Sophos Cloud Optix
It’s easy to understand how hacking groups, involved in undercover cybercrime, might want to keep their activities hidden from the-powers-that-be and law enforcement agencies, and conduct their crimes in secrecy.
Which makes it all the more surprising when you stumble across a group apparently engaged in stealing and sharing login passwords for third party systems, doing so not just on a public-facing website, but on a page hosted by the world’s biggest social network.
A reader of Naked Security, who works at a Yorkshire-based security company, contacted us last week to tell us about a particular Facebook page they had stumbled across belonging to the Albania Pirate Group.
On its Facebook page, 600+ fans and members of the Albania Pirate Group were sharing RDP (Windows Remote Desktop) logins, giving hackers unauthorised access to computer systems, and what appeared to be compromised banking details.
The potentially sensitive information was free for anyone to view, even if you hadn’t “Liked” the page.
Curiously, the Albania Pirate Group has a similar logo to the Kosova Hacker’s Group, who breached servers belonging to the US National Weather Service last month.
Sophos contacted Facebook, and within the hour the social network’s security team had closed down the page.
Remember that pages and groups on Facebook are not pre-vetted, and anyone can create a page with ease and use it for illegal purposes. If you stumble across a Facebook page that you believe is involved in law-breaking or breaches the terms and conditions of the site, you should report it to Facebook.
Our thanks go to the Facebook security team for shutting down the page so promptly.
Stay informed about the latest security and privacy issues related to Facebook. Join the Naked Security page on Facebook, where over 190,000 people regularly share information on threats and discuss the latest security news.
Of course,
you can do anything in Albania because they are at least 500 yeard away from the world we know it. Most of the authorities overthere does'nt know what computer is, so how can one expect from authorities to go after them :S
One better way of protecting your systems from this sort of 'opening' is to disable Remote Desktop completely, unless you absolutely needed it when you should only enable it at that time and re-disable it after that specific occasion of use.
The only time I've had use of it was when we had a problem with a 'security suite' from a well-known provider (not Sophos) and they managed to damage the system so it had to be re-installed! It then had a different security system installed as well.
Hang on a minute, doesn't everyone use RDP for remote users to connect to their network, this is 2003 after all? No, hang on……
Shocking. We are a Yorkshire based IT Security company dealing with cyber crime and network vulnerabilities all the time. It is staggering how few companies take network and IT security seriously and it seems they have to be victim to an attack before they finally sit up and listen. There is far too much of an ‘it won’t happen to me’ attitude to cyber security in Britain. I don’t know anything about Albania, except that you don’t need to go that far to find massive IT security breaches in major organisations, including the UK Government!
ITWiser, Yorkshire.
@jay
Albania does have laws and also cyber crime police.
We are not talking about where Albania stands, if its is 500 or 1 year behind the west countries. Here we are faced with a security issue.
I must say your should do your homework and grow up before you start pointing fingers and talking crap about a country that you have never been.
Grow up
They just create a new group all the time. Facebook needs better heuristics to prevent such misbehavior with their support… http://www.facebook.com/AlbaniaCriminalGroup
Facebook Security has now removed that page as well.