Unless for some undefined reason you live under an internet rock, or find the idea of having a “facebook” revolting, you may have heard of, or experienced the new “Nicole Santos” hack that spread it’s way around facebook, and has already become a meme of sorts. Let me explain.

Many people were getting fairly racy posts on their walls calling them various profane terms, but generally promoting “Nicole Santos’” run for an office of some sort. If you click the “remove this app” button, it will then proceed to tell you that it failed to remove, and will post that same post, on as many of your own friends’ walls as it can. Now you must be saying, “But hasn’t facebook made it impossible to post like that without oauth credentials,” and I respond, “Yes, but they never secured their facebook mobile, which still posts with basic HTTP requests, which could easily be exploited to post whatever anyone wants with very little authenticating information.” On further inspection, this was the second in a line of attacks. The first one was the exact same code, just in a more sensible manner, asking people to verify their accounts, and then proceed to ask them for their username and password. A more well rounded, sneakier attack than the blatant Nicole Santos hack. Come to find out the first series of attacks were from a man who has obviously spent much of his time hacking facebook. I won’t expose his name or any of the private info I have on him, but lets just say if he made money on this, he would be rich. He has anywhere from 29-41 domains registered to him, for the purpose of hacking, and has even gone to lengths to pay someone 750-1500 US dollars to build him a facebook script that would spam people through chat. The Nicole Santos attack was done by some script kiddie out to just cause someone a bad day, and obviously was only smart enough to copy and paste this “professional” facebook hackers code into a file and just modify it enough to spew profanity amongst his own friends and the rest of the facebook community, probably causing a large embarrassment for a certain “Nicole Santos.”

I wish you luck Nicole, and I hope your campaign for Junior class president goes well.

(P.S. For those who want the code, get it while you still can, attack 1;, and attack 2;

