Botnet master abuses Facebook for pocket money, researchers reveal

Filed Under: Botnet, Facebook, Featured, Malware, Social networks

Buddha. Image from ShutterstockA Chinese hacker's main job may well be running a botnet of malware-clotted zombie PCs, but there's always time left in the day for selling fake Likes, apparently.

It is not every day that remorseful confessions over lapsed adherence to the Five Precepts of Buddhism help researchers identify a hacker.

In early 2012, hacker Zhang Changhe admitted, on Chinese social network Kaixin001, to breaking all Five Precepts of Buddhism.

Sexual misconduct, lying, and drinking aside, Zhang Changhe wrote that he also stole "continuously and shamelessly," though he hoped that he could stop stealing in the future.

Turns out that Zhang Changhe runs a botnet. (Perhaps that is what he was alluding to when he spoke of stealing "continuously and shamelessly"?)

Two security researchers, Dell SecureWorks's Joe Stewart and a 33-year-old blogger called "Cyb3rsleuth", claim that Zhang Changhe also reportedly works for the Chinese army and teaches at PLA Information Engineering University, a center for electronic intelligence, comparable to the US's National Security Agency's university.

Botnet. Image from Shutterstock

The whole fascinating story of unearthing a hacker is covered by Bloomberg BusinessWeek.

It tells the tale of how Joe Stewart and "Cyb3rsleuth" tracked Zhang Changhe down, following the trail of zombie computers infested with malware that Zhang left behind as he built his botnet.

Beyond running the botnet, working for the army and teaching at the university, hacker Zhang Changhe is said to look after a few side businesses: selling fake Likes on Facebook pages, artificially swollen follower lists on Twitter, and votes on other social networks such as Digg.

The bogus-thumbs-up service was even promoted on a BlackHat forum.

Post on Blackhat forum

Now Facebook, for its part, really doesn't want fake Likes. It wants Likes to be as pure a reflection of real users, in a real community who like real things, as it can get.

To that end, in August, Facebook said it was grappling with the issue of fake Likes, noting that it was increasing its automated efforts to remove Likes that may have been gained by means that violate Facebook's Terms.

A few months later, in October, Facebook tackled a bug that saw Like counters ticking up in double-time when users shared links in private Facebook messages.

Facebook LikeVigorous protection of its Like integrity is tied up in Facebook's business model: businesses pay to boost visibility of friends' Likes, or to try to sell apps a user might want based on his or her Like history.

Fake Likes dilute that advertising model, substituting bots for real, live humans with real, live wallets who Like, and sometimes (businesses hope), buy real things.

The Bloomberg article starkly illustrates what a daunting task Facebook, Twitter and other social networks have when it comes to handling well-funded, well-organized, methodical attacks carried out by legions of hackers in countries such as China.

It also paints a clear picture of how difficult it is to put a face on network intrusion and other malfeasance.

Bloomberg reports that "Cyb3rsleuth" subsequently published all his findings about Zhang Changhe on his personal blog. The hope is that that someone - be it a government, the research community, or some of the many victims whose sites or computers had been attacked - would do something.

So far, nobody has, as far as "Cyb3rsleuth" knows.

Imagine the frustration: a researchers finally track a hacker down only to encounter a culture of government denial.

Even if Zhang is never stopped, let alone arrested, "Cyb3rsleuth" and Stewart's work deserves kudos for adding to our understanding of how cybercriminals operate - broken Precepts, remorse-laden postings and all.

If you're on Facebook, and want to learn more about security and privacy issues on the social network, consider joining the Naked Security Facebook page.

Buddha and botnet images from Shutterstock.

Hat-tip: Bloomberg BusinessWeek

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.