15 Sep 2011
Posted by synt4x 
Loading ...
Tools, tricks users Facebook, uses a request to add them to friends in order to obtain personal data that can later be used for online fraud.
The Group of Experts on Information Security, based in Egypt, has created a tool that facilitates social engineering. It automates the collection of sensitive data in user profiles, Facebook, which can only be accessed by friends in a social network.
Cross-platform Java-tool called “Facebook Pwn” and described the creators as “the dumper for the profiles of Facebook”.
“(Tool) sends requests to add to friends list users Facebook, and then calculates the positive notice of acceptance of friends. As soon as the victim accepts the invitation, all its data immediately merge – photos and friends list” – says in the description of the program.
In a typical scenario described by the researchers, the hacker begins collecting information from the user profile by creating a new, empty profile. Then uses the so-called “friending plugin”, with which you can add to my friends, all friends of his victim. This ensures that you are the victim of mutual friends, the researchers note. Further cloning plug-in asks you to select one of the friends of the victim. Then it clones only the picture and name of the selected friend to your account.
After that, a request to add to friends send the victim to a fake account of its “friend.” The tool is waiting for a positive response from the victim, explained in the description of the program. As soon as the victim accepts the invitation, the dumper immediately begins to gather all available information from the pages of (information, pictures, links, etc.) for further study offline.
“Maybe in a few minutes the victim will remove fake profiles from your friends list, after he / she realizes that he not real, but most likely it will be too late!” – The researchers explain.
In a group of developers tools, posted on the site Google code, said that it was developed only in the “proof of concept” and should be used at your own risk, and not to “abuse”. And their request, no doubt, will be heard all the hackers who have no intentions too.
