Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Whats Bugging eBay?



 By: Lisa Vaas
2007-03-06
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Whats Bugging eBay?
  2. ' Page 2 '

Rate This Article:
Poor Best
Whats Bugging eBay?
( Page 1 of 2 )

Updated: The auction behemoth is being skewered by Vladuz, the Romanian impaler, and the e-villagers are whispering that he's sucking customer and service rep account lifeblood directly from eBay's internal data

The eBay villagers are whispering that he can creep through eBays internal databases and suck the lifeblood of customer accounts—log-ins and passwords—right out of their pulsing, 222 million-plus customer heart. Hes putting up bogus listings as fast as eBay can take them down, and that proves hes walked through a security hole as big as a barn door.

No, eBay insists, this hacker, this Romanian wiseguy who goes by the handle Vladuz, is "nothing new." Hes just another phisher, says eBay spokeswoman Catherine England, one of hundreds the huge auction site has to deal with constantly.

He may be getting loads of publicity from posting onto eBay forums as a service rep and taunting eBay—"Durzy is full OF sh*t," he wrote about eBay spokesperson Hani Durzy in a February posting after Durzy said that Vladuz had not accessed internal systems. But that just means he got lucky once and hit upon an internal e-mail that had a screenshot containing customer service reps e-mail account information, eBay maintains.

Some eBay watchers attribute eBays recent crackdown on cross-border sales to the recent spike in hijacked accounts. The spike in traffic might not be wholly attributable to Vladuzs work, but he or she is being credited for most of it. The multitalented hacker is leaving a calling card behind with his or her name, spelled backwards, attached to malicious code injected in live auctions. Hes taunting eBay by posting to its forums as a customer service rep. His name is associated with a company name that is in turn associated with eBay hacking tools being found for sale online.

Hijacked accounts occur after phishers weasel log-in names and passwords out of legitimate eBay account holders and then use them to run auctions that look like theyre taking place in a country with a reputation for legitimate sales, such as the United States or Canada.

Resource Library:

This is nothing new, but eBay watchers say the number of hijacked accounts and their changed behavior makes it begin to look as if somebody had set up tools to automatically skim customer accounts from eBays internal accounts—and such are Vladuzs reputation and braggadocio, at this point, that experts believe he or she could be responsible.

eBay watchers say the trigger for the spike was eBays recent crackdown on counterfeit goods being sold from countries notorious for it, such as China. Like rats leaving a sinking ship, the thinking goes, crooks such as Vladuz are turning to hijacked accounts because the counterfeit e-business has gone belly-up.

eBay retools its technology platform to scale for rapid growth. Click here to read more.

"In the last few months, eBay has really taken a look at the trust and safety of our marketplace and our Web site," England told eWEEK. "Weve been incorporating a lot of new measures. My understanding is its been a little frustrating for this fellow. Hes spent some quality time poking around our site and trying to find a way in. He did find access to a small amount of customer service rep e-mail accounts. He used those to go on discussion forums, as a pink—when an employee posts, its highlighted in pink. He did that in an attempt basically to say, Ha ha, look what I did."

Lies, lies, lies, says online auction activist Rosalinda Baldwin, who runs an auction watchdog group called The Auction Guild (TAG).

"Theres always been phishing [attempts to get account information and second-chance offers made to bidders who didnt win] and other fraud going on," she said. "It became huge mid-December [when eBay began to prevent Chinese sellers from selling to eBay U.S., eBay Canada, etc.]. It seems to have been the trigger: [The collection of phishing attempts and hijacked accounts] went from one without pattern to one" that definitely showed a pattern, she said.

"I know eBay pretty well," Baldwin said. "They can use all the excuses and lies they want, but they have yet to explain how what is happening on this site could be happening if what Im saying is not true: that somebody has access to the back end."

Quantifying the hijacking of accounts is another eBay watcher, Genie Livingstone. Livingstone is a PHP programmer and runs the Internet host and domain name registration site Dotyou.Com.

Heres an example (check out the five links at the bottom) of the Web monitors, based on RSS eBay tools, that Dotyou.com is using to track eBay scam auctions in real time. Livingstone is also tracking eBay listing totals on MedVed.net.

What shes found for the past few weeks is that the daily count of eBay listings has been "a series of sharp spikes of 1 [million] to 3 million items, instead of the usual gradual curve that reflects items being listed and sold," she said.

The seesawing appears, she said, "as if someone is flooding the site with hacked listings that eBay is pulling down, only to have them immediately relisted, only to have them pulled down, etc., etc."

eBay adds 10 terabytes of new storage every week. Click here to find out how it manages all that storage.

This is MedVeds graph for eBay listings in February 2007, compared with February 2006. Notice the seesawing that begins on Feb. 22, 2007, with sharp increases and decreases that are of equal value, as if the same number of listings are being posted, delisted and posted again, in multiple daily cycles.

eBays England said that she looked into site activity over the past six months and found "absolutely no significant movement in number of account takeovers." However, she has not yet looked into the flux of listings numbers, she said.

Still, she insists, theres nothing new to see here, even if Livingstone credits eBay with having perfected automated tools to remove the bogus listings, which recently have been coming down after only 30 seconds.

"Weve had a variety of automated tools in place for a long time," said England, in San Jose, Calif. "This is nothing new. I wish I could say its some big, exciting thing. Its your standard, typical phishing scam thats been happening a long, long time. I think this person, because [he or she] went on discussion boards and posed as an employee, it got more attention. The reality is these scams have been around years and years. As [we] shut these guys down, they adapt. Theyre obviously intelligent people. But as they evolve, so do we."

Next Page: Vladuz gets Dotyou.coms attention.





  Reader Comments: Whats Bugging eBay?
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}ks8q8c=mGm9֎ey-%L*EB%);'ΗSOx-ɞbKB޻$\i9u͹M55|zoч`HRsoޅ,36 @FoRQP Ġxnwݶ&N`P'~ > \?g3U;Y|b(cѺQQyIږyL6GǮJ;ߣ*#7 ݙx8/DeO؀HYɼM"x<&j>wn3 w2 X]~D4ٮq8]b'*#O^3jb㥨H aP`\ 9t} vu#wJ;qy'M8NfQ% F:rm3Ck>LNZ]BZ3ˆ辥$)5= \o4"1lp2rH n> Ոj%5ᆑO?IƒN8CYnݰ뺷}=-:ҍ}4 .j.9b6ԃ)P2zhN4,2QɲnMwͰ-P6cMTjR>sو&lXaV|YkUV7`Kk'^ϟg6~l M u ôW+ZᇳuLCxe$Y-bн$ | ,-)Tthi,E[T}N}W%M 1F|r/E KH@!}F!8N0Apl/\f~]LÓQwڪ9Q[' k+\M]2#-+}י4ۭ_=mmPqJ"0"-$]evrc\kۛZzϏRq^TU G&-d`q86acBݤc}nE=><g 6aϨ>|鎓z>:AGAtišh4/P7h`C:ҋ;LZ  'pbdx: }# 0f4LH"AЂMtT8n]`2Z9<({ hk= `DykwKGHb1(զAp{Tg,zC  lm^l}d`1 >5%G;r-FaA.O)))/H.BD(ZH"!Aly [$t Xdd++~CavGBj+'"Pl=!đtNܡZ|M4aGe-n^ d3#Cdd0u Q򍜘U{2l` -z'$g: 5$!.*<3>zn4 Iߵ)YAaEдBkpJAqy`]@kt<͙qjS;_A:\!4Lh,G7uyE"y* ,q;rd:*BZzI۶h \MmEc7˅L< +׬uPL g<)*[hs<(:(Os1r@@SjqH1g0d0{V@q=137RtgZC+>q^i:[\g˦zkfXؽ/ 7J@2KmVJ*,F6@1V_Xvo jQtTV0&Tdm6fZdžJ>]!1Ada:(uCaC+%UVLLXVȣJ^(fMڹcK l@ r;4 pp2wbbˡB2aNS}6%}r;C\?C)yRvn \S ˀ%\< MM̌>X[ "W@( K (}1tJ]{1,Y^.WV°']5&A(zpD'@pl`0R=&Ŀuosj1&?NՊRR4'`/#Y% /m0ܱkC>fDugA`WKCKMqέ׳ӐPS@ b^,(t=(U+_z1FBn? %hTfJf,`\.xJRE} xܭSRj(2DZޙ(@Syv{2$u`n\>(gpHl`_t`@B^% &@S^apEk ZC疪bdF܌wц.;P,'8Aò?DJSc O}ܸ~?CÜU^oVSxw$ZTtCjv\Vk8;z4;Aq̻( K r@,zSAqf -2/Rһ};݁\r/|pZNa"O`%Opv[}@ 3de`Syt$ d=X0n !h_7`sg'(bh6B\4<`S(z`0dnZ=7wE-~O9ͨ14`V nCזG$?GφL MafFžiJ^Rk{9k`6DcD H!S2!:е%ԒJg c{|XB!lڊ7*8e$ߌcSRg,[dקW\JW>67^Goz,>,shse-s @J>Zހ P{jV_H_gq&&F}YDӇjZ%5ߗ F)E>|6Œ3(klm砦3fuqïVf7Йr7uO`u<XqL &sZcdE;`3"qubGymvrO$М O] -v4!eʊt0FNyX!6 kq0n"8wDA۽S\Kߋ> P5uRQX\u@VI^A ұg /@C׳@.l̼ITCGTUeH4yģT3#y $6-.wEZЋѶ E5bn1gSNYfy0wjj_8aqVZUR U!7T^>x_7)~TC~mAB&節e 2(n[ UrTS+JJgaCzg%&&& g%!q܇6JӟuN"@ m|GZOTKR!i#y(#wg o@PlB=2tiR u;a޺_&iY{!keH@XJ7eNV*NV$,< ?>wd',jLGI<~&.rOfWWϸ@|=/GRiemRߓJ t-ӄ1⺆arYç, ,_t2jUk`?ʠ< j;! 8`&MMx)c K R9 "_I8L xϰLty'JUVqc?s ?+4.Ї_YGrL`އ3moy,/MdNR(11>bt߫](co[gg 6zv>DA 2ߋO4z7Nus%d}ڻhsՖҽN z's=B eA#=Mti)qfm2XC<2p\8$ ST8 mÀ@Hcݜo8`R0c-MgBpSE07u4e{6yy~Ukq Cd:xAQ5@kNFuחO{k D2-bT0_RFI"Q6#=-#hYwDǠ"'0_ί([ⷚoWȘID_q+ '=?Eh'u>!9ۗ>48ty$K 21xc.A-6ؾJ="S4SJd"8%;)~ڲ{+ />E=:dSNS.([viaEn-eь9rdJ9#S"\(6L P6,OҴy=#lQ1 i(K"ih$lbTFoOݺ6<5ޥ]晿BNmK$gQt>fKUҊPk i2RH>a'-#*VZZFZ-V6yʏDR̅)O" fRzX,гO]5bf}z@:Q,gF'q?Kmظ2UtsX6 w{B s?ݡCO6v=ICo6y1% zNhs =`cdžm:{@BP$"BG/ɭ' Xw= Zt VdPRxa9yh3rpr#Wi]7uipbAg$H~ `@OL4b5~ÿ|ꢧG' r{k_=#'䢅+nl(=lGt?Ko{ѧme4 t33* Q4DH!H^m X"2gNIJa/>`2 ,fJf92iɜAxl7B_7C\pb_c1B~o~ϸW*]c*7o}VZtCqB)nVx/)&%n.eL @OKtG]_BQ{O{[#60N Ħ712~1OO=rmC'CX ?*4lo@[)-)$ΙJ;omݭn T v_!O#%FJ ,Q`mZ9_Ц õQ`VǴ _?qVԱQ*_2$;lߖŗc3Ocpߍ_K; *֒K0K(p!$~8 M{fr+ EAn˸E'ÖdN>_淪3}z˺|I'-}pJ9w2JEs.3_ǼLX=ﳷ JDof 5"^oT]Ĝ>o43ˁemxȧ tgԗؚ L-Ob0J.j-7b]SCtNʡVRS@a`NjPߟ{dؾv٪1BDϟ/rJĉ$UUhSFOLAm&ё:j4Y3 OaҀ36Kיo͗*剔e cK”"Ql(gsr78clfLx4'cqNHa"2tIaa߭cI[6(C@mC 9$ _6wTZS*ʇ|qL}<,h{↟eLmL }!$6~Lj#NRVIj$C @[N(m5#AŤR0!Q^-2,r@lr\A(dDU CƢ'BL(wl[8bx;?/CF࿇z%4%%^s`Vٺ4=]Me.vH&)%IM5˙RSlG㠣l;;Uw t⻺iJ)^- ^,5?Gg9E8,b!,LD/ +ӕlKWպUF [2I>ڒ9FopCIڃ%ŠȤO'2@GD"@LRQG_^ }dG*D2*ЋnK2. pnba&e O3x 4/Pm5Xwg:"RZJ-\}O nElgF!q#̖HUb@C"0//KCܒ_A+7폝ԛށ9ƩSORZ~VPqphGD#pxSKn3] "gc#FhʖR}mi(Tx~M{=@U mMc5XV&kz`vҰZ [0 Bᒖ~&֚/fK*B%] u 﨤x?-[t;ܮ#㷹O|XZV+ E~@Xj~%ű!i>M~Ҏ[ssssǑ*Z+[W<#Jlཱིݹea ox*kU% SFjxmjuM` df` ԞQEZ轉O.&o[&|G&C"8$ wyqyz22ܭ;aFl+stQ_z;`3-6~7{O'057|iwf<'>&C2[Aҽ tZt<47|i\fӺ곐dOI7V5w;XL] ` B&rvmk~i[)${j uܖn]xAŷHaongӆ+~owҥ0'~'!щxۼ-9(׍l'JD1;d~YǦWn΃>lBwX|*xGܳ `Ly ]E~o#7g4\O? +jor {^ZÛ20HBw7&k66 h~cd66&ʱ<^II-=ڶ/h `|F0-c l 8!S#y=&U6忍#+tӕXoJY~(VC}__ g}z6 d%hj6_fؐ!)j%"Q0M_[#cqX/2qXykx#უ=݇^&=_}\`G|-/Em/<|k}K.Mȼ e-^Nܓفatw_b6Y}gj w /Q4FY>PFO`Cѕřn./4{*f ][G?l̍@(Po\k_A'-gĬhgϡ?6 ?=XNfTn#n$Ɩ ҘX?_Ct~(s7Qs@a]IYx)KS=ME*a m0B~7꤯L7v).F:LyKQXcJ;*5m} J8+O|o~dQ{Ax8j Kg{{[-Ӥ$_]!<-Vv{"F(V#=t_exul?LFX*R^qe d᫩EP28!#9tѰL68ߋ! jl?QX2{n4?8x^z/jsy̙Tl/ZNtRDcΩUZM9Ts.KRG(VzdI+2// c|ŇRO&ƪTe:-0S5_\UBI>b\y z-@'+cՒm5X-켜…nj)D(R$Jq ;W m HXctNt܂љ H WIkm3J%3ܛ9/3\mDνz_a8r}{Ω03r1S%'evNj 0̊~Ux[jhwQfg1i4] L±@`:Iߣb߷b~m>+sY0d+jϊ5WR `]d֫bF).o3N QȥkS?OT2^*Z@(YYr' o.'G>Top+TՕǩoh}ext퐯J"⌯r[@ܶiOLNh2o¨`*zMI9T~2 LJ/tX0/b#-#o>IU12K= o~{@ܳq 81r,-E|Etz['u}>l1d.珖+62 1jl/ul߶ۿ =:}ۿl>zxX2嵅Dp@XYIIԖA/!`QtG','V ]\W 3Ϩ xtTd'79mк|t5 t$rkICB9Ҍ坒3_nʡR0FDu*Ft883c*%24cH <"m ~g~q79oR-i`IkBX\AAcs32a9K 1b10]a9=g1;my^p>A|>|u#D[?b 6C;b<1cRL<{CƯ TB t]\P"@J>S|??~e OHb:u~k6&p0"(3[]ă0>]w38l6#`;w&/h]__~""768t9i_noW;uwwsվ\ 0hL楾xQ(X7OGYFm3;eNq*gg:.ͅdUx,y.s9,tG_14eBx#UüzWzuS_)oݴ}-[I-3YWG>;ȩkHw r:X)` ύBjs@1@C|o_Ow.4#z_m]9^ @Pj+彜r3Y;O7~s>?@B󢳹sVhvrʡsS~K?\~ /skvs 挿 yv?taݜw>9'U>Bǜ ()- ݜr߫+A{9ȟȗ^|Ρkx:99 ro(@_r#+}GBm^9mB9_ZIRVqv*esS^)4OrRy~ )PW9P#Ϫ z2:RW~>%{'sg+i,]a芫-5mLkpLڭe]9nP+G{1:,y& )htVydSrbye?VRRw;]Cڤ\z.!{]W[O'ikz(s<2g)h{dZ+mDt|.y|8SNtw<17 }^Җ1B8 gvd{zUtsn ] x %>  SG0Ӛ޴O?toҾj][35J쓭/†>ga#f^*B8DCw_aɡ1zI?{'O!4܇f`JRWJ#{4N͡a[C o>eM+5VkZpWrîq@Dp1|9̈ɪ"+uW9 8]V*r `"! *s>P`26UF`Ԋz!O J14`tK_c4wp!E Ч oOv̆ڮ˘H͛YJæJᄽI௡$` }LRPsoy%=w] XI}#<ZA0r{IW3hېCK؊ET-#G6)bnٔIDSkW|`0t9+h `M {z<8܃-&(B:=/Gtu/ \=ww@p*`=ݸq9lrmHeyW >Q DhkЁx[K55~ɉL( 1 kEF(l#B;rs_`&<;/g@z;`TIأ ^BOvvF;0+ a?94v L9 H\}l.I "2HH 2s{B|%{j=Snn9q?\Ѱ{bAwN[Q=$N*׹f$36GsMpKp[ _}L«:Œ# 1*ԟ#1HXY/Z8:Z5m$$&3@ gYlVxXDR7fnmz (\dzd;+n xKj;<~"$E a'_! TL,sD<>;#3=Em- er}7{ /d/+4bŽѥOvk*Yůgk@"&^!#R.ړOFۑ)0XPw4 v5ك|4=hM@( [0F/"߇Fq:l/Asl2ql<3@ƷD0k"6i֘H\*,f) K?FgmrΧ9ϖWt:yDtzl랮Eguݍ¼ȶZ׼{]+l Cc]R>G+ ]'[ۧ3й?-Rz/e;͌,{QIbVC#q좢unD{~w1Ǹ 0rczwY?g[8K Ӿcd.GXI@ Ik,(Ma4,Lb5 "[]'QI 8fRvX3e,@a)5ZBO PO80Ux|-h\}{X\e,8Lg񼜺ނ"?X=<͇d'KWµ1%^5El߃*Ԉ|r^$aHbV\3|7tZОsq=C Sga+ecPXvc2G?{\<L++6 52lv* XJKŬ"&D0H'R:rsh{h۟sT*La$ !R3 KEv F.3\04/xqϢQəȩ8|_\%hw2b5ŠbL2y18ZS|ڻ$`gd/=iL*K ӻ9kgA0,}us>]L~s Whc<3xL -2VjwNVtƦI21qzr륭{Q'b"mR?-۔̑r&s.cKMfZ)֦O*LΙ k&|&R2ֱ}RZ`'m/Z6?V_'