• 08.05.11

Hackers Cruise In The Wake Of Booming Square And Facebook

The faster tech businesses boom, the faster scam artists see opportunities to exploit them. Two hacks targeting Facebook and credit card service Square offer further lessons in failure at the speed of light.

The FBI has arrested the “Spam King” Sanford Wallace and charged him with 11 counts of fraud, intentional damage to a protected computer, and criminal content, the U.K. Telegraph reports today. Wallace allegedly hacked into 500,000 Facebook accounts in 2008 and 2009.


His Facebook fiasco reveals again that with all of the rapid expansion of fast-moving tech companies come opportunities for them to fail fast and hard when it comes to stopping parasitic scam artists. Facebook caught Wallace and his scam, but not for months after he used Facebook accounts to help him blast off spam in 27 million Facebook wall posts.

Meanwhile, in a related event at the Black Hat security conference in Las Vegas this week, researchers showed how Square’s iPhone-based credit card reader could be used for illegal money transfers using stolen credit cards and a system that converts credit card numbers into the same sort of sound that Square uses to read them. They made use of the fact that the system does not use encryption when it reads cards, CNET tells us today. When contacted for comment, a Square spokesperson said via email: “This was not a vulnerability, but rather a simulated attempt to commit fraud. Like all credit card processors, we aggressively guard against fraud (such as the use of stolen credit cards)–and we use traffic analysis and other patented methods to detect and prevent malicious activity.”

It’s not the first time a potential skimming vulnerability surfaced with Square, though. Competitor VeriFone pointed out early on that Square’s software encryption was dandy, but its hardware–the neat little iPhone appendage through which the card is swiped–came unencrypted and exposed. Square did not respond to Fast Company about that instance.

Airbnb, with its viral tale of rented and ransacked rooms, isn’t the only booming web-based biz with teething troubles. In that sordid tale, Mark Suster, the prominent angel investor and venture capitalist with GRP Partners, offered a comment that applies more broadly to fast-growing tech companies who run into problems. “I think the strategy of saying, ‘This will blow over, just move on, let the next news cycle come, people will forget this,’ is always wrong,” Suster said.

[Image: Flickr user ogimogi]