Posts tagged: Facebook Hacker

Sep 02 2013

Facebook Vulnerability that Allowed any Photo to be Deleted Earns $12,500 Bounty

Facebook BountyAn Indian electronics and communications engineer who describes himself as a “security enthusiast with a passion for ethical hacking” has discovered a Facebook vulnerability that could have allowed for any photo on the site to be deleted without the owner’s knowledge.

Arul Kumar, a 21 year old from Tamil Nadu, discovered that he could delete any Facebook image within a minute, even from verified pages, all without any interaction from the user.

For his efforts in reporting the vulnerability to Facebook’s whitehat bug bounty program Kumar received a reward of $12,500.

The vulnerability that he discovered was based around exploiting the mobile version of the social network’s Support Dashboard, a portal that allows users to track the progress of any reports they make to the site, including highlighting photos that they believe should be removed.

Kumar explained his bug by using a demo account, as well as sending Facebook a proof of concept video in which he showed how he could have removed Mark Zuckerberg’s own photos from his album.

By following Facebook’s whitehat guidelines he was able to pick up his deserved bounty.

Jan 19 2012

Hacker Publishes Waves of Facebook Logins

Facebook Passwords LeakedA hacker who calls himself Hannibal has posted thousands of alleged login email addresses and passwords of Arab Facebook users.

Emails and passwords for the social network Facebook have been published on Pastebin. Hannibal claims he has more than 30 million credentials of Arab users that he will publish regularly.

The hacker backs Israel and said, “State of Israel, not to worry, you’re in the hands of the world’s best hacker that I am. I will continue to support the government of Israel will continue to attack the Arab countries.”

In addition to the Facebook details he claims that he has possession of 10 million bank accounts and four million credit card details, which he warns he will publish if Iran continues to threaten Israel.

The most recent post said, “Unfortunately today I received an email from Mohammad Reza Rahimi [an Iranian politician] who threatens that would raise most of his men to find me and kill me. I assure you Mr. Fool, you can keep looking as you want, you will not find me even if you have a staff of 1,000 people who search for and carry out search for information about me.”

A spokesman for Facebook said, “This does not represent a hack of Facebook or anyone’s Facebook profiles. We have spent time investigating the information and have determined less than a third of the credentials were valid and almost half weren’t associated with Facebook accounts.”

“Additionally, we have built robust internal systems that validate every single login to our site, regardless if the password is correct or not, to check for malicious activity. By analysing every single login to the site we have added a layer of security that protects our users from threats both known and unknown. Beyond our engineering teams that build tools to block malicious activity, we also have a dedicated enforcement team that seeks to identify those responsible for threats and works with our legal team to ensure appropriate consequences follow.”

Aug 25 2011

Hacker Penetrated Facebook Servers

Glenn ManghamIn one of the first cases of its kind in Britain, Glenn Steven Mangham, 25, used “considerable technical expertise” to repeatedly bypass security at the world’s dominant social network, it was claimed.

The student, from York, faces five charges, including that he “made, adapted, supplied or offered to supply” a computer program to hack into a Facebook server, Westminster magistrates’ court heard.

Police sources described the incidents as one of the first investigations into attempts to illegally access the site, which boasts more than 750 million members worldwide.

One Scotland Yard source told The Daily Telegraph that detectives were not aware of any hacking attempts “to this extent” on the site in Britain. It is understood Mangham does not have a Facebook profile.

Mangham was arrested by officers from the Metropolitan Police’s Central e-Crime Unit in early June on suspicion of “computer hacking offences” before being charged earlier this month.

He appeared in court for the first time yesterday on what the judge, Nicholas Evans, described as “serious allegations” under the Computer Misuse Act.

He was banned from having any access to computers, his iPhone or “any devices capable of accessing the internet” while on bail. His lawyers argued the conditions were similar to forcing him into “exile”

“The court feels it will be safer if there was no access to the internet which will reduce the temptation for your son to go on to Facebook,” said Judge Evans.

Specialist cyber crime police allege that between April 27 and May 9 Mangham repeatedly hacked into a Facebook “puzzle server” using software he had downloaded.

The firm runs puzzle servers to allow computer programmers to test their skills. Mangham allegedly knew that doing so could disrupt its operation.

On April 29 he also tried to hack into a “mailman” server run by Facebook via his web browser, police claim. Such systems are used by firms to run internal and external email distribution lists.

Just over a week later he allegedly used software to “secure access to the Facebook phabricator server”. Phabricator is a set of tools designed by the firm to make it easier to build Facebook applications such as games.

Mangham had “made, adapted, supplied or offered to supply” a special software script to hack into the Phabricator server, the court heard.

Despite the extent of the alleged intrusions, Facebook said its users’ personal data was not compromised.