Facebook IDs hacker who tried to sell 1.5M accounts
IDG News Service - Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums. According to the investigators at the social networking site, he's guilty of both hacking and hyperbole.
Kirllos was first spotted by researchers at VeriSign's iDefense group a few weeks after he claimed to have an unusually large number of Facebook accounts for sale at rock-bottom prices. According to VeriSign, Kirllos wanted between $25 and $45 per 1,000 accounts, depending on the quality of the Facebook user's connections.
Kirllos appeared to have sold close to 700,000 accounts, although nobody knew for sure if his claims were legitimate, according to VeriSign Director of Cyber Intelligence Rick Howard.
Now Facebook says its forensics team, working with other industry contacts, has figured out who Kirllos is.
"We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor," said Facebook Spokesman Simon Axten, in an e-mail interview.
Axten wouldn't name Kirllos, but he said that the hacker is based out of Russia.
And while Kirllos does appear to have hacked accounts -- probably through a phishing attack or by placing malicious code on victims' computers -- but he probably obtained only a few thousand credentials, Axten said.
By analyzing a sample of hacked accounts Kirllos had made available to prove that his goods were legitimate, Facebook investigators got a picture of what he'd done.
"He did have some Facebook credentials in his possession as we were able to detect suspicious logins on certain accounts," Axten said. " However, the number of accounts found was orders of magnitude less than what was reported. We reset the password on all affected accounts and notified the account owners."
The company also handed over its Kirllos dossier to law enforcement. But if he's based out of Russia, he may never be prosecuted. It's notoriously difficult to arrest Russian hackers, especially if the hacking occurred in another country.
Kirllos disappeared from hacking forums after his offer was made public, and he didn't respond to Facebook investigators when they tried to buy more accounts, Axten said.
Based on what we now know about Kirllos, VeriSign's Howard doubts that the hacker ever really had the 1.5 million accounts. But only Kirllos knows for sure. And he isn't talking.
- Marketers are losing faith in Facebook
- Facebook may lure teen users back with virtual reality promise
- Facebook's Oculus VR buy is about more than gaming
- Facebook spends $2B on virtual reality firm, but analysts are skeptical
- Facebook launches redesign with a bit of the old, a bit of the new
- Facebook eyes solar-powered drone company
- Facebook coughs up $19B for WhatsApp's younger users
- Facebook buying WhatsApp for $16 billion
- Facebook's birthday present: A look back at your social life
- At 10, Facebook strives not to be your granny's social network
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts