While logging onto one of our clients Facebook Fanpages today I realized that I no longer had administrator access to their page.  After making a few calls to the other Admins on the page we all realized that nobody (at least within our company had access to this page). Panic sets in…..

Not knowing the cause of the problem, we have spent the majority of the day researching how this may have occurred and what, if anything can be done about it. The page still exists, we can even post to it using HootSuite and other 3rd party applications, but all of our Admin privileges don’t exist.  We research more and send several support help emails to Facebook, but from what we read it does not look like Facebook is of much help in situations like these.

Then something strange happened. At about 3pm a post was made to the page that we are locked out of saying ‘Happy Valentine’s Day !’ I thought this was strange since the only way we could post to the page as the page owner was as an admin or through a 3rd party service, and none were listed under that message.  I started to get suspicious and decided to Google: ‘fanpage fanpage hijacked.’

The second result said ‘Fan Page was hijacked! Pls help’ and was posted today, February 13, 2011.  I clicked the link and found this:

Fan Page was hijacked! Pls help

http://www.facebook.com/VolcanoECig
http://www.facebook.com/VolcanoVaporCafe
Both fan pages were hijacked, all admins were removed and message “hacked by:bl00dy punKK”
I’m hijacked

from: http://getsatisfaction.com/facebook/topics/fan_page_was_hijacked_pls_help

I decided to investigate further and clicked to the VolcanoECig facebook link and the first post on the page is this:

1000+ Facebook Pages Hacked

 

 

Other Facebook Pages Hacked!

The thing that really caught my eye is that there was a space between the ‘y’ in Day and the exclamation point, just like on our page.  In addition to that, this ‘Happy Valentine’s Day !’ post was posted at exactly the same time as it was posted on the Volcano Electronic Cigarette Page.  As I started reading the comments it turns out that this page was hacked and the owners of the page were being asked for a ransom for the return of their page.

 

Hijacked Fanpage Extortion

Hijacked Fanpage Extortion

 

So I began to wonder, we’re probably not the only two pages that had this happen, and who is behind this?  I began doing Google and Facebook searches for ‘bl00dy punKK’ (turns out 1 K is his typical spelling) and came upon a group of hackers known as the Republick of Kosova Hackers (RKH), of which bl00dy punk is a part.  I found three other members of the RKH crew and after a little digging found two of the four in Facebook. From the looks of things, and what my Google Translator was able to translate in Albanian, these guys have been hacking websites for some time, and they think very highly of themselves.

I dug a little deeper into the profiles of ‘the crew’ (DSRsysGR, HoaX-TrojAn) and found the interests page of Hoax Trojani with a ton of hacker pages of which he is a fan.  I went through each one (most were in Albanian) and then came upon PC Hackers (an Albanian education page in Facebook).  The first story on PC Hackers links to a Hacker News article written just a few days ago titled ‘Lots of Biggest Facebook Pages Hacked By Omega Chg (Albania Hacker).’

So I guess the Albanians have figured out some way to hack into Facebook fanpages. Facebook really needs to get their act together when it comes to security, just a week ago or so Facebook CEO Mark Zuckerberg’s own Fanpage was hacked.

We will keep you updated on the story with our fanpage as it progresses.  If anyone else is having similar issues we’d like to hear about it.  And for anyone interested in leaving a nasty comment to any of these assholes, I linked to their fanpages on purpose.