Industry News

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack

Is there something you want hacked?

I get emails all the time from complete strangers, asking if I can help them hack into someone’s Facebook or email account. Sometimes they claim to be family members who are worried that their loved one has gone missing and not replying to messages, but more often they’re suspicious that their partners are cheating on them behind their back and want to read their private communications.

Of course, I explain that hacking someone else’s account without their permission is a crime, and that’s not something I can help with. But there is clearly a significant demand from people – whether driven by love, infatuation, revenge or greed – to break into the accounts of other people.

A site which received significant publicity earlier this year is Hacker’s List, which claims to “connect people who need professional hackers to professional hackers for hire around the world.”

hackerslist

I’m sure that some of those who post requests onto the Hacker’s List jobs board, hoping to find a hacker, have nothing but internally legal activity in mind. For instance, you might have long ago password-protected one of your Word documents – and can no longer remember how to unlock it.

But new research reveals that many of the hacking tasks listed relate to breaking into Facebook accounts, cracking Gmail passwords, stealing chat logs from messaging apps like WhatsApp

Security researcher Jonathan Mayer says that Facebook is expressly referenced as the target of hacks in 23% of projects and Google 14%.

hack-account

Another regular sight is that of students asking for school computer systems to be hacked in order to improve their exam grades.

What’s worse still is that Mayer seems to have found it relatively easy to create a web crawler that could scoop up details of projects posted on Hackers List, and then cross-link members’ supposedly anonymous usernames with Facebook accounts revealing their real names, email addresses, phone numbers and other personal information.

hackerslist-jobs

Mayer says that he was able to match 25% of active Hacker’s List accounts to a Facebook profile, whereas other users have unwisely given their name, contact information or street address in their posting:

So much for “discreetly” hiring a hacker.

Fusion reports that since the privacy problem with Hacker’s List became public, the site’s CEO Charles Tendell has sent out an email warning of the potential for users’ privacy to have been breached:

hl-email

 

Hello all HL users,

A recent posting by a security researcher has identified a problem with HL’s integration with Facebook. The problem has the potential to divulge personal information such as a users Facebook page. We have taken steps to mitigate this problem and as part of those steps we have disabled login and registration with Facebook.

Unfortunately, although a sensible step, that’s shutting the stable door after the horse has bolted. The very last thing that anyone using Hacker’s List for nefarious purposes wanted was to have their true identities revealed by the very service offering to put them in touch with a hacker.

Maybe it’s better if you don’t try to break the law by hacking the accounts of other people, spying on ex-partners or business rivals, or altering your exam grades.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

9 Comments

Click here to post a comment

  • Hackerslist is a fiasco. They stole my money for a simple “project”. There is no dispute. I have the impression, that the same Administrator, is the hacker (using different usernames) the chat person (as the emails sent to HL Admin are only replied if you tell them through the chat that you SENT them an email).

    Such an amateur website can not hack anything. I lost USD 200. That’s is a pitty. I rather think that is the price I paid for being so naive !!!

  • Been scammed 3 times supposedly by there verified hackers . This company's just has scammers working for
    Them and dont reply to any complaints

  • Please Beware of Cyberphonehacker he is not a Hacker he is a Scam he will take your money and run stay away from him tell everyone he scams people .

  • i have been scammed and lost 300$..this website is useless and there is no real hacker but only scammers inside..keep out of this website and its scammers if you dont wanna lose your money and time..

    • I was also scammed out of $300. Deposited the funds into "Escrow" but never got refunded after the hacker could not complete the job. Harassed their admin for almost a YEAR before finally giving up. Throughout that time they also "lost my account", then completely removed my account all together. The last 10 emails to them have gone unanswered. Now they don't even have a login any more which means that anyone that had money in their account is now S.O.L. TOTAL SCAM.