LulzSec scam discovered on Facebook – but it’s not what you think

Picture on FacebookEarlier today, a member of the British press contacted me asking if I had any photographs of the arrest of a suspected hacker in Wickford, Essex.

Quite why I, based in Oxford (which is about a 100 mile drive from where the man was arrested), would have photos of late-night goings-in in Essex wasn’t really explained by the journalist. But let’s not worry about that now.

In short, I explained that I didn’t have any photos and they would have to look elsewhere.

“But you do have a photo of the hacker! I’ve seen it on Facebook! But we want an unblurred version!” exclaimed the reporter.

Baffled, I asked her to explain exactly what she had seen. And this is it..

Click for larger version

There it is, a picture of a pixellated man being lead away from a building by two pixellated people who we assume are policemen. And right next to it is a link to the Naked Security story we published about the arrest of a man who may or may not be connected with the LulzSec hacking gang.

And what’s that you see?

The Creator of LulzSec arrested in London (PHOTO TAKEN BY THE POLICE)
SEE THE PICTURE WITHOUT BLURRING, SHARE THIS PAGE AND LIKE IT !!

Hmm, London? The creator of LulzSec? I don’t think so. That doesn’t seem very accurate.

Let’s click on the tab labelled “The Picture”. I’m now presented with webpage content – including a larger version of the blurred photograph – inside an iFrame.

LulzSec scam on Facebook

Alarm bells should be ringing in your head at this point. Why should you have to “Like” and “Share” a page in order to see a photo?

Fortunately I had a test Facebook account which I could safely use on a computer to investigate what I would occur if I followed the Facebook page’s creator’s instructions.

Sharing and liking the page, followed by clicking on the link, lead me to third-party webpages that urged me to download a program called iLividSetupV1.exe that attempted to install a series of toolbars.

Presumably whoever is behind this Facebook scam (and I doubt it is anyone connected with LulzSec) is earning commission the more people they convince to install the software. So far, this scam is far from widespread – but it’s certainly inventive to exploit the breaking news story of the suspected hacker being arrested in the UK.

Oh, and are you still curious regarding the photograph? Well, I was able to determine who was really in that picture.

It’s actually a Turkish hacker in the photograph. Mert Ortac was arrested in Turkey in late 2008, and you can read the full story of his brush with the law in this Wired article which includes the photograph of him being escorted (unblurred) by a couple of policemen.

Wired article including image of Mert Ortac

So that mystery is solved at least! And the journalist should be happy they didn’t use the picture to illustrate the British arrest.

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.