Criminal web forum trades in stolen social network profiles

A study from VeriSign’s cyber security watchdog iDefense has revealed a huge increase over the past year in demand for nicked social network user accounts, many of which go on to be sold internationally on the black market including over forums.

Once information available on social notworking is secured it is auctioned off inbulk to other nefarious ne’er-do-wells for the regular dodgy practices we’re familiar with, such as money transfer scams, data mining and malware and spam campaigns.

It recently uncovered a web forum where advice and trading of login details was on an absolutely tremendous scale. One particular user, going by the name of ‘kirllos’ claimed that he was selling 1.5 million compromised accounts. Typically prices were $25 for 1,0000 accounts with 10 contacts or fewer, or $45 if there were over 10 contacts.

While accounts with a number of friends were the most popular, crims were also flogging profiles with no friends, solely for sending out malware.  We have approached VeriSign for further details about the forum, to see if we can sell them @TheTechEye.

In a statement VeriSign iDefense says that although highjacking social media accounts is no new thing, it is getting worryingly more international. Rick Howard of VeriSign cites VKontakte as an example – it’s a popular social networking site around Russia, Belarus and Ukraine. So of course the stolen accounts are generally limited to criminals in that area.