately, there is a flaw in Facebook that doesn’t allow to completely hide information of the user’s profile, including the friend’s list. Even if the user decides to make the friends list invisible anyone can see it. The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns.

The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns.The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns.

The problem for the user’s privacy and security is that it is already available a Free Chrome extension called “Facebook Friends Mapper” that can exploit the flaw to allow to view the hidden friends list in “just one click.”

The Facebook Friends Mapper extension exploits the Mutual Friends feature implemented by Facebook to crawl the social graph and expose hidden Facebook Friends list.

It could be very interesting to explore the friend list of celebrities that obviously hide their friend’s list, it is sufficient a mutual friend to view them.

“Facebook user, whose friends list you want to target, must have at least one mutual friend with you, and doesn’t matter if you are friends with him/her or not.”

The extension is able to discover these mutual relationships and exploit them in an iterative way. With this technique is possible to view the Facebook CEO Mark Zuckerberg even if he doesn’t share his friend’s list, neither an attacker is on his friend’s list.

You can imagine the repercussion on privacy, it’s not a mystery that social networks like Facebook are a privileged tool for cyber espionage, in the past, I have discussed “Social Media use in the Military Sector” explaining how to use it for PSYOPs operations. Many governments use Facebook and other social networks to gather information on persons of interest, the British Government, for example, has announced the creation of the 77th battalion, a cyber unit composed of soldiers familiar with social media.

The use of tools like the Facebook Friends Mapper could improve the efficiency cyber espionage campaign over social media.

The use of the Facebook Friends Mapper Chrome extension is very simple, once installed the extension from Chrome web store, open Facebook Profile of the user that you want to target then it will appear the ‘Reveal Friends‘ option on Friends tab. At this point, you have just to click on “Reveal Friends and Bang!

Facebook Friends Mapper Chrome extension was presented a few days ago, I discovered it thanks to the friends at THEHACKINGNEWS portal.

You can Install Facebook Friends Mapper Chrome extension from Google Chrome Extension Store, but believe that Facebook will soon fix this privacy issue.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Facebook Friends Mapper, Facebook Friends List)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.