Facebook is undoubtedly the biggest social media platform today, making it among other things, a target for hackers on darknet markets

Stolen data are a popular buy on various darknet markets for criminals looking for new identities to hide their clear web activities.

As such, data breaches like the theft of Facebook usernames and passwords are not uncommon.

In a bid to protect its users, Facebook employs more than just the use of secure software to keep out criminals who supply the darknet markets with stolen information.

Facebook buys the leaked passwords from the hackers in the various darknet markets, cross-reference them with existing user passwords, then sends an alert to their users to reset their passwords or make them a lot stronger to ensure their account’s safety.

Cross-referencing Process is Heavy

alex-stamos

Facebook purchases stolen passwords from hackers on various darknet markets and uses them to improve their users’ online safety.

Facebook’s Chief of Security Alex Stamos admits that the process is not easy at all, but is very effective.

He mentioned that the biggest threat to the safety of user accounts is weak passwords and the reusing of passwords.

He highlights that, despite the security team’s efforts to keep Facebook secure from hackers looking to make a coin on darknet markets, ensuring user accounts safety is an entirely different and notably more difficult aspect.

Facebook’s security team apparently began their data mining venture shortly after the massive data breach of Adobe in 2013.

Their primary goal was to seek out users with weak, reused passwords that were shared on the Facebook and the Adobe platform.

Since then, they have continued to purchase leaked passwords from the various darknet markets in a bid to ensure their users’ continued safety.

Passwords are Secure

For those who are concerned about their passwords being accessed by the Facebook security team, Facebook security incident response manager assures them that the method used to cross-reference the passwords to the respective owners’ accounts is in no way similar.

At the time they began buying the passwords from darknet markets, they ran the plaintext passwords using a one-way hashing code in order to link the passwords to their respective accounts.

The one-way hashing function compares the hashes of the recovered password using hashes that are already stored by Facebook.

If the two hashes are successfully matched using Facebook’s security process, then Facebook identifies the user and sends them a request to change their password in order to enhance account security.

Facebook’s Move May Be Encouraging Cyber-crime

As expected, there has been outcry concerning the morality of the whole situation.

Purchasing stolen information from cyber-criminals in the various darknet markets could only promote their activities, especially now that they realize Facebook will simply pay them to return the stolen passwords.

Stamos admits that the use of passwords and usernames are more than a bit outdated.

Originally coined in the 70s by mainframe architectures, the security provided by them is less than sufficient.

This is mostly the reason why Facebook later adopted additional security measures such as the identification of Facebook friends alongside its original two-factor authentication process to determine whether an account had been compromised.

They have also enhanced the account recovery significantly by making it possible to allow close friends to help in the verification of your account recovery request.

Stamos insists that despite all the security measures they use to protect their users from cybercriminals, there is always the lot that will choose to skip these measures and as such, it is upon the security team to ensure their account security.

Author:  Darknet Markets

Source:  https://darkwebnews.com/darknet-markets/facebook-buys-leaked-passwords-darknet-markets

Categorized in Deep Web

Keeping Facebook safe and keeping Facebook secure are two different tasks, Facebook’s Chief Security Officer Alex Stamos said at recent conference. Security, he explained to the crowd, is building walls of defense to keep threats out. But “safety is bigger than that.”

Stamos explained that the “bigger” form of safety was making use of stolen password dumps on the darknet. Instead of simply comparing the password hashes of Facebook users with those made publicly available, Facebook buys the account dumps hidden on the DNMs.

Database breaches containing electronic healthcare records have routinely popped up on marketplaces like the TheRealDeal. Social media has been regularly exploited too. Earlier this year, 65 million Tumblr accounts surfaced for a surprisingly low price.

Tumblr.png

After the Adobe breach, we learned Facebook that the social media giant mined the Adobe data to find anyone who shared passwords between Facebook and Adobe. The accounts that used the same username (email) and password were “concealed” and received a message with instructions to update their password.

moduleplant id="558"]

“Recently, there was a security incident on another website unrelated to Facebook. Facebook was not directly affected by the incident, but your Facebook account is at risk because you were using the same password in both places,” the Facebook message said.

fb-message.png

Stamos explained that the social media giant hunted the darknet for account and/or server dumps to buy. The team then used a “computationally heavy” method to cross-reference the passwords found in the dumps with Facebook users’ password hashes.

Facebook sandboxed the users after matches were found, keeping the possibly-compromised accounts from the public eye—until the account owner changed the password.

“The reuse of passwords is the No. 1 cause of harm on the internet,” Cnet quoted Stamos on stage. He continued “Even though we provide these options, it is our responsibility to think about those people that choose not to use them.”

The ability that Facebook had regarding cross-referencing passwords found in data breaches and those of Facebook users raised several questions. People wanted to know how Facebook could possibly check their credentials against those found online without storing their login data in plain text. The suspicion that Facebook stored account information in plain text or similar encrypted fashion was not held by a lone conspirator.

moduleplant id="558"]

Chris Long, a security incident response manager at Facebook, explained the process after the 2013 Adobe breach. This was his reply to a commenter on krebsonsecurity.

We used the plaintext passwords that had already been worked out by researchers. We took those recovered plaintext passwords and ran them through the same code that we use to check your password at login time. Like Brian’s story indicates, we’re proactive about finding sources of compromised passwords on the internet. Through practice, we’ve become more efficient and effective at protecting accounts with credentials that have been leaked, and we use an automated process for securing those accounts.

“It can do that because passwords can be used to create hashes, but the reverse isn’t true: hashes can’t be used to recreate the passwords that made them,” Naked Security wrote.

Stamos explained “When somebody logs into Facebook, the password they hand over is passed through a one-way hashing function. If the result matches what Facebook has on record, that user is allowed in.”

Facebook looks for stolen password that are able to pass through Facebook’s hashing algorithm. If it passes and matches the hash file on record for a particular user, “Facebook knows it has hit on a reuser,” Stamos said.

He ended by adding: “Usernames and passwords are an idea that came out of the 1970s mainframe architectures. They were not built for 2016.”

Source : https://www.deepdotweb.com

Author : C. ALIENS

Categorized in Social

SAN FRANCISCO (Reuters) - Alphabet Inc's Google said on Thursday it is acquiring cloud software company Apigee Corp in a deal valued at about $625 million, the tech giant’s latest effort to claim a greater share of the lucrative cloud business.

San Jose-based Apigee's software helps companies' digital services interact with apps used by customers and partners.

The service is critical for businesses transitioning to the cloud, Diane Greene, who runs Google's cloud computing division, said in an interview. "They are a leader in this application programming interface area," she said.

Cloud computing is the increasingly popular practise of using remote internet servers to store, manage and process data.

Apigee specializes in managing so-called application programming interfaces, or APIs, the channels through which digital services connect when a company logs a purchase for a customer or places an order with a supplier.

Google will pay Apigee shareholders $17.40 for each share, a 6.5 percent premium to the stock's Wednesday close.

Apigee's shares were slightly above the offer price at $17.43 on Nasdaq in afternoon trading on Thursday.

The company, whose customers include AT&T, Burberry Group Plc, Vodafone Group Plc and the World Bank, went public in April last year at $17 per share.

Greene, a former VMware CEO, has pushed to raise Google's profile in corporate computing since she joined last year.

During her tenure, Google has streamlined engineering efforts and appointed new leadership for its cloud efforts, improving traction with clients, Google Chief Executive Officer Sundar Pichai said during the company's latest earnings call.

Greene predicted that the Apigee acquisition would redouble Google's momentum.

"Our customer lists are extremely complimentary," she said. "There's some overlap and some areas where we are going to be able to help each other once [the deal] closes."

The Apigee deal comes a day after Google and online storage company Box Inc said they would partner to enable Box's corporate customers to integrate Google's suite of word processing, spreadsheets and other productivity tools, known as Google Docs.

Google, Amazon.com Inc, Microsoft Corp, IBM Corp and others are vying for a share of the fast-growing corporate cloud computing business.

Apigee, with high-profile clients in a strategically important area, will help Google close in on the competition, said analyst Patrick Moorhead of Moor Insights & Strategy.

“Google has fallen behind both Microsoft Azure and Amazon Web Services in enterprise cloud computing, and this move is intended to strengthen that position,” he wrote in an email.

(The story was refiled to correct the description of Apigee to "cloud software company" the in headline and the first paragraph)

Source : http://ca.reuters.com/article/technologyNews/idCAKCN11E1SG?pageNumber=1&virtualBrandChannel=0

Categorized in Science & Tech

“POETIC” is how Marissa Mayer, the boss of Yahoo (pictured), described the sale. Others, remembering better times at Yahoo, see little that is artful about the decline and fall of the 22-year-old internet company. On July 25th, Verizon, a telecoms giant that is also America’s biggest mobile operator, announced it would buy Yahoo’s main internet business for $4.8 billion (a price that does not include the firm’s properties in Asia or its portfolio of patents). The sum is paltry compared with Microsoft’s offer of $45 billion in 2008, which Yahoo’s management turned down, arguing that the firm was worth far more.

Four years ago, when Ms Mayer, an early Google executive and an engineer, arrived to try to reverse the fortunes of Yahoo, the firm’s Silicon Valley headquarters brimmed with optimism. For more than two decades, Yahoo had been torn between its identity as a media company that made content and a technology company that provided tools for people to use online. It seemed that Ms Mayer could be the leader to settle on a single identity and direction (see timeline).

Instead, she spent on everything and hoped something would work. Early on came the purchase in 2013 of Tumblr, a social network and blogging platform, for $1.1 billion, even though, according to an insider, it was about to run out of cash. Yahoo has since written down most of the purchase price. To beat out Google she inked a pricey, five-year deal with Mozilla, owner of Firefox, a browser; Yahoo became Firefox’s default search engine at an annual cost of more than $375m. As for Yahoo’s own core business, revenues are falling by a tenth each year as consumers and advertisers migrate from desktop computers and the internet firm’s products. Its gross profits fell by 44% between 2012 and 2015 and its costs, including those of an overstaffed headquarters, rose sharply.

Verizon’s shareholders must hope that the firm absorbs the lessons of Yahoo’s decline alongside its assets. But investors who know it well are near unanimous that this week’s deal may not fare all that much better than some of its target’s past ones, says Jonathan Chaplin of New Street Research in New York. Certainly, Verizon makes no claim to be able to restore Yahoo to its former glory. Rather, it reckons Yahoo could help buttress its main business of selling mobile-phone

20160730 WBC145

 

subscriptions. This has slowed now that most people have smartphones, which are falling in price.

“Yahoo brings viewers; viewers bring advertising; advertising brings top-line growth,” is how Fran Shammo, Verizon’s chief financial officer, sums up the firm’s thinking. Last year it spent $4.4 billion on AOL, another former dotcom darling. With both Yahoo and AOL it will achieve much-needed scale: in America it will command the second-most visited set of web properties. Only Google beats it now (see chart).

Scale makes sense because buyers of digital ads want to spend money where they can find large audiences. Every last percentage point of growth in global online advertising last year (outside China) went to Google and Facebook, notes Brian Wieser of Pivotal Research, which tracks digital ads, among other things. The two giants together control over half of the US mobile-advertising market, compared with Yahoo’s 2.4% and Twitter’s 3.4%.

20160730 WBC188

 

Google and Facebook have invested heavily in technology that allows them to sell digital ads in an efficient, automated fashion. Verizon is hoping to take them on. Advertising is going through (yet another) digital transformation, meaning that marketers are not only spending more money online but also using technologies to buy ad space more efficiently, targeting their message to the specific people they are interested in. AOL has a smoothly functioning new platform for this, but Yahoo underinvested. Verizon reckons it will be able to use AOL’s technology to sell a lot of Yahoo’s inventory of ads to marketers.

All the same, Verizon will be taking on rivals whose main business is advertising, and in which they each have more than a decade of experience. It will need to move nimbly, not something telecoms firms are known for. Another reason why Verizon may struggle to challenge Facebook’s and Google’s duopoly has to do with new plans from the telecoms regulator. Internet-service providers and mobile carriers like Verizon know more about their customers than do Google and Facebook. They know their billing addresses, their precise location at any moment and all their online habits, says Harold Feld of Public Knowledge, an advocacy group.

So Verizon is now betting it will be able to muster data about all of its 113m retail subscribers and bombard them with targeted ads as they browse apps or websites owned by Yahoo and AOL. Advertisers are much taken with the possibility. For example, McDonald’s, a fast-food chain, could choose not to advertise to people who have visited a store recently and instead go after those who prefer Burger King. This kind of “geo-targeting”, as it is known, has long held promise but eluded advertisers.

But the Federal Communications Commission has proposed rules that could challenge this vision. The regulator may soon require that mobile-phone subscribers opt in to any sort of advertising by outside parties instead of automatically allowing it. Many, of course, would opt out. Investors in telecoms firms have paid insufficient attention to the discussions in Washington, DC, thinking them too wonky to worry about, says Craig Moffett of MoffettNathanson, a research firm.

Watching people’s physical whereabouts may already be a step too far for consumers, and could spark an immediate backlash over privacy. Verizon has recently had a run-in with privacy advocates over its use of “zombie cookies”, which allowed it to track its customers’ online browsing even when they opted out; it then shared the data with other firms. The company had to pay a small fine earlier this year.

Verizon’s deal does have one thing on its side: low expectations. Any success it has with its purchase of Yahoo is all upside, says Mr Chaplin. By contrast, during her reign, Ms Mayer was dogged by unreasonably high expectations, along with near-constant scrutiny. Verizon has the freedom to say next to nothing about how its advertising business does in the near term. Such relative invisibility may allow it to press on with the radical surgery, such as slashing headcount, that Yahoo has needed for years but never received.

http://www.economist.com/news/business/21702779-telecoms-giant-has-made-bold-risky-bet-future-advertising-does-it-ad-up

Categorized in Others

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now