Monday, October 16, 2017
So Long Stabranja
Maybe it's all this Equifax bonanza stuff going down, but I thought a post about identity and security and automated account attacks would be appropriate.
I was very excited to be able to see my facebook account hacked in a (perhaps) methodical, slow attack that has left me unable to verify my own identity, i.e., access the account. I say perhaps because, perhaps, there is no method-making person behind this; maybe it's just a program following instructions. Regardless, I got to watch it happen, and I'd like to share.
In preface, it should be noted that here at Network Address, we certainly don't present ourselves as digital liberators, that is, computer hackers. However, the world that surrounds the activities of such folk are very interesting to us. Listening to Off the Hook on 99.5 WBAI and attending the HOPE conference at the Hotel Pennsylvania are a great source of the material seen on this site. If interested yourself, please look into these, they're very much worth it (The next HOPE is summer 2018, check it out...https://hope.net/).
Back to the matter. I wonder how common this is. I plan to do some research on this dating site that requires your fb as entry. I have many facebook accounts, and many from back in the day before you had to use real names. This one is Stabranja Bones, part of a project from almost 10 years ago, about hick-hop (at the time this was something we made up, but it's apparently a thing now) and bronix (same, although it was called Brocabulary by reddit). So I access this dating site using one of my facebook accounts, unfortunately, a favorite that I'm sad to see taken away from me. Although, I'm glad I got to see it happen firsthand.
I'm on this dating site for a couple days, that's all I need. You know how these sites work, btw - if you leave your account vacant it will be used as a bot. There's no such thing as deactivating or deleting an account. Content has value and will not go to waste, no matter what you think or want. (Remember, when things are free, you're the one giving the value, not taking it.) We used to call this a zombie I guess, like you killed the account but someone else uses the empty shell, the carcass, to impersonate a real person. This makes the site look like they have more people than they really do, which makes the prospects of finding a date better, which makes the site more attractive, which makes it more likely that you'll pay for a subscription after your free trial. (If you're new to all this, just look into the Ashley Madison scandal, "angels" and "engagers" and etc.) So, I get into the habit of at least deleting all the uploaded pictures on the dating site account, posting new picutres of people that are certainly not me, and then "deactivating" it. I did this.
About a week later, I get a message from a friend of mine, one of the few people I have connected to the hacked fb account, and a person who, unlike myself, is active on facebook and notices these things - he asks me, in real life via text message, if I changed the profile picture on the facebook page. I did not. I assume that my tooling around with the dating site via the fb site had caused some inadvertent change. In the back of my mind, because I don't trust anything, I thought there was a possiblity that everything was already compromised.
About a week or two later I check back into the dating site, just to check up on things, since I was suspicious. I see a chubby Middle Eastern man has taken the place of my profile picture (which until then was a photo of a college friend of mine in drag), and yes, the dating site is still using my profile/account, but with this new chubby Middle Eastern guy as the primary avatar. I log back into fb and delete this guy's pic, and reinstate my old profile pic.
A month goes by. I then get an email stating that my password has been changed, if I didn't do that, I should check into it. I do. They're asking me to confirm my identity. They show me some pictures of "friends" to test whether I know them or not. Hmmm. Some of these people I don't recgnize (I only had 3 friends, this was a bogus account we did for fun, after all.) I fail the test. I try again. I fail again. I don't know these people. I'm locked out of the account forever.
I go back to my email account (a second account that I use for bogus accounts etc.). Gmail separates "social" emails to another page, so I haven't been seeing the updates from fb etc. I go into this "social" page of emails and see that my fb avatar has been accumulating friends for the past month. I imagine that friend requests are sent out by the hundreds, and someone, be they either real or not, is accepting. Now I have a whole bunch of "friends" who I don't know. And if this is going on for a month, and I'm not doing anything about it, then whoever is doing this (see me giving agency to an algorithm here?) is like "great, nobody's at the wheel, let's take control." My password gets changed.
I recall some time ago, my credit card company called me about potential fraud. Have you been to Florida recently, they asked. No. That's what we thought, you have some fraudulent charges, we're going to take them off and give you a new card number. How did you know, I asked. They bought hard hats from a Home Depot in Florida, and we thought that was strange. ... I thought it was strange that they thought that was strange. Anyway, they know this stuff better than I do, because once someone has stolen your credit card number, the first thing they do is to test it; they buy some stuff and see if they get flagged. They see if there's anyone behind the wheel. If not, it's all their's.
And now Stabranja is all theirs, whoever they are.
Afterword
The next time you hear something like "Facebook has reached x million users," be aware that these are not real people. They're empty shells. Their "likes" are empty as well. Also, the next time you are deciding whether it's worth it to pay for a subscription to that dating site, many of those people are not real. That is to say, they may have been real at one time, but they are no longer; they are also empty shells.
Post Script
etymology of Stabranja Bones:
Stabroned (brain + stoned) + ganja. Yup. Producer of Brody Lambone, hick-hop sensation.
The Semibots Are Coming
Network Address, 2015
Labels:
agency,
algos,
bots,
breach,
digital liberation,
hackers,
identity,
intelligentities,
passwords,
security,
social media
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment