Is there something you want hacked?
I get emails all the time from complete strangers, asking if I can help them hack into someone’s Facebook or email account. Sometimes they claim to be family members who are worried that their loved one has gone missing and not replying to messages, but more often they’re suspicious that their partners are cheating on them behind their back and want to read their private communications.
Of course, I explain that hacking someone else’s account without their permission is a crime, and that’s not something I can help with. But there is clearly a significant demand from people – whether driven by love, infatuation, revenge or greed – to break into the accounts of other people.
A site which received significant publicity earlier this year is Hacker’s List, which claims to “connect people who need professional hackers to professional hackers for hire around the world.”
I’m sure that some of those who post requests onto the Hacker’s List jobs board, hoping to find a hacker, have nothing but internally legal activity in mind. For instance, you might have long ago password-protected one of your Word documents – and can no longer remember how to unlock it.
But new research reveals that many of the hacking tasks listed relate to breaking into Facebook accounts, cracking Gmail passwords, stealing chat logs from messaging apps like WhatsApp
Security researcher Jonathan Mayer says that Facebook is expressly referenced as the target of hacks in 23% of projects and Google 14%.
Another regular sight is that of students asking for school computer systems to be hacked in order to improve their exam grades.
What’s worse still is that Mayer seems to have found it relatively easy to create a web crawler that could scoop up details of projects posted on Hackers List, and then cross-link members’ supposedly anonymous usernames with Facebook accounts revealing their real names, email addresses, phone numbers and other personal information.
Mayer says that he was able to match 25% of active Hacker’s List accounts to a Facebook profile, whereas other users have unwisely given their name, contact information or street address in their posting:
So much for “discreetly” hiring a hacker.
Fusion reports that since the privacy problem with Hacker’s List became public, the site’s CEO Charles Tendell has sent out an email warning of the potential for users’ privacy to have been breached:
Hello all HL users,
A recent posting by a security researcher has identified a problem with HL’s integration with Facebook. The problem has the potential to divulge personal information such as a users Facebook page. We have taken steps to mitigate this problem and as part of those steps we have disabled login and registration with Facebook.
Unfortunately, although a sensible step, that’s shutting the stable door after the horse has bolted. The very last thing that anyone using Hacker’s List for nefarious purposes wanted was to have their true identities revealed by the very service offering to put them in touch with a hacker.
Maybe it’s better if you don’t try to break the law by hacking the accounts of other people, spying on ex-partners or business rivals, or altering your exam grades.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsSeptember 06, 2024
September 02, 2024