How Expired Domains Lead to Facebook ATO

Presented at CactusCon 11 (2023), Jan. 27, 2023, 11 p.m. (30 minutes).

Facebook has become a nearly ubiquitous tool for any small business to promote and advertise their business. Many businesses forgo a traditional website and simply prefer to utilize the features and customer feedback that a Facebook Business page provides. But what happens when those businesses fail? As with nearly all things, someone's discarded trash is another’s treasure. In this talk I’ll present how an expired domain can lead to Facebook account take over (ATO) and how these accounts are re-sold or even held for ransom. I'll show why long-forgotten accounts are still valuable and provide a high-level overview on the threat-actors involved as well as prior work that outlines these actors' fondness for Facebook accounts. I’ll also provide recommendations to help protect yourself from falling victim to this incredibly simple attack.

Presenters:

• Jon Wade - Thrunter at GoDaddy
  Jon Wade is a Principal Security Engineer at GoDaddy and has nearly a decade of experience in incident response, threat intelligence, and threat hunting in one of the world's largest hosting environments. He currently serves as the technical lead for a team focused on hunting threats that target customers or their site content.

Links:

• https://cactuscon-11.sessionize.com/session/394737

Similar Presentations:

• DEF CON 18 (2010) / Hacking Facebook Privacy
• DEF CON 18 (2010) / So Many Ways to Slap A Yo-Ho:: Xploiting Yoville and Facebook for Fun and Profit
• ToorCon San Diego 19 (2017) / How to obtain 100 Facebook accounts per day through internet searches