How the Hacked by Mitt Romney page got its name

I’ve seen comments out there about the “cute” URL the Hacked By Mitt Romney page has,

The truth is I would’ve loved to call it simply but Facebook would not let me for some strange reason. As I mentioned before, I went through a ridiculous number of iterations until I landed on the current address, so many of them that I began to take screen shots of the rejections.

You Didn’t Build That

Continue reading

No opting out of Facebook sponsored stories

A few days ago I wondered if Facebook had ignored my “dont-put-my-name-in-ads” Social ad setting when I appeared to endorse Mitt Romney without me knowing. It turns out that Facebook users have no way to opt out of being listed in a Sponsored Ad. Thus Facebook can use your name as fodder for any advertising campaign that is seen between your Facebook friends.

From Facebook’s page explaining Sponsored Ads (emphasis mine):

Sponsored stories
Many of the things you do on Facebook (like “liking” a Page) are posted to your timeline and shared in News Feed. But there’s a lot to read in News Feed. That’s why we allow people to “sponsor” your stories to make sure your friends see them. For example, if you RSVP to an event hosted by a local restaurant, that restaurant may want to make sure your friends see it so they can come too.

If they do sponsor a story, that story will appear in the same place ads usually do or in your News Feed under the heading “Sponsored” or something similar. Only people that could originally see the story can see the sponsored story, and no personal information about you (or your friends) is shared with the sponsor.

Your Show my social actions in Facebook Ads setting only controls ads with social context. It does not control Sponsored Stories, ads or information about Facebook’s services and features, or other Facebook content.

I’m guessing that whomever is hacking accounts for Romney is doing it almost exclusively to put these names in the ads. It’s probably not just to pad the page fan numbers as any old fake accounts could do that. It seems very closely tied to the advertising. Advertising, as I have said before, is one of those things that Facebook tracks very, very closely.

More Romney hacking stories

Got this in last night from a victim of Romney Facebook hacking:

I had been off my Facebook account for about a month, when I suddenly started getting messages from friends that my site had pro-Romney and Republican Party stuff on it! I don’t have a phone that has texting so I had not made a mistake with a mobile phone application.

This is appalling. The Republicans have stooped to violating indivual expression.

And this one came in yesterday:

My mother ran up the stairs and told me my cousn, [NAME REDACTED], is a Romney supporter and had liked his page. At first I thought, she’s older, perhaps it was a mistake.

Literally hours later I got several phone calls from friends, family, and colleagues asking me is I was now “turning”. I couldn’t believe it. Someone had falsely liked Romney’s page under my profile. I have been apart of many events to rally for the Obama vote so imagine the tone of some of those people when they called me. I’ve spent several hours explaining myself. This is a huge violation and I’m not surprised if Romney is behind it.

The sad thing is, my cousin doesn’t even know how to remove a like.

Overnight the Hacked by Mitt Romney page gained 89 more users (Real? Fake? Hard to tell anymore.). I’ve already been Slashdotted, so what other site could be driving traffic? Reddit? Fark? Anyone know?

Smoking gun unlikely in Romney Facebook hacking case

I fell asleep last night with the thought in my mind that there’s not likely to be any “smoking gun” evidence with regard to the Mitt Romney Facebook hacking mystery. I know it happened to me and I know that I can prove that I never clicked on Romney’s page. Beyond that, I can’t speak for anyone else.

All I can do is collect the many stories of people like me who have found themselves signed up for Romney’s page without knowing it. These anecdotes are the most compelling evidence so far and so far they show no signs of slowing.

Romney story gets Slashdotted

I was indirectly “Slashdotted” yesterday when Slashdot posted a link to the Mother Jones story about Mitt Romney Facebook hacking:

Why Do So Many Liberals “Like” Mitt Romney On Facebook?
Posted by samzenpus on Thursday October 11, @02:47PM
from the strange-bedfellows dept.

pigrabbitbear writes “Mother Jones reports that, ‘In recent weeks, a host of liberal types have complained that their Facebook accounts have erroneously “liked” Romney’s page, and some are floating the theory that the Romney campaign has deployed a virus or used other nefarious means to inflate the candidate’s online stature. This conspiratorial notion has spawned a Facebook community forum, and its own page: “Hacked By Mitt Romney” (cute url:’ So what’s going on? Is the Romney campaign engaging in some tech wizardry to hijack Americans’ Facebook pages? Seems unlikely, but Romney did somehow manage to acquire millions of fake Twitter followers. But it looks like the Romney campaign isn’t behind this one — Facebook and its mobile app is.”

Actually, this was a Slashdot story that linked to another blog that linked to the Mother Jones story that linked to my site, so it’s not like MT.Net was Slashdotted. That’s why I didn’t notice a huge spike in traffic at my blog. The Hacked By Mitt Romney Facebook page url of did get mentioned prominently, though, which resulted in 57 new page likes or an overnight jump of 18%.

Of course, I can’t be completely sure these are real living, breathing persons after what I now know about Facebook likes, but that’s what Facebook tells me. Continue reading

Romney hacking victim speaks out

I got this nicely-worded message last night from a victim of Romney’s Facebook hacking who found my blog:

Thanks so much for putting this page together. I just found out that somehow my account had “liked” Mitt Romney and was appalled, so I did some online searching and found your blog, which mentioned this page. If you are still looking for people to be interviewed, I would be happy to join your efforts.

I know that I did not accidentally “like” Romney – not only am I a firm supporter of Obama, but I very rarely use the “like” feature at all. When I use it, it’s always for someone I know firsthand, to support something they are personally doing. I wouldn’t “like” something by accident, because my volume of liking is pretty low. In fact, I hadn’t been on facebook in days at the time my account registered the like (which I have since “unliked” of course).

This is far more sinister that buying fake “likes” – this is using a real person’s account to make statements in that person’s name. I’m not saying Romney is doing this on purpose, but perhaps he has hired some particularly stupid and shady social media consultants. Or perhaps Facebook itself is to blame?
Continue reading

Did Facebook ignore my Facebook ad privacy setting?

Another aspect of being hacked by Mitt Romney has the potential to make me as furious as I was when it first happened. In essence, did Facebook ignore my privacy setting for Facebook “social ads?”

Back when Facebook announced that it would be putting the names of people in your friends list in the advertising it showed you, people howled in protest. I quickly decided I didn’t want to lend my face or name to any Facebook ad so I quickly adjusted my Social ad privacy settings to opt out of this program. Now I’m wondering if my name or face appeared in the Mitt Romney ad and, if so, how that could’ve happened with the way my settings were set.

I will ask the friends who saw me liking Mitt Romney whether my name appeared in an ad or if it was a notification on my timeline. Seeing how I’ve never found any entry on my timeline for liking Romney, I’m guessing Facebook violated my privacy settings.

Interestingly enough, at the time of this post I cannot get Facebook’s Social ad privacy settings page to come up. I’m sure it’s just a glitch, right?

Update 11 Oct 8:35 AM: My “social ads” settings page is still not coming up for me. Very odd.

Why Romney Facebook hacks aren’t from Facebook mobile

With Facebook’s speculation to Mother Jones that hundreds of its users have liked Mitt Romney’s Facebook page mistakenly through their mobile application, I decided to see just what happens when one likes a Facebook ad from the Facebook mobile app. This turned out to be much more difficult than it first seemed because Android apparently has no built-in screenshot capability. I spent over an hour installing and figuring out the Android SDK on my PC before I finally got to the point of taking screenshots.

Yes, it’s a lot of work but, dammit, I need to know.

I fired up the Facebook mobile app on my LG Optimus V phone running Android 2.2.2. Near the top of my news feed was an ad for Samsung (names blurred to protect the guilty!):

Holding my breath, I clicked on the Like button:
Continue reading

Following up on Romney hacking with an expert

I saw that the Mother Jones reporter consulted security expert Bill Pennington on the Romney Facebook hacking. Like any good digital sleuth, I hunted down Pennington’s email address to see what he thought about the situation. Pennington works at White Hat Security as the Chief Strategy Officer.

This afternoon I sent him the following email:

Hi Bill,

I’m Mark Turner, a guy who was contacted by Mother Jones about the Mitt Romney Facebook hacking thing.

I wanted to be clear about my experience: I’ve worked in IT and network security for 20 years. I’m a sysadmin who maintains security on my corporate network. I’m the guy who keeps the others in the office from clicking on things they shouldn’t.

I use Privoxy ad-blocking software on my Linux desktops. I do not click on ads, ever. And I rarely if ever use Facebook’s mobile app because it sucks ass. Yet, somehow I became a fan of Mitt Romney without my knowledge.

Facebook’s Activity Log shows every one of the 400+ likes I’ve clicked on during the life of my Facebook account. It does NOT show me ever liking Mitt Romney. That’s the only Like that doesn’t show up. Even if I screwed up and clicked on something by mistake, I would expect there to be a record of it.

But there isn’t. That’s why I think something hacked my account from the inside.
Continue reading