After accessing Facebook with stolen credentials, cybercriminals post child pornography there. Those affected are then faced with a blocked account.
The LKA Lower Saxony warns of a phenomenon that has been occurring more frequently in recent times, in which cyber burglars with stolen or cracked access data post child pornography on Facebook accounts. For those affected, this usually means a blocked Facebook account at first, but they also become part of investigations by law enforcement authorities.
Facebook burglary: Access no longer possible
The police explain that it is a new phenomenon that runs there under “Facebook hacking” or “Facebook phishing”. The perpetrators steal access data either through phishing or through credential stuffing, i.e. trying out known passwords. In doing so, they take over the access of the victim.
A short time later, the account holders can therefore usually no longer access their account themselves. Eventually, the attackers post child pornography content. Meta, i.e. the Facebook parent company, determines this and blocks access. In addition, the company reports the incident in accordance with the relevant laws.
This triggers NCMEC procedures. The National Center for Missing & Exploited Children (NCMEC) is a US parastatal agency that requires US providers under federal law to share such criminally relevant information. If foreign access accounts are affected, NCMEC reports this to the local law enforcement authorities. In Germany, the Federal Criminal Police Office (BKA) receives this information, processes it and forwards it to the state criminal investigation offices of the respective federal states.
For affected account holders, this means that the police are informed of a criminal offense – possession or distribution of child or youth pornography. In this way, those affected become accused in criminal proceedings because such content was distributed via their account. The responsible public prosecutor’s offices usually drop the cases because the account holders have not contributed to the crime. Nevertheless, such constellations could be uncomfortable for those affected, explains the LKA in its warning .
Posting of child pornography: Unclear motives
In the past four months, the LKA Lower Saxony has processed a mid-three-digit number of such cases. The targets of the perpetrators could not be clearly determined. Blackmail and demands for money payments before or after such a burglary could play a role. The LKA further speculates that damage to the reputation or discrediting of those affected in public could also be a possible motive.
As a protective measure, the LKA Lower Saxony recommends keeping the password up-to-date and secure. Internet users can usually activate two-factor authentication (2FA) to prevent unauthorized third parties from accessing the account. This means that attackers with new devices or browsers cannot easily get into an account, since users must first confirm their identity with information obtained in other ways. Therefore, recipients of such messages should never confirm them on a device if they have not triggered them themselves.
People who can no longer access their Facebook account and who are affected by this phenomenon should report suspected data spying out to the police in accordance with Section 202a of the Criminal Code. They can go to the local police station or use the state’s online police station.
