LulzSec scam discovered on Facebook – but it’s not what you think

Picture on FacebookEarlier today, a member of the British press contacted me asking if I had any photographs of the arrest of a suspected hacker in Wickford, Essex.

Quite why I, based in Oxford (which is about a 100 mile drive from where the man was arrested), would have photos of late-night goings-in in Essex wasn’t really explained by the journalist. But let’s not worry about that now.

In short, I explained that I didn’t have any photos and they would have to look elsewhere.

“But you do have a photo of the hacker! I’ve seen it on Facebook! But we want an unblurred version!” exclaimed the reporter.

Sign up to our free newsletter.
Security news, advice, and tips.

Baffled, I asked her to explain exactly what she had seen. And this is it..

Click for larger version

There it is, a picture of a pixellated man being lead away from a building by two pixellated people who we assume are policemen. And right next to it is a link to the Naked Security story we published about the arrest of a man who may or may not be connected with the LulzSec hacking gang.

And what’s that you see?

The Creator of LulzSec arrested in London (PHOTO TAKEN BY THE POLICE)

Hmm, London? The creator of LulzSec? I don’t think so. That doesn’t seem very accurate.

Let’s click on the tab labelled “The Picture”. I’m now presented with webpage content – including a larger version of the blurred photograph – inside an iFrame.

LulzSec scam on Facebook

Alarm bells should be ringing in your head at this point. Why should you have to “Like” and “Share” a page in order to see a photo?

Fortunately I had a test Facebook account which I could safely use on a computer to investigate what I would occur if I followed the Facebook page’s creator’s instructions.

Sharing and liking the page, followed by clicking on the link, led me to third-party webpages that urged me to download a program called iLividSetupV1.exe that attempted to install a series of toolbars.

Presumably whoever is behind this Facebook scam (and I doubt it is anyone connected with LulzSec) is earning commission the more people they convince to install the software. So far, this scam is far from widespread – but it’s certainly inventive to exploit the breaking news story of the suspected hacker being arrested in the UK.

Oh, and are you still curious regarding the photograph? Well, I was able to determine who was really in that picture.

It’s actually a Turkish hacker in the photograph. Mert Ortac was arrested in Turkey in late 2008, and you can read the full story of his brush with the law in this Wired article which includes the photograph of him being escorted (unblurred) by a couple of policemen.

Wired article including image of Mert Ortac

So that mystery is solved at least! And the journalist should be happy they didn’t use the picture to illustrate the British arrest.

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.