March 2, 2007 at 7:00 AM ET
There is no disputing that a hacker who goes by the name Vladuz has at the very least become a public nuisance to eBay. But some observers think the hacks Vladuz has pulled off reveal a much deeper problem at the auction giant.
Vladuz claims to have broken into eBay’s computers, imperiling the integrity of auction site’s entire system of buying and selling. And the hacker has provided some evidence, last week posting messages to eBay's Web site while posing as employees of the site.
Vladuz demonstrated the hack by posting notes on the customer service bulletin board using the same bold pink background used by actual eBay employees.
Vladuz, who is believed to be Romanian, taunted the company in one of the notes. In response to a post where eBay spokesman Hani Durzy said that Vladuz didn’t have access to eBay’s internal systems, the hacker wrote: “Durzy … lies all the time.” Later, responding to a complaint that Vladuz had been tardy with a reply, the hacker wrote “I was very busy. Being hunted by eBay doesn’t leave you much free time.”
The Vladuz incident comes amid what some longtime eBay observers say is a sharp spike in account hijacking on the site. In “hijacking,” a trusted seller’s account is taken over and buyers are tricked into handing over money for nonexistent auction wins. EBay denies account takeovers have increased recently.
Adding to the intrigue: The reported spike occurred shortly after eBay instituted broad new anti-counterfeit measures. The new rules, which sharply limit cross-border selling, are aimed largely at Asian- and Eastern European-based con artists who sell fake jewelry and other high-ticket items. EBay observers say the rule changes have forced those con artists to find more creative ways to sell their knock-offs on the site, such as impersonating U.S. sellers.
'Tracking him very closely'
EBay officials deny Vladuz has infiltrated any of its critical systems, and say fraud remains a tiny fraction of the million or so transactions the firm facilitates each day. But they acknowledge Vladuz is on their radar.
"We are tracking him very closely," said company spokeswoman Catherine England. "We are working closely with Romanian law enforcement. ... He's a well-known fraudster there."
EBay concedes that Vladuz’s attacks are noteworthy. The company confirms, for example, that Vladuz was able to pose as a customer service agent on site bulletin boards during late February after stealing agent login codes. But England said Vladuz's hacking stopped there.
"Vladuz did not get into our site, or into customer accounts," she said. "Our corporate e-mail system operates on an entirely different system. ... At no point did he have access to any of our corporate tools, and no user information has been exposed."
Attempts to contact Vladuz at the many e-mail addresses the hacker has left around the Internet were unsuccessful.
The bulletin board incident is not the first time Vladuz has taunted eBay. Earlier this year, he posted on a hacker Web site a screen shot that he said was from eBay's internal computer systems. The image appeared to show about 30 names, email accounts, and passwords for eBay employees, displayed in what looked like an employee database tool. The e-mail addresses listed on the image all ended in “eBay.com,” as do regular eBay employee e-mails.
Atop the screen shot, Vladuz scrawled his name in big letters, using the computer equivalent of a purple crayon.
Just a stolen e-mail attachment, eBay says
England confirmed that eBay was aware of that incident, but said it did not indicate that Vladuz had gained access to any employee database. Rather, she said, it was a screen shot stolen from an employee's customer support e-mail account. She said that the e-mail account that had been accessed was not part of eBay's internal, corporate e-mail system.
England said she did not know how Vladuz obtained access on either occasion, but said the hacker is a skilled identity thief and long-time eBay "phisher" – a crook who sends out fake e-mail to eBay users intending to trick them into divulging personal information. Customer service agents might have fallen for such phishing, too, and responded with information for their e-mail accounts, she theorized.
England said she believed the recent taunting episodes were a function of Vladuz's frustration after many of his "most profitable" schemes were foiled by stepped-up security. Vladuz "took it personally" and set about to embarrass the company, she said.
Online auction activist Rosalinda Baldwin doesn’t believe Vladuz’s hacking is just a prank, however. She thinks Vladuz has provided plenty of proof that the hacker -- or the organization behind the name -- has managed to penetrate deep into eBay's computer systems.
"What level of access does this guy need to convince someone that he has a free hand?" she said.
Baldwin, who closely tracks fraudulent activity on the site, said she's seen a sharp rise in fake auctions in recent months. Scammers seem to be able to post fraudulent listings, impersonating legitimate sellers, faster than eBay can remove them, she said.
"Even if eBay ends them, they are re-listed within an hour or so," she said. The only logical answer, she argued, is that someone can raid eBay identities at will.
In some cases, hijacked accounts observed by MSNBC.com appeared to follow a sequential order, as if plucked from an ordered database.
England disputed Baldwin's assertion that a hacker or hackers gained access to the company’s computers, saying that phishing schemes remain very successful and provide criminals with a ready supply of eBay logins. She also said automated phishing tools have become are so sophisticated that they appear to be capable of stealing accounts in sequential order.
Baldwin and others who follow eBay fraud closely find that explanation hard to believe. Genie Livingstone, who runs Internet host Dotyou.Com, said there has been a recent spike in fraud on eBay so large that something else must be going on.
"The scammers seem to have unlimited supply of eBay user IDs and passwords ... but in February the numbers of hijacked sellers increased exponentially," she said. "Something changed. There seems to be an unusual availability of stolen eBay user IDs and passwords."
Baldwin and others say the crackdown on the sale of counterfeit goods provides the most likely explanation for the surge.
Counterfeiting -- of coins, purses, jewelry, stamps and many other items -- has long been a problem on the site. Two years ago, Tiffany & Co. sued eBay over the prevalence of counterfeit Tiffany items for sale on eBay.
Recently, eBay took a serious swipe at the trade in fake goods -- at least trade from overseas to U.S. sellers. In late December, England said, the Web site began limiting cross-border auctions on certain items where incidence of counterfeiting is high. The firm has not published a list of these items, so as to not tip off the con artists, she said, but sellers in China or Romania can no longer trade certain items with buyers in the U.S.
England denied there is any connection between the anti-counterfeiting steps and Vladuz’s incursion or account takeovers, and said that eBay fraud fighters have spotted no increase in the latter.
But Baldwin insisted the connection is obvious. Beginning in late December, for example, she began chronicling thousands of daily fake auctions involving counterfeit clothing under the popular brand name BAPE. She has showed MSNBC hundreds of DVD movie auctions that were obvious fakes.
"Can anyone believe that counterfeiters using phished accounts could list this many items, using all new accounts each time, three or four times a day? Day after day?" she said. "There are thousands of them ... EBay is completely at the mercy of the scammers.”