IDG News Service - Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums. According to the investigators at the social networking site, he's guilty of both hacking and hyperbole.
Kirllos was first spotted by researchers at VeriSign's iDefense group a few weeks after he claimed to have an unusually large number of Facebook accounts for sale at rock-bottom prices. According to VeriSign, Kirllos wanted between $25 and $45 per 1,000 accounts, depending on the quality of the Facebook user's connections.
Kirllos appeared to have sold close to 700,000 accounts, although nobody knew for sure if his claims were legitimate, according to VeriSign Director of Cyber Intelligence Rick Howard.
Now Facebook says its forensics team, working with other industry contacts, has figured out who Kirllos is.
"We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor," said Facebook Spokesman Simon Axten, in an e-mail interview.
Axten wouldn't name Kirllos, but he said that the hacker is based out of Russia.
And while Kirllos does appear to have hacked accounts -- probably through a phishing attack or by placing malicious code on victims' computers -- but he probably obtained only a few thousand credentials, Axten said.
By analyzing a sample of hacked accounts Kirllos had made available to prove that his goods were legitimate, Facebook investigators got a picture of what he'd done.
"He did have some Facebook credentials in his possession as we were able to detect suspicious logins on certain accounts," Axten said. " However, the number of accounts found was orders of magnitude less than what was reported. We reset the password on all affected accounts and notified the account owners."
The company also handed over its Kirllos dossier to law enforcement. But if he's based out of Russia, he may never be prosecuted. It's notoriously difficult to arrest Russian hackers, especially if the hacking occurred in another country.
Kirllos disappeared from hacking forums after his offer was made public, and he didn't respond to Facebook investigators when they tried to buy more accounts, Axten said.
Based on what we now know about Kirllos, VeriSign's Howard doubts that the hacker ever really had the 1.5 million accounts. But only Kirllos knows for sure. And he isn't talking.
Robert McMillan can be reached at robert_mcmillan@idg.com. He is on Twitter at: http://twitter.com/bobmcmillan
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
