Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Script fools n00b hackers into hacking themselves
The Register ^ | 5-2-2014

Posted on 05/02/2014 8:58:49 AM PDT by markomalley

Security experts have warned Facebook users in India not to fall for a new scam which tricks victims into “self cross-site scripting” by promising access to a tool which will let them hack their friends’ accounts.

Symantec security response manager Satnam Narang revealed in a blog entry that a post began circulating last week on Facebook featuring a video with tips on how to hack accounts.

That post apparently linked to a Google Drive document containing code that the scammers claimed will allow users to see their friends’ passwords, if they cut and paste it into their browser window.

He continued:

What really happens when you paste this code into your browser console window is that a series of actions are performed using your Facebook account without your knowledge. Behind the scenes, your account is used to follow lists and users, and give likes to pages in order to inflate the follower and like counts defined by the scammers.

Your account is also used to tag the names of all your friends in the comment section of the original post. This is done to help the scam spread further, playing off the curiosity of your friends, who may visit the post to find out more and hopefully follow the instructions as well.

Narang claimed that the scammers behind an earlier version of this self cross-site scripting attack managed to gain 50,000-100,000 likes on Facebook and followers on several pages and profiles.

The attackers are based in India but some of the words used in the code are Turkish, hinting that this is where they may hail from originally, he added.


TOPICS: Computers/Internet
KEYWORDS:

1 posted on 05/02/2014 8:58:49 AM PDT by markomalley
[ Post Reply | Private Reply | View Replies]

To: markomalley

Illustrates the difference between hackers and script kiddies.


2 posted on 05/02/2014 9:04:46 AM PDT by SunTzuWu
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

This type of counter-defense should have been the foremost methodology for combatting hacking for 20+ years.


3 posted on 05/02/2014 9:30:33 AM PDT by Attention Surplus Disorder (At no time was the Obama administration aware of what the Obama administration was doing)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Attention Surplus Disorder

I’d suggest that using the hackers’ webcams to emit laser death rays would be quite appropriate as well. :=)


4 posted on 05/02/2014 9:37:00 AM PDT by Bob
[ Post Reply | Private Reply | To 3 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson