A Conversation About Facebook Hacking

Facebook hacking - Internet scams social media profilesRecently I answered a series of questions via email to a journalist at the Herald newspaper.

How exactly do people hack Facebook accounts and duplicate them? You may be more likely to be a target of scammers and spammers instead of real hackers. Malware is the key ingredient in hacking social media sites. They normally send you a message with a link. The link opens a script, a small software program, which collects passwords from your web browser and sends it to the hacker.

Why do they duplicate the accounts? steal personal information, embarrass their friends etc?

Hackers sell Facebook & Twitter accounts through websites like Fiverr. For example, I go to Fiverr and “buy” 5,000 Facebook LIKES. This is either fake or stolen accounts used to LIKE my Facebook page. The motivation is primarily financial i.e. selling the accounts onto other people. Very few incidents are of a personal nature.

Over the last year has this Facebook hacking becoming more popular? And why?

Facebook has over 1 billion users and is the most active social network. Most people on Facebook have very little experience on the Internet and therefore make stupid mistakes. Since they are inexperienced they fall for phishing or scam emails the more experienced Internet user will not succumb too.

What are some the measures one can take to protect one’s personal information on Facebook?

The best measure is to close your profile. The 2nd best method is to place incorrect information e.g. instead of real date of birth, change the year to something like 1902. Never post your phone number or home address. The more information you post, the easier you make it for hackers and spammers to abuse you. Don’t expect Facebook – the company – to protect your information. They make generate advertising income from your Facebook activities.

What are the dangers of another person being able to access someone’s account?

The dangers include cyber bullying and identify fraud. Identify fraud is a financial risk because bank accounts and cellphone contracts can be opened in your name.

Have the Facebook management implemented any extra security features as a result of the increasing hacking?

Not that I aware. Facebook is a listed company in USA. Their primary focus is finding new ways to generate income not to protect the privacy of their users. In 2010 Mark Zuckerberg said publicly “privacy is dead!”

How would one be able to identify whether your Facebook account has been hacked? And what should one do should one discover that your account has been hacked?

You will notice updates being posted by someone else. The people most disadvantaged are the ones using mobile phones who have a limited display of Facebook features. From a laptop or tablet you can see more of the activities.

Is there anyway of tracking who the individual is that has hacked the profile? If so, how? And who should it be reported to?

In most cases it not easy or possible to track the hacker. You need extremely advanced knowledge of internet security to do so. Since most users are novices online, the best they can do is to change their password. Passwords must be changed at least once every 6 months and include numbers and one special character like @ or #. You must report all spam and scamming incidents to support@facebook.com and abuse@yourisp domain.

Facebook is an easy target for hackers and I believe scammers. Hackers are too busy attacking government sites like Wikileaks have demonstrated. Scammers on the other hand are more focused on data mining i.e. the collection and building of vast databases. These databases are re-sold many times to companies who are not always illegal but unscrupulous if you know what I mean.


Cheap access to corporate computers

By Mark Ward Technology correspondent, BBC News

Cybercriminals are openly selling illegal access to the computer networks of many of the world’s biggest companies. For only a few pounds or dollars, fraudsters and scammers can get the login in details for a server sitting on the network of a Fortune 500 firm.

Those renting access can use the machine to carry out their own scams, such as sending spam, or use it as a springboard for a wider hacking attempt on a big company. The network access is just one of a wide range of cybercrime services now available on the underground economy.

Called Dedicatexpress, the hacked server service was uncovered by security researcher Brian Krebs who spent two weeks tracking down the site, accessing its forums and getting hold of a list of the corporate networks to which it offered access.

Currently, the site has about 17,000 servers available but he estimates that about 300,000 have been listed since the site started in 2010. Since Mr Krebs wrote about it, the site has changed to become member-only.

Spam funnel

Mr Krebs said the site was acting as a broker on behalf of hackers who had already won access to the networks as a result of separate attacks.

“It seems to they are gathering these from people who are selling them to the service,” he told the BBC.

“They maybe individual hackers that have no use for these but know they have value and are re-selling them.”

The servers listed could prove useful to spammers or other fraudsters who want to use corporate resources, which typically include high speed net links and powerful computers for their own ends.

Dedicatexpress puts some restrictions on what customers can do with some hacked servers, said Mr Krebs. Paypal fraud, online gambling and dating site scams are among activities banned on some.

While openly offering hacked servers for sale may be a surprise or a shock to some, Mr Krebs said it was likely that the computers had been compromised for a long time.

“My sense is that a lot of these systems are probably abused quite a bit before they get to this point,” he said. “They may have been wrung out in other ways before they are sold to a service like this.”

The first cybercriminal or hacker that won access to the server probably used it for their own ends, he said. That might have involved stealing company secrets, using it as a server for a phishing scam or to funnel spam through.

“These could provide someone with full control of a machine which is on the inside of a major corporation’s network,” said Yuval Ben-Itzhak, chief technology officer at security firm AVG. “They can be used to attack machines outside of the network under the disguise of a trusted company.”

Mr Ben-Itzhak said it was easy for firms to stop cyber-thieves winning access if they changed default passwords and made sure those they did pick were hard to guess. Anything else, he suggested, was just being “sloppy”.

Underground express

Rik Ferguson, director of security research and communications at Trend Micro, said the existence of Dedicatexpress showed how sophisticated the underground economy had become.

“That’s the beauty of digital crime as far as the criminal is concerned,” he said. “It doesn’t have to be exclusive, the same ‘stolen goods’ can be sold and resold with no deterioration in quality, whether that is intellectual property, credentials, stolen accounts or network access.”

Dedicatexpress was just one of many, many sites run out of countries in Eastern Europe that made up the underground economy, said Mr Ferguson.

A report by security firm Trend Micro showed that Russia was at the centre of this widespread criminal economy in which any and every cybercrime service is on sale – at a price. The rates being charged for the various services, including everything from hacking corporate mailboxes to sending junk texts, were detailed in the report.

One of the most expensive services on offer on the underground was the purchase of an entire botnet for about £435 ($700). A botnet is a network of hijacked home computers that a hacker has compromised. The computers on this network can be plundered for saleable data or used as proxies for spamming campaigns or phishing attacks.

If buying a botnet is too expensive, renting one for an hour can cost as little as £1.20 ($2), and sending a million emails out via it would cost about £6. The Trend Micro report found that custom hacking jobs were more expensive though unlikely to break the bank. For instance, hacking a Gmail, Facebook or Twitter account would cost about £100.

Cybercrime in Russia had long ceased being a “hobby” for hackers, said Mr Ferguson, and had become a way of life for many criminals who were making a good living from their nefarious deeds. Brian Krebs said he was no longer shocked by the scale and sophistication of the hi-tech crime economy.

“A few years ago I would have been,” he said. “Now? Not so much. There are just so many of these types of services out there and these hacked servers are very widely available.”

source: BBC


Operation Facebook, Hacktivists Rise Up!

Over the years I’ve noticed a love-hate relationship with Facebook developing. On the one hand, it seems like a marketing dream. On the other hand it’s a parent’s worst nightmare. When you consider the amount of information Facebook can now access via a user’s cellphone it indeed becomes scary. Smartphones with their tight integration into social networking sites allow for much more access to be shared than most users imagine. Every application you install on your phone has your implicit permission to access your data.

Anyway, a hackers group, Anonymous, is promising to take down Facebook on Guy Fawkes Day, 5 November. And the story has picked up attention from Gizodo, Business InsiderVillage Voice. As a long time Internet users, and privacy advocate, I see their intention as good. However, as a former IT Security professional, I seriously doubt their ability to bring down Facebook. If anything they may cause a denial of service for an extended period. However, the next day, all the server should be back up and running. With the kind of investment Facebook has received, there is no doubt they won’t protect their assest, the user data with numerous backup strategies. So time will tell whether the prolific hacking group, Anonymous will succeed in their attempt to kill Facebook.

All this reminds me of the scene at the end of The Truman Show. As he accepts his freedom, the two security guards who’ve been avid fans, just look puzzled, and say to each other, “I wonder what else is on tv….” Whether Facebook lives or dies, this is the likely response to by the masses, “What else is out there?”