Quote: "And imagine codingthe script"
Oh, I agree there. I'm not so good at scripting in other than batch scripting and a little bash (just getting my feet wet) so clearly a good scriptor. I agree s/he was pretty smart at figuring out all the right code and exploits too. So I'd agree s/he was very talented. Genius? I dunno, I'll take it under advisement since I'm not educated enough to grasp the nuances of the code.
Quote: "True, but it was actually an extremely convincing way of getting the user to run code on their computer."
There I got to dissagree. No matter how convincing something seems, it's not when you follow these rules:
1. If the source is untrustworthy (any social network, email or text message) and you cannot confirm it through legitimate channels.
2. If it asks you to login under abnormal circumstances.
3. If you are asked to follow a link.
4a. If you are asked to download and/or run any executable binary or code.
4b. If you cannot verify whether. the source code is malicious by examining it.
I live in a country where phishing is rife. My mother gets those emails all the time and thankfully deletes most but every now and then she asks me and when I tell her to delete it she asks me if I'm sure because recently she did xyz and maybe they blah blah blah. They'll phone you and provide authentication of who they are. Same for unsolicited emails. Same for downloaded apps (well, if I'm desperate, I'll sandbox them or run in a VM).
Basically my point is that people are sleepwalking. Security awareness is zero. I've already had the opportunity to get free internet three times but I'm actually surprisingly honest to people who aren't my enemies. Security is so lax that I find at least 75% of PCs I work on have Windows and Autoplay enabled. Out of frustration I added an autoplay file to my flashdrives to run a console app saying "This is how easily you could've been infected". It's funny how many people freak. I have an IT guy friend, too, and he also got malware recently because of "socially-engineered delivery". He downloaded a free app and it obscured the "install xzy too" checkbox where xzy was some sort of spyware. He wouldn't tell me the details as he was perhaps embarrassed since he kept saying it was no big deal (though he had to do a factory reinstall from the OEM partition). It's just because people have gotten too cocky since anti-virus apps provide "peace of mind" and even OSes like Windows-family now offer built-in security. So the attitude is a mixture of not bothering to read a little bit on security and over-confidence. I can bet you the victims of your hacker will blame FB and not their own stupidity.
You're a bad man!