Facebook Publicly Unmasks Koobface Hackers
The New York Times reported yesterday on a powerful “web gang” that have been pocketing millions of dollars from unsuspecting web surfers using a worm dubbed “Koobface” (an anagram of “Facebook”). Apparently, it is known who they are. It is known where they are. It is known how they do what they do. But, no one is touching them.
The men involved in this enterprise have been the subject of much investigation by Facebook’s security team, as well as by independent researcher Jan Droemer. But, it’s not like they are taking pains to hide. They post photos of their vacation trips to Monte Carlo, Spain and casinos in Germany. They check in on FourSquare.
“We’ve had a picture of one of the guys in a scuba mask on our wall since 2008,” said Ryan McGeehan, manager of investigations and incident response at Facebook.
The five men in this “gang” are:
* Anton Korotchenko AKA “KrotReal”
* Stanislav Avdeyko AKA “leDed”
* Svyatoslav E. Polichuck AKA “PsViat” and “PsycoMan”
* Roman P. Koturbach AKA “PoMuc”
* Alexander Koltysehv AKA “Floppy.”
Yes, they are Russian. And they operate openly in central St. Petersburg. Which explains why the FBI have not nabbed them. In the absence of cooperation with the police in Russia, Facebook decided to out these guys publicly.
“People who engage in this type of stuff need to know that their name and real identity are going to come out eventually and they’re going to get arrested and they’re going to be targeted,” Joe Sullivan, chief security officer at Facebook said. “People are fighting back.”
How Koobface works, and how you can protect yourself from it, was the topic of an excellent write-up on Sophos.