Welcome to the MacNN Forums.

Andy8 · Apr 25, 2010, 09:36 PM

Facebook hacker claims to be in NZ - Connect - NZ Herald News

A Russian hacker who says he is living in New Zealand attempted to sell the login details of millions of Facebook users - an unprecedented attack on the world's biggest social networking site.

Detectives from the National Cyber Crime Centre are investigating whether the hacker Kirllos is using New Zealand as a base to commit internet fraud.

Kirllos is offering the user names and passwords of 1.5 million Facebook users for between $35 and $62.70 per 1000 accounts sold on an underground hacker forum.

The New York Times reported that the login details of as many as 700,000 Facebook had already been sold.

Buyers are told to contact Kirllos through the ICQ instant messaging service, which lists his address as New Zealand.

At least one New Zealander had his details listed on a hackers' forum in February when Kirllos put 100,000 accounts up for sale.

Many New Zealanders are feared to have been caught up in the latest scam.

Detective Senior Sergeant John van den Heuvel, from the newly formed cyber crime unit, said they would be joining forces with overseas law enforcement agencies to try to trace the hacker.

He said: "We will be liaising with our international colleagues. First step will be to contact the FBI and see what they have on this already."

Little is known about Kirllos, although his ICQ account says he is a 24-year-old who was born in Russia and speaks English, French and Russian.

NetSafe New Zealand executive director Martin Cocker described him as a "wholesaler".

Explaining how the scam works, Cocker said international fraudsters would buy the Facebook details to try to get into user's bank accounts.

He said: "It's pretty raw information he is offering. Some people might have since changed their passwords or it's no longer relevant. It gets sold into blocks of information to others who then use it. At the end of the day the goal for these people is to make money."

Cocker warned Facebook users who receive a message from friends telling them to "check out a link" to use caution, as this could be from a hacked account.

He said by following the link, hackers can install software and gather information to access bank accounts.

He said: "People are more likely to click on a link if it has been sent from a friend.

"They are using trusted accounts to exploit people."

The account information likely came from malware software secretly installed on people's computers which sent information to the hacker.

The scam was first spotted by US-based researchers at VeriSign's idefence.

VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold.

Kirllos would have earned at least $25,000 from the scam.

Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, however a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.

Internet experts have warned that Facebook users are the targets of a huge increase in cyber crime.

Those people still using Facebook, may want to update your passwords a bit more often.

Doofy · Apr 25, 2010, 09:46 PM

Originally Posted by Andy8

Those people still using Facebook, may want to update your passwords a bit more often.

Here ya go:
Password Generator 1.0 software download - Mac OS X - VersionTracker

AKcrab · Apr 25, 2010, 09:50 PM

I can sell my facebook account? Link please!

ghporter · Apr 25, 2010, 10:09 PM

I change passwords for things like Facebook randomly. I just did, in fact. A good, random password that is changed at not-too-regular intervals is a very strong way to protect one's privacy.

Doofy · Apr 25, 2010, 10:13 PM

Originally Posted by ghporter

I change passwords for things like Facebook randomly. I just did, in fact. A good, random password that is changed at not-too-regular intervals is a very strong way to protect one's privacy.

Now there's an app idea for some enterprising young geek... ...something which generates and changes yer social passwords at random intervals then tells Safari about the change (and writes the new pass to a text file in yer Docs directory for safety).

imitchellg5 · Apr 25, 2010, 10:17 PM

I like the notion that I could sell my Facebook account for $35. I also like that there are apparently "Russian underground hacking magazines" and that a "NetSafe" directer has what sounds to be a pr0n star name.

imitchellg5 · Apr 25, 2010, 10:18 PM

Originally Posted by Doofy

Now there's an app idea for some enterprising young geek... ...something which generates and changes yer social passwords at random intervals then tells Safari about the change (and writes the new pass to a text file in yer Docs directory for safety).

1Password?

Doofy · Apr 25, 2010, 10:25 PM

Originally Posted by imitchellg5

1Password?

I've not used it. Does it change yer password at random intervals without you having to remember to do so?

imitchellg5 · Apr 25, 2010, 10:26 PM

Originally Posted by Doofy

I've not used it. Does it change yer password at random intervals without you having to remember to do so?

I believe that it can generate a password at random and alert you to change it... I haven't used it since the beta days though, so perhaps someone more experienced can chime in.

Big Mac · Apr 28, 2010, 07:47 PM

If true, I'd like to know what security flaw is being exploited to make this hack possible.

Laminar · Apr 28, 2010, 09:25 PM

Originally Posted by imitchellg5

I like the notion that I could sell my Facebook account for $35. I also like that there are apparently "Russian underground hacking magazines" and that a "NetSafe" directer has what sounds to be a pr0n star name.

Good job at math.

Kirllos is offering the user names and passwords of 1.5 million Facebook users for between $35 and $62.70 per 1000 accounts sold on an underground hacker forum.

scaught · Apr 28, 2010, 09:37 PM

Oh dear. Not my facebook account.

imitchellg5 · Apr 28, 2010, 10:06 PM

Originally Posted by Laminar

Good job at math.

Good job at assuming I only have one Facebook account.

Laminar · Apr 28, 2010, 11:34 PM

Originally Posted by imitchellg5

Good job at assuming I only have one Facebook account.

Good job at English.

Originally Posted by imitchellg5

I like the notion that I could sell my Facebook account for $35. I also like that there are apparently "Russian underground hacking magazines" and that a "NetSafe" directer has what sounds to be a pr0n star name.

imitchellg5 · Apr 29, 2010, 12:26 AM

Good job assuming I care to proofread everything I post on the internet.

Laminar · Apr 29, 2010, 12:49 AM

Good job backpedaling.

Macfreak7 · Apr 29, 2010, 12:58 AM

Good job derailing.

ghporter · Apr 29, 2010, 06:39 AM

Shall we get back to the subject?

Who here that has at least one Facebook account hasn't already changed the password for it? As I posted above, I changed my password as soon as I heard about this issue.

Paco500 · Apr 29, 2010, 08:10 AM

Originally Posted by ghporter

Who here that has at least one Facebook account hasn't already changed the password for it? As I posted above, I changed my password as soon as I heard about this issue.

Me. 2 reasons.

1. I live on the edge.
2. If someone wants to hack my facebook account, fine. It may make it seem to my old high school friends I've suddenly become interesting.

imitchellg5 · Apr 29, 2010, 11:33 AM

Yeah, I haven't changed my passwords and I'm not going to.

Andy8 · Apr 29, 2010, 07:39 PM

I do not use Facebook.