Back |
Cons In Control of ebaY
|
|
The Scammers Are Now
Controlling ebaY
1 Feb 2007
Also see
ebay Insider Hijack Scam?
And
ebaY Motors Hijacked
Those of us who have watched ebaY from a users perspective, for many years, have
seen an every increasing ability for scammers to manipulate the site. In the
last year, this access has gone from being outside manipulation of flaws and
stolen personal information, to complete inside control.
These are the facts:
Every day thousands of listings from China selling brand name counterfeit goods
are listed using hijacked accounts. These are usually 1 day listings, the accounts
used fit a standard profile and are often accessed in alphabetical order. These
listings are for brand name clothing, DVDs, sunglasses, and expand into other
categories regularly. The scammer does not need a password to access these accounts.
ebaY Motors has ever increasing fraudulent listings. There are redirects from
ebaY search results, manipulation of information in valid running listings, and
ever more sophisticated cons, in addition to the all American fraud, found in
some used car salesmen, that has been a caricature in our society since the advent
of the automobile.
There is a brilliant hacker/codewriter who uses the moniker Vladuz, who makes
ebaY his specialty. He has been writing ebaY hacks since 2003, as far as we can
trace. This individual recently sent us a link to his latest hack, a tool that
he posted on Firefox's plug ins. There have been several screen shots of ebaY's
control utilities database posted on the net, on ebaY and off, all with a visible
Vladuz watermark on the pages. Vladuz made the posts on ebaY, as far as TAG can
tell.
ebaY knows about this problem, and has been removing any threads that appear
on their site about it. They just removed a long running thread on ebaY DE, one
on which Vladuz has posted on under various guises, including hacked ebaY pink
accounts. At the end of December, TAG contacted ebaY through their Trust and
Safety live support, and specifically told them what was going on. ebaY cannot
say they did not know.
Here is what we have theorized based on all we have seen, and the facts we have:
Vladuz appears to have written a program that gives the scammers complete access
to what we are calling ebaY's back end. This back end is the control utilities
database used by ebaY, to track everything on their site, that contains all information
about ebaY employees and its users. The following images are samples of what
Vladuz has made available to the scammer marketplace.
The scammers who have
purchased, or otherwise acquired the Vladuz access programs,
appear to be able to manipulate the account information
of every registered user ID on ebaY. They can monitor
in real time what is happening in an account, read email
sent through ebaY's system and respond to it through
ebaY's system, change any parameter in the user ID account,
so, for example, they can receive the PayPal payments
the legitimate account holder would have otherwise received.
They can add or remove information on a currently running
listing without the legitimate account holder knowing
it, and conduct business as they please; using all the
hijacked accounts they please. No password access is
needed. In the article ebay Insider Hijack Scam? we theorized that this was being
done by an ebaY insider, as that was the only thing that
could explain what we were observing. What we did not
realize, and what even TAG found hard to believe, was
that the scammers now had insider access, not by working
for ebaY, but by using the program built by Vladuz.