Attacking the Attackers: Facebook Hacker Tools Exploit Their Users
Would-be hackers that sought out tools to hack Facebook were in fact exploited themselves, new research from Blue Coat Elastica Cloud Threat Labs shows.For those who are looking to hack the Facebook accounts of others, there is a marketplace of Facebook Hacker tools that offer the promise of point-and-click ease. According to a new report from Blue Coat Elastica Cloud Threat Labs (BCECTL), the promise made by many Facebook Hacker tools is false. Rather than providing access to the Facebook accounts of others, BCECTL found that most Facebook Hacker tools only exploit the users of the tools. "The samples we have analyzed don't perform any real Facebook hacking as opposed to what is being claimed," Aditya Sood, director of Security and Elastica Cloud Threat Labs at Blue Coat Elastica, now part of Symantec, told eWEEK. BCECTL looked at multiple tools with various names, including Faceoff Facebook Hacker, Skull Facebook Hacker and Scorpion Facebook Hacker. The various tools can require the user to input their own Facebook credentials in order to gain some form of access.
Sood explained that the way the tools typically work is they will ask the user of the tool to provide the Facebook profile ID to be hacked. After that, it displays some fake system-critical failure messages. Following the failure message, the tool will ask the user to provide an activation code to hack into the profile.
The Elastica CloudSOC platform can detect anomalies in the compromised cloud service accounts that are used to host these kinds of tools for abusing the cloud service for unauthorized activities, Sood adding that Symantec/BlueCoat has the ability to dissect the network traffic to look into threats and associated anomalies. Additionally, the Symantec/BlueCoat global threat intelligence network provides regular updates about the state of URLs, he said. The Facebook Hacker tools are distributed at minimal cost ($20 for two to three months) or free of charge, Sood said. He emphasized that the Facebook Hacker tools are not doing explicit Facebook hacking. Rather, they are stealing end-users' Facebook account credentials, which can be further used to conduct additional sets of attacks, such as drive-by downloading through malicious link sharing in target accounts, stealing private information, phishing and spamming through Facebook messages. Although the report looked at Facebook Hacker tools, there are also similar tools available for Twitter that work the same way. "We have seen instances of several domains which claim to hack Twitter but end up in the same behavior," Sood said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.