A new Facebook hacking tool could turn your closest friends into your worst enemies.
The tool, called "Facebook Pwn," lets Facebook criminals and everyone else steal personal profile information from any target of their choice on the massive social network. That's the end result, but it's the sneaky process you have to watch out for.
All a would-be hacker has to do is download Facebook Pwn, which is free, and then create a new Facebook page. From there, the data-mining tool sends friend requests to a specified list of friends, with the hacking target among them.
[Facebook Hacking Tool Hacks Hackers]
A plugin within Facebook Pwn prompts the user to choose the target; it then clones one of the victim's friend's profiles and sends the target a friend request. Once the victim accepts the request, Facebook Pwn lives up to its name, harvesting the target's information, images and all other sensitive data, all of which can be deployed in social engineering attacks.
Think of it as an automated profile zombie scary makeup included. And by the time the victim realizes it's a zombie and not a friend, the damage is done.
The developers released Facebook Pwn as a proof-of-concept hacking tool, and hope that Facebook will revamp its verification process as a result of seeing what Facebook Pwn is capable of. But in doing so, the researchers have potentially opened the door for identity thieves looking for a new route of attack."After a few minutes, probably the victim will unfriend the fake account after he/she figures out it's a fake, but probably it's too late," the developers, who work at the Egypt-based IT firm Raya, wrote on the Facebook Pwn page.
"Though it was with good intentions that they released the tool, the risk in which Facebook Pwn puts regular Facebook users is undeniable," the Facebook watchdog site Facecrooks wrote. "Attackers can use the info they find through this tool to make phishing attempts more effective, and that's not even the worst of it. The only defense that we can really have is to be extra vigilant about whom we add as friends."