Feeds

Hacked eBay accounts give rise to conspiracy theories

Roswell, the Kennedys and a hacker named Vladuz

Choosing a cloud hosting partner with confidence

Eagle-eyed conspiracy buffs have pounced on a recent rash of compromised eBay user accounts as proof of a mile-wide hole in the auctioneer's front lines, giving new life to a theory that could one day rival the intrigue surrounding Roswell UFO crashing and Kennedy assassinations.

Details remained sketchy, and of course, eBay managers have assembled the requisite wall of plausible deniability, but here's what we've pieced together so far: Over the past few days, several dozen eBay auctions - many selling pricey items such as Cartier Tank watches - have been hijacked by crooks who append legitimate auctions with notes suggesting would-be buyers contact a Gmail account for a special, "buy-it-now" discount. (Our initial Google search, trolling for tell-tale signs of the scam, returned 73 results; those numbers thinned over the next several hours, presumably, as the tired souls in eBay's security group pulled down offending pages.)

An eBay spokesman says all indications suggest that the accounts were compromised through plain-vanilla phishing techniques, in which unwitting users fall prey to spoofed emails and give passwords to their attackers. End of story, right?

Not quite. While the more timid among us would be tempted to agree with the company's party line, a chorus of eBay critics say there is something much more nefarious going on. They argue the episode is the latest proof of the existence of back door that has been built into the company's corporate network, allowing an attacker or a cadre of attackers to siphon login credentials and other confidential information from the site's users.

Who's in the Hoody?

Suspicions of a cover-up date back at least to December, when according to a post on The Auction Guild, a reader named Jack reported that his eBay account had been hijacked by crooks who were using it to sell BAPE Hoody shirts. On at least two occasions - once from a work PC, the other from his fire-walled home network - Jack retook control of his account and changed the passwords and other settings. Each time, the attacker was able to regain access.

"In trying to analyze what was going on, it appeared that the hijacker or hijackers had to have access to accounts independent of passwords, and have the ability to set account parameters so the legit account holder would not know what was going on," the Auction Guild posting theorizes. "If this is so, it either points to someone working inside eBay, or to a security hole so big, you can drive a tractor trailer through it."

A month later, Auction Guild was back, this time with evidence that a Romanian hacker going by the name Vladuz had developed and was circulating a sophisticated tool that reads confidential information residing on eBay's internal network, allowing attackers free reign of virtually any account and a trove of information that could be used in phishing attacks. A screen shot on another blog known to be hostile to eBay also purports to show Vladuz having gained the credentials of an eBay customer service representative on a public forum. "How about you start arguing in English?" the hacker taunts the crowd. "So I can laugh at you."

eBay spokesman Hani Durzy acknowledges that the hacker was able to gain access to a "single-digit number" of email accounts reserved for customer service employees, but he insists those accounts were maintained by servers that are entirely separate from the network where customer databases and confidential corporate information are stored. eBay officials know the identity of Vladuz and have alerted US and Romanian officials of his deeds, Durzy says.

But like any plausible denial, Durzy's is accompanied by a cloak of secrecy that officials say is necessary to maintain security, but that conspiracy theorists insist is designed to keep the lie alive. One such detail being kept under wraps is how Vladuz managed to gain the credentials of an eBay employee in the first place, or how officials can be sure the intruder never gained access to more sensitive parts of eBay's network.

Even more suspicious, according to AuctionBytes, is the recent removal of a link from an eBay forum that exposed account holders' names, addresses, and user names and passwords. Indeed, eBay officials appeared to have purged an entire forum thread where conspiracy theorists were discussing the vast cover up. (A capture of a more recent thread can be found here.

Not quite as compelling a plot as The X-files or Oliver Stone's JFK. But with all the round and round, we get the feeling this one may have more staying power. ®

Security for virtualized datacentres

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
UK.gov pushes for SWIFT ACTION against nuisance calls, threatens £500k fines
DCMS seeks lowering of legal threshold to fight rogue firms
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
Hungary's internet tax cannot be allowed to set a precedent, says EC
More protests planned against giga-tariff for Tuesday evening
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
ISPs handbagged: BLOCK knock-off sites, rules beak
Historic trademark victory, but sunset clause applies to future blocks
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.