The Federal Bureau of Investigation is looking for a better way to spy on Facebook and Twitter users.
The Bureau is asking companies to build software that can effectively scan social media online for significant words, phrases and behavior so that agents can respond.
A paper posted on the FBI website asks for companies to build programs that will map sentiment and wrongdoing.
“The application must be infinitely flexible and have the ability to adapt quickly to changing threats to maintain the strategic and tactical advantage,” the Request for Information said, “The purpose of this effort is to meet the outlined objectives…for the enhancement [of] FBI SOIC’s overall situation awareness and improved strategic decision making.”The tool would be used in “reconnaisance and surveillance missions, National Special Security Events (NSS) planning, NSSE operations, SOIC operations, counter intelligence, terrorism, and more.
Although the police, including in Britain, already use Facebook routinely to ascertain the whereabouts of criminals, automatically filtering out irrelevant information remains challenging. The new FBI application will be able to automatically highlight the most relevant information.
The FBI is seeking responses by 10 February.
A hacker who calls himself Hannibal has posted thousands of alleged login email addresses and passwords of Arab Facebook users.
Emails and passwords for the social network Facebook have been published on Pastebin. Hannibal claims he has more than 30 million credentials of Arab users that he will publish regularly.
The hacker backs Israel and said, “State of Israel, not to worry, you’re in the hands of the world’s best hacker that I am. I will continue to support the government of Israel will continue to attack the Arab countries.”
In addition to the Facebook details he claims that he has possession of 10 million bank accounts and four million credit card details, which he warns he will publish if Iran continues to threaten Israel.
The most recent post said, “Unfortunately today I received an email from Mohammad Reza Rahimi [an Iranian politician] who threatens that would raise most of his men to find me and kill me. I assure you Mr. Fool, you can keep looking as you want, you will not find me even if you have a staff of 1,000 people who search for and carry out search for information about me.”
A spokesman for Facebook said, “This does not represent a hack of Facebook or anyone’s Facebook profiles. We have spent time investigating the information and have determined less than a third of the credentials were valid and almost half weren’t associated with Facebook accounts.”
“Additionally, we have built robust internal systems that validate every single login to our site, regardless if the password is correct or not, to check for malicious activity. By analysing every single login to the site we have added a layer of security that protects our users from threats both known and unknown. Beyond our engineering teams that build tools to block malicious activity, we also have a dedicated enforcement team that seeks to identify those responsible for threats and works with our legal team to ensure appropriate consequences follow.”
A new configuration of the Carberp Trojan that targets Facebook users to commit financial fraud. Unlike previous Facebook attacks designed to steal user credentials from the log-in page, this version attempts to steal money by duping the user into divulging an e-cash voucher.
Carberp replaces any Facebook page the user navigates to with a fake page notifying the victim that his/her Facebook account is “temporarily locked”. The page asks the user for their first name, last name, email, date of birth, password and a Ukash 20 euro (approximately $25 US) voucher number to “confirm verification” of their identity and unlock the account. The page claims the cash voucher will be “added to the user’s main Facebook account balance”, which is obviously not the case. Instead, the voucher number is transferred to the Carberp bot master who presumably uses it as a cash equivalent (Ukash provides anonymity similar to that offered by cash payments), thus effectively defrauding the user of 20 euro/$25.
This clever man-in-the-browser (MitB) attack exploits the trust users have with the Facebook website and the anonymity of e-cash vouchers. Unlike attacks against online banking applications that require transferring money to another account which creates an auditable trail, this new Carberp attack allows fraudsters to use or sell the e-cash vouchers immediately anywhere they are accepted on the internet.
Attacking social networks like Facebook provides cybercriminals with a large pool of victims that can be fairly easily tricked into divulging confidential account information, and even, as illustrated in this case, giving up their cash. With the growing adoption of e-cash on the internet, we expect to see more of these attacks. Like card not present fraud, where cybercriminals use stolen debit and credit card information to make illegal online purchases without the risk of being caught, e-cash fraud is a low risk form of crime. With e-cash, however, it is the account holder not the financial institution who assumes the liability for fraudulent transactions.
Much has been written about the Ramnit worm and its transformation into a financial malware. And now, Seculert’s research lab has discovered that Ramnit recently started targeting Facebook accounts with considerable success, stealing over 45,000 Facebook login credentials worldwide, mostly from people in the UK and France.
Discovered in April 2010, the Microsoft Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which infects Windows executable as well as HTML files”, “stealing sensitive information such as stored FTP credentials and browser cookies”. In July 2011 a Symantec report estimated that Ramnit worm variants accounted for 17.3 percent of all new malicious software infections.
In August 2011, Trusteer reported that Ramnit went ‘financial’. Following the leakage of the ZeuS source-code in May, it has been suggested that the hackers behind Ramnit merged several financial-fraud spreading capabilities to create a “Hybrid creature” which was empowered by both the scale of the Ramnit infection and the ZeuS financial data-sniffing capabilities.
With the recent ZeuS Facebook worm and this latest Ramnit variant, it appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms. As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands.
Seculert has provided Facebook with all of the stolen credentials that were found on the Ramnit servers.
Think your programming skills are world class? Facebook wants you to prove it at its second annual Hacker Cup challenge.
“Hacking is core to how we build at Facebook,” the company said in a blog post announcing this year’s competition. “Whether we’re building a prototype for a major product like Timeline at a Hackathon, creating a smarter search algorithm, or tearing down walls at our new headquarters, we’re always hacking to find better ways to solve problems.”
Open to coders anywhere in the world, Facebook’s competition pits participants against each other in five rounds of programming challenges. The first kicks off January 20 with a 72-hour qualification round. Three more online rounds will thin the field down to the final 25 competitors, who will be flown out to Facebook’s Menlo Park, Calif., headquarters for a final competition in March.
The winner will receive a $5,000 cash prize. Last year, nearly 12,000 programmers participated in the Hacker’s Cup. Petr Mitrichev, a Google employee from Russia, took home the top prize. (In a nicely ironic twist, Mitrichev wore his Google employee badge during the competition.)
Tech companies have an ulterior motive for running hacking contest: They’re a great way to find skilled programmers, one of the industry’s scarcest resources. Google runs an annual Code Jam contest, which Mitrichev won in 2006.
Facebook prides itself on its hacker culture, and dangles coding puzzles on its recruiting page with the slogan: “Solve programming challenges. Get a phone interview.” The company frequently holds marathon staff hackathons as part of its product-development process.