Hackers

Vietnam’s Facebook hackers nabbed in multi-million dollar sting

By Uzair Adam Imam

Vietnamese authorities have apprehended 20 individuals accused of orchestrating a widespread scheme to steal and commandeer tens of thousands of Facebook accounts, both domestically and internationally, reports state media. 

The operation yielded a staggering profit of nearly $4 million.

The group stands accused of creating and disseminating malware to seize control of over 25,000 high-value business accounts, as detailed by VNExpress. 

Cybersecurity police conducted raids across key locations, including Hanoi, Ho Chi Minh City, and Nam Dinh province, throughout April, resulting in the arrests.

The alleged mastermind, 31-year-old Dang Dinh Son, purportedly procured a malware source worth $1,200 to pilfer Facebook user credentials. 

According to state media, Son, who hails from Nam Dinh province, reportedly utilized this malicious software to hijack two popular Facebook fan pages associated with photo editing platforms: “Art Bay AI” and “Evoto Studio.”

Their modus operandi involved enticing Facebook users to download an application embedded with malware, subsequently compromising their devices. 

The stolen data was then funnelled to a server controlled by Son, who distributed it to five Telegram groups, facilitating the hijacking of user accounts by his accomplices.

The cybercrime syndicate profited by selling high-value Facebook accounts, while lower-value accounts were exploited for advertising purposes on e-commerce platforms, generating significant revenue. 

It’s reported that the accused collectively amassed $3.8 million from their illicit activities.

According to Statista, Vietnam ranked seventh globally in terms of Facebook users as of April, boasting a user base of 75.3 million.

Publicizing privacy: How our personal information hunts us

By Sulaiman Badamasi (Mahir)

Social engineering (also known as human hacking) is the art of psychological manipulation of human beings to trick them into making privacy blunders to giving out delicate confidential information. The perpetrator (social engineer) digs background information of the potential victim to identify key necessary weak points and possibly gain the victim’s trust to use the information against them. Before the emergence of social media, it took social engineers a long, frustrating time to acquire as much information as possible about their targets.

However, the dawn of technology saw the 21st century as the swiftest ever in terms of information circulation. The world has appeared at a height where a single tweet (for example) reaches a billion people in seconds. Thus, information runs fast, businesses nurture, distances diminish, causes foster, coverage enlarges, relationships are created/strengthened, thus making us and our lifestyles more publicized and learned about.

Despite its tremendous impact on making life more relaxed, social media compels us to unconsciously reveal vital personal information about ourselves, families, friends, etc., which could be easily used against us. In other words, what you need to know about people to trigger any havoc on them and their close ones is almost certainly on social media. People’s personal info has become so plentiful that they have a copy of their voter card, national ID card, and driver’s license posted on social media.

Moreover, people reveal their workplaces, positions, type and colour of their vehicles, wives and children (by number, names & faces), schools where their children attend (including class, level, course, location), the colour of their children’s uniforms, favourite food, the interior of their rooms, the kind of electronic devices they own/use, current location, movement plans and means of transportation (motorcycle, car, truck, train, plane) with picture evidence. You know when they sleep/wake, to mention a few.

The recent #KanuTrain attack is a decent scenario of how our personal information can be used against us. The intruders appeared to have readily gathered background details of some of the passengers, including their sitting positions on the train and their social profiles. In a video interview, the killer of Hanifa, the primary school pupil who was allegedly abducted and murdered by her teacher, explained how he took his time, gathered adequate information, and built up his fraternity before executing the unfortunate assault.

The fact is, no ill group/individual strategizes and carries out a successful attack devoid of having sufficient information, which of course, we give generously. Without data, plans go wrong, and they (perpetrators) hardly take these risks nowadays. Repeated evidence has struck our screens on how ill-doers use human informants, drones, and social media accounts to gather information about target victims before carrying out attacks on them, including military bases.

Ethical hackers do not just attack or penetrate internet environments or webservers. Instead, they do footprinting and reconnaissance to know the strengths and identify weaknesses in the system they plan to attack and then exploit them.

Have you ever wondered how your profile pictures can be grilled to reveal more information about you? We often change profile pictures on several occasions. Let us assume you have been on Facebook for ten years and have changed your profile picture ten times (once each year). These ten naturally varying images can be processed using deep learning and natural language processing to understand, for instance, the rate at which you are ageing, how happy/angry/suspicious/innocent you are looking, how healthy or otherwise, to mention a few.

A 30-minute walkthrough of the pictures you have uploaded in the last five years reveals what calibre of people you do mingle with, the state of structure your house is in, the number of countries, states, or towns you have visited, conferences you have attended, how beautiful your wife looks like, which of your siblings/parents/children you love the most, and more. Do you know that a data scientist who knows where you have been going for one year or less can use that data to predict where you will possibly be going next?

All these can be used to perpetrate evils against you/us, thus, informing a possible abductor/kidnapper whether you look like someone who/whose family can afford a ransom payment. Knowing a lot about your family tells them of the softer target amongst them. Of course, they would find it easier to abduct that daughter of yours whose school name, picture, name, age, the colour of the uniform, time to and from school you have made available than you.

Unless we have underlying valid reasons to do so, making our private information and our families public could make them more vulnerable to unnecessary access. Life now looks as if the more your sensitive information is made private, the less you are prone to some unfortunate events.

So, beware!

Sulaiman Badamasi (Mahir) can be reached via sulaimanmahir@gmail.com.

Beware of Facebook, other hackers

By Abdulrahman Muhammad, PhD

A friend recently left Facebook after his friends were duped through his hacked Facebook account. The hacker took over the victim’s Facebook account and sent messages to the latter’s friends asking them to deposit money into an account and get double the amount deposited in two weeks!

Because of sheer trust and gullibility, they first transferred monies into the bank account given to them by the hackers before even contacting my friend via phone. A total of about 450000 naira was lost this way, one of the victims being a student.

Lessons:

1. A simple phone call to confirm the true source and authenticity of the message would have saved the victims the trauma of losing huge sums of money.

2. The susceptible can be found even among the educated. While working in New Bussa, a colleague excitedly showed me a text message from an ordinary number informing him that he had won a lottery in which he was a random passive participant. I warned him that it was fraudulent, but another colleague convinced him it was genuine. The most painful thing was that the fraudsters asked him to go to an ATM and called them from there so that they could instruct him on how to redeem his prize. He inserted his card into the machine and followed their instructions sheepishly, which led to the emptying of his bank account.

3. Even a smart person can be a victim if they are too trusting, careless and greedy. Nobody can double your money in two weeks. Haba! Be street-wise.

4. Some bankers seem to be collaborating with fraudsters. For example, when victims go to the bank and complain, the bankers say the bank account the victim transferred the money does not exist!

5. Some of us have not been duped only because we are too poor to be conned. Or, to put it more respectfully, we are not rich enough to be defrauded. Where is the money?

6. A simple test can expose hackers. Recently, a Facebook friend sent me a fraudulent solicitation message. I promptly suspected his account was hacked. Unfortunately, I didn’t have his mobile number, so I sent him a message via Facebook Messenger asking simple questions in Kanuri language. The hacker responded in English with wildly off-the-mark answers. I called his bluff, and he disappeared.

7. Any friend who wants to deposit money in my account is welcome, but they should get the correct account details directly from me through my mobile number. My bank account name is slightly different from my Facebook account name.

8. One can also use the Messenger voice call option to confirm the person’s identity soliciting for money.

God save us from fraudsters.

Dr Abdulrahman Muhammad wrote from Maiduguri, Borno State. He can be reached via abbakaka@yahoo.com.