While the popular view of hackers and those behind phishing scams, at least to the general public, are ubergeeks or teams of IT conmen in far flung countries, the simple fact remains that the equivalent of the script kiddy is still around.
Children as young as ten are lurking around vast password forums, which both offer code and tips to steal passwords as well as lists of Facebook login details.
Christopher Boyd, a security analyst at GFI, said it’s “not unusual for ten year olds and teens who have a little bit of a brain to be using scripts to steal personal information.”
Below is a screencap of just one page online listing stolen Facebook logins.
While it couldn’t confirm these logins were obtained via the FarmVille phish there was a good chance that many of the users on the list use the same passwords for their email accounts as their Facebook login..
“We have everything from Yahoo and GMail to Hotmail and AIM on there – not great in terms of the amount of personal data that might be accessible,” Mr Boyd wrote.
He said that it was possible that there were more of these account dumps out there, and that GFI had since found another dump which has some (but not all) of the same data posted to it along with logins not present in the first batch. He said this one didn’t “seem to be related to the “Facebook” logins so there may be numerous individuals having some fun here”
Boyd told TechEye that these codes were obtained in underground forums where a hacker detailed a little bit of what the program did and people came forward with prices. “Although this particular scam looks like it was done by a very clever hacker, it’s not hard for younger children and teens to get hold of these codes.
“A little bit of searching and they can buy passwords and stolen credit card details,” Mr Boyd added.