Instagram isn’t only for exotic travel, pet, or food photos. Communities of hackers are also using the social network to sell stolen Spotify and Fortnite accounts, as well as access to botnets designed to launch distributed-denial-of-service (DDoS) attacks.
The accounts highlight social media companies’ continuing issues with content moderation. In this case, Facebook, which owns Instagram, is having trouble preventing illegal content from being distributed on its platforms.
In particular, some people on Instagram are advertising botnets they claim to be associated with Mirai, a network of internet of things-based devices that have been repurposed to attack websites and servers by spamming them with traffic. Some are selling botnets based on other code.
“There is a lot of people in the community on Instagram,” Root Senpai, who sells various hacking-related goods on Instagram, told Motherboard in a message on Discord, a messaging platform popular among gamers.
Caption: A screenshot of one of the Instagram posts advertising a botnet. Image: Instagram Screenshot
The hackers themselves and their wares appear to be unsophisticated. One Instagram post, which includes an apparent photo of the hacker’s screen, claims to be selling access to a Mirai-based botnet, likely for attacking websites or other online services to try and slow them to a crawl. Several other users Motherboard found are selling access to other botnets, with one post advertising subscription-style plans for $5 to $80 a month (it is not immediately clear how powerful, or lackluster, these particular botnets may be.)
When asked how they obtained this botnet, perhaps by hacking into computers themselves, Root Senpai declined to elaborate for “security reasons,” they said.
Another account, using the name ghostttzzz, includes a screenshot of their botnet control panel, with the text “hmu [hit me up] for spots.”
Some of the hackers are advertising these tools in normal Instagram posts, others are advertising them using the network’s Stories feature.
Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, OTR chat on email@example.com, or email firstname.lastname@example.org.
Stolen accounts do generate interest from customers, “especially Fortnite accounts,” Root Senpai added. As the game skyrocketed in popularity, hackers have continually cracked into Fortnite accounts to sell, some of which come with rare character skins. As Kotaku reported in March, some hackers break into accounts to use the victim’s payment information to buy game upgrades, and then transfer them to other accounts.
Indeed, much of the activity from the Instagram hacker accounts overlaps with gaming communities. Some accounts, as well as posting photos of their botnet control screens, share images from Fortnite or other online games. Some of the hackers appear to be young; Root Senpai said that “there are a lot of kids on Instagram that is [sic] willing to buy botnet spots, mostly kids that play on console.”
“For me I just sell spots for fun and money because I am still to [sic] young to get a full job that can make a decent amount of money,” they added.
Finding various accounts selling access to botnets and stolen accounts was fairly trivial. Many of them follow each other, making some form of hacker community on the platform. The scale of the issue is unclear, however: Motherboard focused on one particular collection of accounts that appear to interact with and follow each other. Root Senpai did describe people in the trade of these botnets and accounts as the “ig community.”
Caption: A screenshot of one of the Instagram posts advertising Fortnite accounts. Image: Instagram Screenshot
Instagram’s terms of service says users cannot “do anything unlawful, misleading, or fraudulent or for an illegal or unauthorized purpose.” That, an Instagram spokesperson confirmed to Motherboard, includes selling access to hacked computers or accounts. The spokesperson added that Instagram is investigating the issue and will take steps to remove content violating its terms.
Motherboard did not share specific account names with Instagram. As we’ve argued before, it is not journalists’ job to act as content moderators for some of the world’s most powerful technology companies. Motherboard did share redacted screenshots with Instagram so it could see the sort of posts being shared by the hackers and provide a response.
Instagram has to deal with all sorts of offensive or illegal content on its platform. Internal Instagram documents previously obtained by Motherboard showed some of the company’s enforcement strategies and policies for combating such content.
“These are high intensity, prevalent abuse types that have led to PR fires on Instagram,” one of the documents for training moderators obtained by Motherboard reads, referring to terrorism and drug sales on its platform.
At the time of writing, all of the accounts Motherboard found selling stolen accounts or access to botnets are still online.