iDefense, the cyber security intelligence arm of VeriSign, has recently monitored a trend which indicates a significant increase in the demand for hijacked social network user accounts on an international level, with the black market for this personal data growing exponentially in the past year. Rick Howard, director of intelligence at VeriSign iDefense, comments on the issue.
“The increasing exploitation of the hundreds of millions of social network users globally signifies a key shift in focus for cyber criminals. The trend for harvesting information from social networking sites has been around for some time now, however cyber criminals typically limited their attacks to social media sites within their own geography. For example, Russian cyber criminals have, typically, targeted users of VKontakte (VK) – a social networking site popular in Russia, Belarus and Ukraine. The malicious exploitation of VK users is almost exclusively limited to cyber criminals within these nations. However the increasing exploitation of users of popular international platforms is important as it signifies that criminals are becoming more and more internationalised – these sites provide a convenient platform for criminals to expand their trade around the globe.
Information available on social networking sites is stolen by cyber criminals to earn a profit and obtain valuable personal data for various other nefarious purposes, with account details auctioned off in bulk quantities to other criminals and used in the following ways:
· Money transfer scams: criminals log onto a compromised account and, through chat features or posting status updates, attempt to persuade the user’s online friends to send monetary funds for a fraudulent scheme – also known as ‘Nigerian 419’ scams
· Data mining for financial gain: compromising accounts with a large amount of personal data, providing cyber criminals with the opportunity to engage in identity theft to set up fraudulent activities such as bank accounts, wire transfer services or online gambling
· Malware and spam campaigns: stealing login credentials in order for criminals to spread malicious software through popular gaming applications, third-party links containing malware and through other methods for financial gain. Criminals may also harvest e-mail addresses from compromised accounts for spam or phishing campaigns
· Data mining for non-financial purposes: hacking a user account for personal data which may allow a criminal to obtain a driver’s license, passport or another important form of documentation
VeriSign iDefense has uncovered a popular electronic fraud forum where criminals advertise the sale of social networking login details. On this site the user ‘kirllos’ – potentially the single most active criminal vendor of these credentials – claimed to be selling 1.5 million compromised accounts in bulk quantities. Prices depended on how many contacts or friends the user has on the site, costing $25 per 1,000 accounts with 10 contacts or fewer or $45 for over 10 online friends.
Accounts with zero contacts are also popular, particularly for engaging in malicious activities such as the spread of malware, with criminals exploiting vulnerabilities in the sites to execute scripts and attempt to request additional contacts through friend finder tools, often using photos of attractive individuals to gain the maximum number of friends.”
Criminals are intent on maximising the number of methods through which they exploit social network users and the current demand for data on the black market is growing rapidly. Social network members can take the following advice to stay safe online:
1. Use privacy settings to restrict who sees your online profile. The default setting on most social networks leaves them open to public display, so it is important to check this carefully and hide your personal information
2. Avoid sharing personal details, such as your phone number, address or e-mail, on your profile, or sending these out to people you do not trust
3. Remember that all content posted online, even if protected or subsequently deleted, can be seen and captured by everyone from friends to potential employers, so only post what you are comfortable with everyone seeing
4. If you encounter suspicious behaviour from someone on a social network, or activity from a friend that looks unusual, report it to the site’s team immediately
5. Monitor your children’s use of social networking sites and, in particular, who they are interacting with.
