Hijacking MySpace for fame and fortune

A growing number of enterprising people have found a way to exploit the hugely popular social networking site for promotional ends.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
5 min read
Brandon Hoffman has found thousands of friends on MySpace. Not for himself, but for his clients: car dealerships.

Hoffman, who works for KEA Advertising in Valley Cottage, N.Y., has built MySpace profiles for several car dealers. He then contacts other members of the network asking them to be a "friend" to the business, using software tools to target those he thinks might be interested.

"You can become part of their network and develop a relationship. It is better than banner advertising, because you get to interact with the actual potential customer," he said.

Hoffman is one of a growing number of enterprising MySpace users who are using software to exploit the hugely popular social networking site for profit or fame. But the tools they use are controversial. While they aren't illegal, they clearly are designed to get around some of MySpace's security and other restrictions--something the service expressly forbids.

MySpace has become one of the most talked-about sites on the Web. The online community service, owned by media conglomerate News Corp., claims to have about 70 million users. It caters mostly to a young crowd, between the ages of 16 and 25. This hasn't gone unnoticed by marketers, who have used the site to promote music and movies.

"There are a lot of people to be reached and a lot of impressionable minds on MySpace," Hoffman said. "Surprisingly enough, these people want to be 'friends' with car dealers."

Using special tools, marketers and people seeking fame on MySpace can game the system and take advantage of what experts call "unintended features" allowed by the Web site. These features include data mining of profiles on the site and automation of messages to members. It is possible to mine the service to pinpoint MySpace members in particular regions and with specific interests--a punk music fan from San Francisco, for instance. The marketers can then blast out hundreds of requests to their targets, asking them to join their network of friends.

Via a simple interface, the tools also let them send the same comment, which could include a promo, to a mass of member profiles or enable them to mass-mail an invite to an event. There are other features, such as a function that will prevent any messages being sent to abandoned MySpace profiles.

"You are starting to see the beginnings of a huge wave of exploiting Web applications," said Caleb Sima, chief technology officer of SPI Dynamics, a company that specializes in security for online applications. "The sites have not been developed in the frame of mind that somebody can exploit this."

In its terms of service, MySpace forbids such use of tools to add friends. Furthermore, the company doesn't allow use of its Web site for "any commercial endeavors."

"MySpace was created to allow friends to organically communicate, connect and discover shared interests," a representative for the social networking site said. "Any automated use of the system, such as using scripts to add friends, is a violation of the company's terms of use, as they upset the ecosystem of the network and go against the very principles upon which the company was founded."

Promotional tools for MySpace are offered for sale by at least two online businesses, Silent Productions and FriendBot.

Justin Lavoie, the man behind Silent Productions, said the Web site has 1,000 or so customers, including Hoffman and Eek Records, an online music label. On its site, Eek Records says its uses the technology to boost its artists on MySpace. With a high "friend" ranking, bands stand a greater chance at getting discovered and making it big in the offline world.

Lavoie said Silent Productions is working on products to use with networking Web site Friendster and TagWorld, an online music community. Its MySpace software costs between $50 and $75. "It's done well for me," Lavoie said.

On its site, Silent Productions says that its software, such as its automated Friend Request Broadcast, is automatically updated when there are new features or there is "a new change in MySpace to be reckoned with."

Lavoie defended the tools, saying they were designed to run targeted marketing campaigns and help people manage their MySpace presence. "I really believe it improves the quality of the system. I do not see what is being exploited, as it is only ameliorating the current model, not sucking anything out of it," he said.

But they do more than just automate requests. They also get around a MySpace security measure, called a "captcha." MySpace sometimes requires site visitors to read graphically distorted text--often wavy, against a patterned background--and type it into a box. This feature, designed to distinguish between machine and human requests, is typically meant to prevent spamming.

This all falls into the area of tricking Web applications, said Jeremiah Grossman, the chief technology officer at Web application security specialist WhiteHat Security. Such trickery happens quite a lot and often in areas you wouldn't expect, he said. For example, some people use such methods to automate a process to score points on virtual pet Web site Neopets, or to have the top posting on a message board "to gain karma," he said.

"Even online auctions have/had to deal with issues where bidders would trick the system into locking out other bidders," he added.

Lavoie acknowledged that some of his clients have used Silent Productions' software to build popularity or to send spam on MySpace. However, he said the applications fill a gap in the MySpace service, enabling people to manage a large number of contacts. "The tools can be used for good or evil, just as a knife or a gun," he said.

Cherie Roberts, a glamour model and MySpace celebrity, said she has used the software to keep in touch with her MySpace friends--which counted at least 100,000 people when she started using it.

"I couldn't keep up with all of my correspondence, so I did try to appease the people who were asking for some kind of interaction from me," Roberts said. Still, MySpace is a marketing tool for Roberts. "It did help me drive more traffic to my site, and it also helped get my name out to people," she said.

Lavoie said he has received letters from MySpace demanding Silent Productions cease operations. He declined to name any of his customers, and Hoffman doesn't want his names of his car dealers disclosed, out of fear that their MySpace profiles will be deleted.

"These tools are likely taking advantage of the system in a way MySpace did not intend," said WhiteHat Security's Grossman. "MySpace would be compelled to ban those who use these tools."

Yet Grossman doesn't think the tools are illegal. He suggested the best way for MySpace to respond would be not to send cease-and-desist letters but to embrace the apparent demand for such software, he said.

"They should embrace them as a business opportunity," Grossman said. "These tools represent a motivated developer network desiring to improve the immensely popular MySpace platform."