Facebook IDs hacker who tried to sell 1.5M accounts
IDG News Service - Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums. According to the investigators at the social networking site, he's guilty of both hacking and hyperbole.
Kirllos was first spotted by researchers at VeriSign's iDefense group a few weeks after he claimed to have an unusually large number of Facebook accounts for sale at rock-bottom prices. According to VeriSign, Kirllos wanted between $25 and $45 per 1,000 accounts, depending on the quality of the Facebook user's connections.
Kirllos appeared to have sold close to 700,000 accounts, although nobody knew for sure if his claims were legitimate, according to VeriSign Director of Cyber Intelligence Rick Howard.
Now Facebook says its forensics team, working with other industry contacts, has figured out who Kirllos is.
"We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor," said Facebook Spokesman Simon Axten, in an e-mail interview.
Axten wouldn't name Kirllos, but he said that the hacker is based out of Russia.
And while Kirllos does appear to have hacked accounts -- probably through a phishing attack or by placing malicious code on victims' computers -- but he probably obtained only a few thousand credentials, Axten said.
By analyzing a sample of hacked accounts Kirllos had made available to prove that his goods were legitimate, Facebook investigators got a picture of what he'd done.
"He did have some Facebook credentials in his possession as we were able to detect suspicious logins on certain accounts," Axten said. " However, the number of accounts found was orders of magnitude less than what was reported. We reset the password on all affected accounts and notified the account owners."
The company also handed over its Kirllos dossier to law enforcement. But if he's based out of Russia, he may never be prosecuted. It's notoriously difficult to arrest Russian hackers, especially if the hacking occurred in another country.
Kirllos disappeared from hacking forums after his offer was made public, and he didn't respond to Facebook investigators when they tried to buy more accounts, Axten said.
Based on what we now know about Kirllos, VeriSign's Howard doubts that the hacker ever really had the 1.5 million accounts. But only Kirllos knows for sure. And he isn't talking.
- What to expect in Facebook's earnings call today
- Could you quit Facebook for 99 days?
- Facebook is a school yard bully that's going down
- EPIC says Facebook 'messed with people's minds,' seeks FTC sanctions
- 7 things you need to know about Facebook's mood experiment
- Facebook emotional manipulation test turns users into 'lab rats'
- Facebook tries to stop Snapchat drain with Slingshot
- TMI! Facebook moves to stop over-sharing
- Inside Facebook's brilliant plan to hog your data
- Facebook shows mobile app developers the money with new ad network
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!