Researchers at VeriSign’s iDefense division tracking the digital underworld say bogus and stolen accounts on the Facebook social-networking service are now on sale in high volume on the black market.
During several weeks in February, iDefense tracked an effort to sell log-in data for 1.5 million Facebook accounts on several online criminal marketplaces, including one called Carder.su.
That hacker, who used the screen name “kirllos” and appears to deal only in Facebook accounts, offered to sell bundles of 1,000 accounts with 10 or fewer friends for US$25 and with more than 10 friends for US$45, says Rick Howard, iDefense’s director of cyber intelligence.
The case points to a significant expansion in the illicit market for social networking accounts, he says. Until now, trafficking in the accounts observed by iDefense has been much smaller and confined to social networking sites popular in Eastern Europe, like the Russian site VKontakte.
“We’re seeing this activity spread over to the US,” he said.
Criminals steal log-in data for Facebook accounts, typically with “phishing” techniques that trick users into disclosing their passwords or with malware that logs computer keystrokes. They then use the accounts to send spam, distribute malicious programs and run identity and confidence fraud.
Facebook accounts are attractive because of the higher level of trust on the site than exists in the broader Internet.
As a result, they are more likely to believe a fraudulent message or click on a dubious link on a friend’s wall or an e-mail message. Moreover, the accounts allow criminals to mine profiles of victims and their friends for personal information like birth dates, addresses, phone numbers, mothers’ maiden names, pets’ names and other tidbits that can be used in identity theft.
Last summer, Eileen Sheldon’s Facebook account was hacked and used to send messages to about 20 friends claiming she was stranded in Britain without a passport and needed money. Sheldon, who lives in Marin County in California, had recently been living in London, and one friend, believing the ruse, wired about US$100 to the thieves.
Other friends smelled a fraud and warned Sheldon, who quickly reported the problem to Facebook. Within a few hours, Facebook took control of her account, though it took about two more weeks before Sheldon was able to regain access.
While the accounts that were compromised and offered for sale could be legitimate like Sheldon’s, they most likely also included bogus accounts, Howard said.
SLOW-MOVING STORM: The typhoon has started moving north, but at a very slow pace, adding uncertainty to the extent of its impact on the nation Work and classes have been canceled across the nation today because of Typhoon Krathon, with residents in the south advised to brace for winds that could reach force 17 on the Beaufort scale as the Central Weather Administration (CWA) forecast that the storm would make landfall there. Force 17 wind with speeds of 56.1 to 61.2 meters per second, the highest number on the Beaufort scale, rarely occur and could cause serious damage. Krathon could be the second typhoon to land in southwestern Taiwan, following typhoon Elsie in 1996, CWA records showed. As of 8pm yesterday, the typhoon’s center was 180km
TYPHOON DAY: Taitung, Pingtung, Tainan, Chiayi, Hualien and Kaohsiung canceled work and classes today. The storm is to start moving north this afternoon The outer rim of Typhoon Krathon made landfall in Taitung County and the Hengchun Peninsula (恆春半島) at about noon yesterday, the Central Weather Administration (CWA) said, adding that the eye of the storm was expected to hit land tomorrow. The CWA at 2:30pm yesterday issued a land alert for Krathon after issuing a sea alert on Sunday. It also expanded the scope of the sea alert to include waters north of Taiwan Strait, in addition to its south, from the Bashi Channel to the Pratas Islands (Dongsha Islands, 東沙群島). As of 6pm yesterday, the typhoon’s center was 160km south of
STILL DANGEROUS: The typhoon was expected to weaken, but it would still maintain its structure, with high winds and heavy rain, the weather agency said One person had died amid heavy winds and rain brought by Typhoon Krathon, while 70 were injured and two people were unaccounted for, the Central Emergency Operation Center said yesterday, while work and classes have been canceled nationwide today for the second day. The Hualien County Fire Department said that a man in his 70s had fallen to his death at about 11am on Tuesday while trimming a tree at his home in Shoufeng Township (壽豐). Meanwhile, the Yunlin County Fire Department received a report of a person falling into the sea at about 1pm on Tuesday, but had to suspend search-and-rescue
RULES BROKEN: The MAC warned Chinese not to say anything that would be harmful to the autonomous status of Taiwan or undermine its sovereignty A Chinese couple accused of disrupting a pro-democracy event in Taipei organized by Hong Kong residents has been deported, the National Immigration Agency said in a statement yesterday afternoon. A Chinese man, surnamed Yao (姚), and his wife were escorted by immigration officials to Taiwan Taoyuan International Airport, where they boarded a flight to China before noon yesterday, the agency said. The agency said that it had annulled the couple’s entry permits, citing alleged contraventions of the Regulations Governing the Approval of Entry of People of the Mainland Area into the Taiwan Area (大陸地區人民進入台灣地區許可辦法). The couple applied to visit a family member in