is more difficult to apply in the sense that it is all about belief and patience.
If you persuade someone to give his password to you or you see someone typing password without noticing your observation, you are a social engineer. But it is not easy nowadays as people are becoming conscious day by day. Now hackers use different skills and psychology to employ their social engineering skills. Let’s see some examples.
I have legally signed up a hacker account on Facebook and I have separate username and password from Facebook to research vulnerabilities. I often test Facebook vulnerabilities. Once I decided to employ social engineering skill.
I opened a fake account as a girl and made a very attractive profile. After some days I made it trustworthy by updating regularly. I had got more than 4000 friends within a month. Now my account was ready for research.
When message began to flood, I did not reply first. When someone messaged twice, I wrote, ‘’why to make friendship if there is no trust.’’ He said he could trust. Then I said, ‘’I ask seven questions, you should answer honestly.’’ He was ready to answer. I asked his password in the seventh question. He typed his password without thinking a second. I checked it and changed the password for five minutes and again reset his previous password, returned his account and informed him that it was a test.
Another idea is guessing password. This world does not lack lazy and careless people. These people set very common password. One day while chatting someone talked with me with vulgar words. I did not type vulgar words. Instead I thought he should be banned from Facebook. I tried to guess his password. First I tried 12345689. It was exactly his password. Then I changed his password and deleted his account. Later I reopened his account and returned it.
Next idea is to exploit Google’s integrated account. As all of you know that when you sign up any Google product like Gmail, the same email will be the email for other Google products like Blogger, Google+ etc. Once, someone messaged me to solve the problem of his Blogger’s webpage. He had sent his username and password for Blogger. In this case I could hack his Facebook any time I like. Because the same email and password is used for Gmail too. And you know we can easily reset password through email.
Another way to hack a Facebook account is to use security question of Facebook while resetting new password. I tried this method also while researching. The security question was the profession of the victim’s grandfather. As the victim was in Nepal, most of the people are farmer here. So I typed agriculture. It was right. And I could change the password. But I did hack it.
Previously Facebook password could be changed by choosing just some of the friends. Later Facebook modified it. Facebook allowed the user to choose three friends to send password. In this case, you can hack others if you can persuade three friends of victims to give the password.
Most of the security vulnerabilities mentioned above have been fixed by Facebook. Today I found Facebook requires identity issued by government to change the password.
Though Facebook is being stricter in security matter, it is universally known truth that hackers are always one step ahead in hacking. Because they are hackers. So the most effective measure to secure your account is be conscious. To be safe from the social engineer, you can do lots of things like enabling mobile security system to log in, choosing a reliable friend to reset password in case of lost, etc. If your account is hacked, you can get your account back by contacting Facebook team.
0 comments:
Post a Comment