Since the creation of the Internet, websites have been used to carry on the much practiced offline technique of bullying. What used to happen face-to-face, and in school playgrounds, now takes place online on websites such as Twitter and Facebook. The problem is that children today are very well versed in technology, having grown up with it, but have little understanding of the dangers it carries, or of the responsibilities they should have with regards to how they treat others online.
To many, including some schools and some authorities, online bullying seems to be a harmless crime which is completely untraceable.
Facebook, in particular, is a main target for cyber bullies because it allows people to create fake accounts with very little in the way of validation, and to target others without any fear of reprisals. When fake accounts are created in someone’s name, and used to post hurtful photographs or make unpleasant comments towards their intended target, or the target’s friends, it can often be difficult for the victimised party to even find the profile itself, let alone get it removed or bring those responsible to task. With Facebook’s privacy settings, bullies are able to create fake profiles and have them unsearchable, so it’s next to impossible to find them – until they contact you.
Today’s cyber bullies know how to use the technology at their disposal, and believe they’re safely anonymous in their actions. This, of course, is not the case.
The Problem
We recently needed to trace a fake Facebook profile when someone came to us after they had been targeted, and their friends were receiving obscene messages seemingly ‘on their behalf’. The victim of the bullying didn’t even have a link to the profile, they just knew someone had created one claiming to be them and they were sending messages to their friends.
A search around various websites and forums for how to proceed showed that nobody had any real insight into how to deal with this issue, and the general consensus was that Facebook itself could probably get information, such as the IP address of the person responsible, but they would never share it. Finding the identity of the bully was impossible, it would appear.
The Hunt
The first step was to locate the profile itself. Without this, there really was nothing that could be done. Despite the victim’s friends claiming to have received obscene messages, nobody was willing to provide a link to the profile in question – perhaps because they knew who was responsible and didn’t want to get them into trouble, or perhaps because they were scared of reprisals from the online bully. Whatever the reason, this was a dead-end. It also didn’t help that the person being bullied wasn’t even on Facebook, so they didn’t have any connections either.
Instead we needed to trace the profile based on the friendship principle. We knew the people who had supposedly received messages and, by using Facebook’s search facility, we were able to trace one or two of those people on Facebook. Once we had two people, it was easy to scour their friends’ lists and locate the profiles of the others. Before long, we had uncovered a web of profiles, all cross-linked between each other (Facebook does something similar to offer suggested friends as ‘people you may know’). Now, while the fake profile itself was set so that it couldn’t be searched, it was still discoverable from the profiles of the people it had connected with – and some of the profiles we found had the fake profile displayed as one of their friends.
We had found our fake profile.
The Decision
We were now faced with a decision. It would have been easy at this stage to report the fake profile to Facebook, and have it removed. Well, we say ‘easy’, but actually Facebook doesn’t make it easy to report a profile when it isn’t yours if you actually have a Facebook account yourself. When you come to report a profile, Facebook asks if the profile is yours and if you have a Facebook account. It doesn’t allow you to report a fake profile on behalf of someone else if you have a Facebook account, as it doesn’t seem to accept the fact that you might have a Facebook account yet you have a friend who doesn’t.
To report a profile on behalf of someone else, you need to log out of Facebook and say you don’t have a Facebook account. It’s a long-winded process, but it’s the only way to do it if you want to go through Facebook.
However, doing that wouldn’t necessarily help in finding out who created the profile in the first place. It would only serve to report the profile to Facebook and have it deleted. No, instead we needed to be a little more technical.
The Method
Finding out the identity of who created a Facebook profile is, according to most websites and forums, impossible and, using just the tools made available via Facebook, this would be the case. However, using systems we have already developed here at Engage Web (such as our location-based weather system) it is possible to get a lot of information about someone if they just follow a link of our choosing, a link to a page made just for them and containing code developed to gather data about the computer used by the person looking at it.
We’re not going to reveal the code used in this article but, suffice to say, what we discovered should serve to warn people of the dangers of pretending to be someone else online. But how to get someone to click on a link? That’s the difficult part. Surely nobody would be stupid enough to follow a link sent to them by someone they don’t know on Facebook? Well, yes, actually. Confidence breeds complacency and people who think they know what they’re doing online are often very complacent because, after all, who could possible catch them out? They’re the technical experts. They’re the cyber bullies hiding behind a fake profile. They’re untouchable.
Oh, no they’re not!
A message sent to the fake profile, containing a link to a page that harboured our code, was enough to tempt the cyber bully to follow it and give us all of their information. The promise of information about the person they were bullying was more than they could resist.
The Result
Below you will see the raw headers captured by our code when the cyber bully followed the link from Facebook. We have removed the referring URL (which would show the name of the person in the profile) and we have removed the Host URL (the website we used to trap the data). We have left everything else in, however.
Host n11-04-03.opera-mini.net
Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.14004/34.788; U; en) Presto/2.8.119 Version/11.10
Accept ==>> text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1——Accept-Encoding ==>> gzip, deflate——Accept-Language ==>> en-GB,en;q=0.9——Connection ==>> Keep-Alive——Device-Stock-Ua ==>> Alcatel-OT-800——Forwarded ==>> for=\”149.254.58.252:31991\”——Host ==>> www.********.co.uk——Referer ==>> http://m.facebook.com/l.php?u=http%3A%2F%2Fwww.***********.co.uk%2F*************%2F&h=9AQG1O_eu&s=1——User-Agent ==>> Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.14004/34.788; U; en) Presto/2.8.119 Version/11.10——X-Forwarded-For ==>> 149.254.58.252——X-Operamini-Features ==>> advanced, file_system, folding——X-Operamini-Phone ==>> Alcatel # OT 800——X-Operamini-Phone-Ua ==>> Alcatel-OT-800——
So what does this show us? Firstly, we can tell the bully isn’t using a computer. They’re using a mobile phone. We have learned the manufacturer and the model of the mobile phone used to access the website, an Alcatel One Touch 800 (not a common phone). We have learned the IP address of the phone, 149.254.58.252. A search on this IP address in Google tells us the mobile phone is on the O2 Network.
So we have the network, the mobile phone manufacture, the model of the phone and the IP address. This is a lot of data from just one click, and enough for the school itself to begin investigations. However, it’s not enough for us. We need more.
The Facebook Route
This is where the reporting of the profile comes in. Facebook allows you to report fake profiles (once you remember to log out to report a profile of someone else and to say you don’t have a Facebook account). You do, however, need to prove who you are and submit copies of a government issued ID (such as driver’s licence or passport). The response from Facebook to this is usually very fast indeed, just a few days, as Facebook takes matters of cyber bullying very seriously. Once Facebook has reviewed the information given to it and confirmed the profile is fake, its team will act and get it removed.
Imposter Account Information Requests
This isn’t the end of it, however, because you are now able to go a step further and request information about the ‘imposter account’, such as who created it, when it was created, the email address they used, the IP address, when they logged in and even their phone number.
That’s right – you are able to get the mobile phone number of the person who created the fake profile. We bet the cyber bully responsible didn’t think someone could get that information from Facebook.
https://www.facebook.com/help/392746547451046
This sort of information requires even more hoop-jumping however, as Facebook requires something called a ‘notarized statement’ confirming your identity. This is common in the USA, but not something we really have in the UK. However, a signed and dated statement from someone such as a solicitor, policeman or vicar should be sufficient. We used a solicitor, who wrote our notarized statement and stamped copies of a passport confirming the identity. This was then uploaded and accepted by Facebook, and a full document was forthcoming with more information than we could have hoped for.
What Facebook gave us
Facebook sent a document showing the dates, times and IP addresses of every instance where someone accessed the fake profile, every time someone logged in. This document showed when the fake profile was created, the date and time, and it gave us the phone number of the person responsible.
An example of the Facebook data:
IP Address 78.148.183.215
Time 2013-06-13 20:40:37 UTC
Location WAP
IP Address 78.148.183.215
Time 2013-06-13 16:53:09 UTC
Location WAP
IP Address 212.183.128.218
Time 2013-06-07 06:40:47 UTC
Location WAP
IP Address 212.183.128.234
Time 2013-06-07 01:05:34 UTC
Location WAP
From this, we have learned that the person who created the profile either changed their phone twice, or there were three different people – as the IP addresses used belong to Talk Talk and Vodafone, as well as the original O2 mobile we trapped earlier. The fake profile was created using a Vodafone mobile on the IP address 212.183.128.221 at 22:04 on 6th June 2013, and was validated via text using the mobile number 0750 231 0842 (this number currently has a Vodafone voicemail message when dialled).
So, if you or someone you know has been the victim of bullying via a fake profile on Facebook, not only can you have the profile deleted; you can find out who created it, when they created it, when they have logged in, and what their phone number is.
As for the cyber bullies reading this (because we know some will while they Google how to do it, and whether they can be caught) – yes, you can be caught. Yes, you can be traced. The Internet is not anonymous, and bullying is bullying.