Researcher says Facebook accounts worth more than credit cards

Powered by SC Magazine
 

But prices are hard to pin down.

A network of Facebook credentials is worth more than a bank account, according to a security researcher.

The social network was a target for scammers because hijacked accounts provided access to a victim's trusted "friend" network.

That trust and the wealth of personal information contained with the network can be exploited for a multitude of criminal purposes, such as property and identity theft, phishing, and to spread malware.

"Social networking one of the highest value credentials," Greg Singh a lead security engineer for BlueCoat Systems said.

"If I have your banking records, the best I can do transfer a few thousand dollars out.

"If I get your Facebook, and you don't know its been compromised, that's more valuable because I can steal information, send malicious links, video and the like to your friends."

Last year a lone hacker from Eastern Europe had sold 1000 Facebook accounts linked to more than 10 accounts for US$45, and offered a further 1000 accounts with 10 Facebook friends for US$25.

The value of stolen credit cards varies greatly. Reports last year found a glut of credit cards dropped the selling price to about $4 while in 2009 Deloitte pinned the value somewhere between $5 to $60 each.

Attack on Facebook and its accounts had increased in the last few years, Singh said, including strings of phishing scams that often pointed to malicious Facebook applications or third party websites.

Singh said Facebook had a "duty of care" to make its security enhancements activated by default, while changing features such as automatic facial reocgnition tagging to opt-in.

But Facebook was vindicated in a recent Bluecoat report that found it was not a significant victim of blackhat Search Engine Optimisation (SEO) schemes which were increasingly targeting advertising networks of trusted websites.

Signh said free pornographic websites were the "ever-stayer" of blackhat SEO campaigns. The report found "spikes of up to 110,000 new pornography sites" appearing in a single day.

"It is near impossible to filter out malicious ads," Singh said. "High value spaces like hotel accommodation are quickly filled by legitimate ads, but low-value targets, say for toothpicks, are often repeatedly outsourced to ad agencies, again and again until it eventually bought by a criminal who serves malware through the ad."

He said the attacks are brief, often only lasting five minutes before it moves to another network.

Copyright © SC Magazine, Australia


Researcher says Facebook accounts worth more than credit cards
 
 
 
Top Stories
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3055

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 971

Vote