Classifications:

• Attack Method: Insufficient Anti-automation
• Country: USA
• Country: Canada
• Vertical: Internet

Use of robots and automated software against a web site, as long as it is not done in order to break into the site, falls into a grey area. While hard to classify as an unlawful act, it is usually harmful to the site owner and possibly to the site users. Apart from using valuable resources, such an automated access may breach the site's usage license of public information and might also indicate unlawful activity such as using a botnet. Many times it is hard to know if such a blast of requests is a denial of service attack, brute force password cracking or just a search engine crawler.

Going forward we are going to add such incidents to WHID if there is a reason to believe that they are not friendly, even if the actual goal of the attack cannot be easily classified. The Facebook case at hand is a perfect example: while the details are not clear, the fact that Facebook filed a law suit implies that there is fire behind the smoke.

References:

• Facebook vs. John Doe
  Court Document, US District Court, San Jose, CA, 23 October 2007
• Facebook sues Canadian smut firm over hacking
  News Story, The Register, 17 December 2007
• Facebook suing Ontario porn firm
  News Story, The Star, 16 December 2007