A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.
Researchers at VeriSign's iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.
IDefense doesn't know if Kirllos' accounts are legitimate, and Facebook didn't respond to messages Thursday seeking comment. If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from $25 to $45 per 1,000 accounts, depending on the number of contacts each user has.
To date, Kirllos seems to have sold close to 700,000 accounts, according to VeriSign Director of Cyber Intelligence Rick Howard.
Hackers have been selling stolen social-networking credentials for a while -- VeriSign has seen a brisk trade in names and passwords for Russia's VKontakte, for example. But now the trend is to go after global targets such as Facebook, Howard said.
Facebook has more than 400 million users worldwide, many of whom fall victim to scams each day. In one such scam, criminals send out messages from a compromised account, telling friends that the account's owner is trapped in a foreign country and needs money to get home.
In another, they send Web links that lead to malicious software, telling friends that it's a hilarious or sensationalistic video.
"People will follow it because they believe it was a friend that told them to go to this link," said Randy Abrams, director of technical education with security vendor Eset. Once the malware gets installed, criminals can steal more passwords, break into bank accounts, or simply use the computers to send spam or launch distributed denial of service attacks. "There's just a plethora of things that people can do if they can trick people into installing their software," he said.
Kirllos' Facebook prices are extremely cheap compared to what others are charging. In its most recent Internet Security Threat Report, Symantec found that e-mail usernames and passwords typically went for between $1 to $20 per account -- Kirllos wants as little as $0.025 per Facebook account. More coveted credit card or bank account details can go for much more, ranging between $0.85 to $30 for credit card numbers to $15 to $850 for top-quality online bank accounts.
Non-traditional communications devices such as smartphones and game consoles pose a particular problem to law enforcement agencies trying to milk them for forensic data that reveals criminal activity, attendees were told at the 2010 Computer Forensics Show in New York City.
"Forensic tools for cell phones are in their infancy," says Stephen Riley, a forensic examiner with the FBI's Computer Analysis and Response Team. "There's lots of different carriers, different phones, different cables - just try to keep up."Smartphones can communicate via SMS, MMS, mobile e-mail, mobile internet access, VoIP and traditional cellular voice networks, Riley says, making each machine a potential treasure trove of information but also a nightmare maze of possible proprietary technologies to unlock it.
The ready availability of cell phones is also a problem. Searches of suspects' residences can turn up drawers-full of cell phones that are no longer used but never thrown out. Yet they can demand valuable forensic time.
Experts estimate 10 to 15 percent of personal computers in the U.S. have been taken over and harnessed together into powerful illegal computing tools called "botnets." Some experts believe these botnets are so massive that the criminal hackers who run them have more computing power than the U.S. government.
Kevin Mitnick, often incorrectly called by many as god of hackers, broke into the computer systems of the world's top technology and telecommunications companies Nokia, Fujitsu, Motorola, and Sun Microsystems. He was arrested by the FBI in 1995, but later released on parole in 2000. He never termed his activity hacking, instead he called it social engineering.
what is computer hacking in cyberspace?
Criminal computer hacking is any act committed by a person with detailed knowledge of computers who uses this information to accomplish acts of terrorism, vandalism, credit and debt card fraud, identity theft, intellectual property theft, and other forms of computer-related crimes. Computer hacking always involves some type of infringement on the privacy of others or some type of damage to computer-based property. Computer hacking can be done for numerous reasons, including the commission of fraudulent acts intended to secure financial gain at the expense of businesses or consumers
What is Cyberspace? Who Governs and is Governed in Cyberspace? How Does Law Operate in Cyberspace?
The law pertaining to the Internet both profoundly shapes and is shaped by the decentralized, rapidly developing, and even anarchic technology of digital networks. For example, in order to determine whether governments have employed "least restrictive means" in their regulation of Internet speech, reviewing courts must pinpoint the most legally pertinent technological (as well as economic and social) characteristics of the Internet -- characteristics that are often in rapid flux. Conversely, legal regulation of the Internet can exert pressure on technology, by imposing formal state-sanctioned liability rules that favor one form of technological development over another. This section begins by examining some of the legally salient technological characteristics of cyberspace.
This section also addresses some of the basic questions of who governs and is governed by the Internet. Internet technology and social organizations affect the nature of group identity and power-sharing (expressed through formal governments and laws) as well as individual social and political identities. For example, the Internet is arguably regulated as much by non-state entities (such as independent service providers or bodies that set technical standards) as it is by formal sovereign governments. Moreover, individual identities can be transformed through the anonymity, malleability and easy access to public space that are pervasive features of the technology. Private consensual arrangements among individuals and groups, whether by contract or custom, also substitute for formal governance mechanisms.
Finally, law itself is problematized by Internet technology. Traditionally, law involves a centralized sovereign actor that exerts power within its territorial boundaries. However, several features of the Internet combine to disrupt this framework: the instantaneous extraterritoriality of most acts, the lack of centralized power, and the fluidity of geographic or political boundaries. To a much greater degree than with other technologies, the design choices made by engineers will also act as a type of "regulation." This section thus concludes with some of the challenges posed to the concept of law by Internet technology.
I want to write about cyberlaw in this blog so what is cyberlaw ?
Cyberlaw is a term that encapsulates the legal issues related to use of communicative, transactional and distributive aspects of networked information devices and technologies . It is less a distinct field of law in the way that property or contract are, as it is a domain covering many areas of law and regulation. Some leading topics include intellectual property, privacy, freedom of expression, and jurisdiction.
Hi ,This is Mehran I create this blog to write something about cyberlaw.
thanks
Mehran
