The thiefs trail
Every crime leaves trail, but you have to be willing or able to seek it out. At Meta, responsibility and support for the partners who make their wealth is a non existent illusion. Take a closer look though and the proof is right there, on Meta's own site.
The hack
The hacker gets into Facebook, which leads directly to the Meta Ad's page.
Meta doesn't lock anything down, doesn't log changes, doesn't report changes to the customer.
The customer is locked out, and unaware what's happening.
The customers bank information is now open ad free to the hacker.
The platform for theft is now secure and open for theft.
Notice the date, the Facebook hack is July 3rd 2023.
The Work
The hacker knows that the customers bank account is exposed, and there's no 2FA or any other barrier to entry.
The hacker goes to work, and opens a new ad campaign.
Run multiple instances
Time is short, run multiple instances, maximize it.
The hacker knows the Meta system is dumb and has no thresholding triggers for unusual events,
even though banks have had this for years.
Notice how the date of the new ad is July 3rd 2023, the same date as the hack reporting from Facebook
The Product
The hacker, now with unfettered access to Metas ad page, and the exposed customers credit card, starts to sell their own product, Crazy Weed Marauder.
Ready to go
The hacker has a new ad, ready to go, with a link to their own external page.
The Facebook business page owner is paying for the clicks, and the external link is collecting the sales and revenues.
Go big or stay home.
There's no simple threshold triggers in Meta, so change the demographics and reach by a factor of 500 and nothing will happen.
Its somebody else's money , and Meta's between us, so its safe to blow it out to 8700 million users.
Hackers sales numbers, using Meta and my money
That 700 million people reach, and the Facebook business customers $500 a day are doing wonders for the hackers off site sales numbers.
Thanks to Meta access and their customers credit card.
Results pour in
With an almost unlimited reach and $500 a day of the Facebook customers money, it looks great.
The pay per purchase link is 3x higher than the cost of the product the hacker is selling on another site, but hey, its not my money, says the hacker.
The clever hacker
What the hacker does, is they make a new ad, and do not change the ad image placeholder, so on first appearance, its still the old ad, but the actual ad is for the Crazy Weed Marauder, and once the ad is deleted, it looks like the "Story Unavailable" comment.
They also only stay for a few days, as Meta hasn't reported changes to the site owner while the hack took place, and billing is due soon, so they clean out the site ad images, and it looks like they were never there, and it looks like the actual Facebook customer ad was just badly operated.
They got their sales, the Facebook customer got the bill.
They also now that Meta is unwilling or unable to do anything at all, they got their ad money.
Next
The evidence
You take the hacked site date... 7-3-2023
You take the new ad placement ... 7-3-2023
The pricing changes at >500x
The demographic change from 35-55 all, to mostly women over 65
The zone change from 1.5 million people to 700 million people
The whole campaign lasts 3 days and is shut down and cleared out...almost
By pure luck and due to Meta code skills, a ghost image is left behind, and it only flickers for part of a second, but its there, and incontrovertible evidence of the hacked ad.
