Facebook IDs hacker who tried to sell 1.5M accounts
IDG News Service - Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums. According to the investigators at the social networking site, he's guilty of both hacking and hyperbole.
Kirllos was first spotted by researchers at VeriSign's iDefense group a few weeks after he claimed to have an unusually large number of Facebook accounts for sale at rock-bottom prices. According to VeriSign, Kirllos wanted between $25 and $45 per 1,000 accounts, depending on the quality of the Facebook user's connections.
Kirllos appeared to have sold close to 700,000 accounts, although nobody knew for sure if his claims were legitimate, according to VeriSign Director of Cyber Intelligence Rick Howard.
Now Facebook says its forensics team, working with other industry contacts, has figured out who Kirllos is.
"We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor," said Facebook Spokesman Simon Axten, in an e-mail interview.
Axten wouldn't name Kirllos, but he said that the hacker is based out of Russia.
And while Kirllos does appear to have hacked accounts -- probably through a phishing attack or by placing malicious code on victims' computers -- but he probably obtained only a few thousand credentials, Axten said.
By analyzing a sample of hacked accounts Kirllos had made available to prove that his goods were legitimate, Facebook investigators got a picture of what he'd done.
"He did have some Facebook credentials in his possession as we were able to detect suspicious logins on certain accounts," Axten said. " However, the number of accounts found was orders of magnitude less than what was reported. We reset the password on all affected accounts and notified the account owners."
The company also handed over its Kirllos dossier to law enforcement. But if he's based out of Russia, he may never be prosecuted. It's notoriously difficult to arrest Russian hackers, especially if the hacking occurred in another country.
Kirllos disappeared from hacking forums after his offer was made public, and he didn't respond to Facebook investigators when they tried to buy more accounts, Axten said.
Based on what we now know about Kirllos, VeriSign's Howard doubts that the hacker ever really had the 1.5 million accounts. But only Kirllos knows for sure. And he isn't talking.
- Facebook launches redesign with a bit of the old, a bit of the new
- Facebook eyes solar-powered drone company
- Facebook coughs up $19B for WhatsApp's younger users
- Facebook buying WhatsApp for $16 billion
- Facebook's birthday present: A look back at your social life
- At 10, Facebook strives not to be your granny's social network
- Facebook sees apps in its future ... lots of apps
- Facebook hijacks Trending feature from rival Twitter
- Facebook to kill off one kind of ad some users hated
- Facebook uses a seasoned Chef to keep servers simmering
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts