Wednesday, September 26, 2007

Did Vladuz hack eBay, or is stockpiled stolen information being used to make it look like he did?


(Picture courtesy of Yahoo Group, eBay_scamkillers)

There is a lot of speculation that eBay was hacked once again, and that Vladuz might be behind the latest episode.

Vladuz, who takes his name from a famous Romanian prince, Vlad Tepes, has plagued eBay with a string of hacking attacks in the past. Vlad Tepes was the inspiration for the novel, Dracula. In Internet folklore, Romanian scammers are often referred to as "Vlads."

Of course, eBay is denying that they were actually hacked. I'll let the reader form their own opinion.

Auction Bytes (Ina Steiner) is reporting:

eBay closed its Trust & Safety discussion board for hours on Tuesday after threads began appearing listing the names and addresses of eBay members. eBay spokesperson Nichola Sharpe said, "We think the fraudster obtained the eBay User names and IDs from previous account takeovers." The credit card information that was published alongside 1,200 names, User IDs and addresses were not associated with the financial information on file for those users at eBay or PayPal, Sharpe said.

Unfortunately, with the amount of account-takeovers caused by Phishing, eBay can suggest other ways the information might have been stolen. Phishing is where users are tricked into giving up their personal details, or downloading malware (crimeware), which steals it right off their hard drive.

I don't know which is worse, that they were hacked in this incident, or that all this information was compromised a long time ago? If it were compromised a long time ago, as eBay states, how much more compromised eBay information is out there?

The Cappnonymous Buds Blog has put together a pretty visual demonstration that makes a pretty good argument that eBay was hacked.

Account-takeovers enable criminals to scam others, using someone else's information. They can also be used to fence (sell) stolen merchandise with a high degree of anonymity.

It should also be noted that stolen payment(credit/debit) card details are often used to purchase the merchandise, which is then fenced.

To cover their tracks, the scammers often dupe people into laundering the proceeds of these sales in work-at-home (job) scams and wiring the money, normally across a border.

Whether Vladuz is behind this latest attack remains to be seen. But the fact remains, that there is a lot of fairly organized crime targeting eBay (my opinion) and other auction sites, on a daily basis.

Previous posts, I've written about eBay and auction fraud can be read, here.

In case anyone is interested in the graphic photo at the top, here is a post I did about a Yahoo Group that call themselves the eBay_scamkillers.

They are an all volunteer group, many of whom have impressive credentials, that are responsible for putting a lot of eBay scammers, where the sun don't shine (prison).

No comments: