Hacking

What is Browser Fingerprinting?

in Privacy
Browser Fingerprinting

Browser fingerprinting is yet another way through which your information is being collected online.

In this guide, you will learn about browser fingerprinting and how websites are using this practice.

What is Browser Fingerprinting?

A browser fingerprint is similar to the physical fingerprint used to identify an individual. It is unique in the sense that although the information collected may seem non-specific, there’s a less than a 0.005% chance that two users will have the same fingerprint.

It can identify a specific site user among a sea of other users as they go about conducting their business on the internet. Websites apply this information in tracking the online behavior of their users.

Browser fingerprint enables you to be traced around the web. It also makes it possible for you to be identified as the same user – whether you revisit previous sites or visit new ones that use fingerprinting.

How Does Browser Fingerprinting Work?

Most websites run scripts to collect information about a user. It can include your browser type and version, time zone, default language, active plugins, operating system, screen resolution, colour depth, the presence of an ad blocker and other active settings.

All this information, when brought together, form an organized profile that is the user’s browser fingerprint.

It is worthy of note that website cookies are very different from fingerprinting. While they are both able to follow you about the web, cookies can be turned off in the browser settings.

Conversely, fingerprinting works silently in the background and cannot be turned off.

You can’t even identify the scripts used for fingerprinting from those that help the website function. Cookies are also quite popular already on the internet. Websites that use them have to seek your permission to do so. Fingerprinting does not seek your consent.

Another difference is that you can clear cookies. But not fingerprints. Also, fingerprinting will happen whether or not cookies are turned on.

How Is It Used?

what is browser fingerprinting

Companies use this data to create avatars for their users. These avatars come complete with information such as the age bracket, interests, income and location of the user. They do this by analyzing the data obtained from the websites you visit.

Moreover, they can obtain records from your Google searches, social media platforms, and so on. That is how advertisers can then serve personalized ads to you across the internet.

Businesses also use browser fingerprinting for dynamic pricing. Dynamic pricing ensures a product is sold to people at different prices, depending on specific factors. Often, it depends on the perception that certain buyers have the capability and are willing to pay more for a product than others.

E-commerce stores, sites that use subscriptions, and travel sites make use of dynamic pricing.

Fingerprinting can serve security purposes as well. It can help identify and prevent online fraud, credit card fraud, and many more.

For instance, in a case where someone’s credit card has been stolen. The bank can quickly detect and halt all activity on that account. This is based on the fact that the location from which the real user accesses his account is different from the ones the fraudster is accessing it from.

Browser fingerprinting can also come in handy in detecting identity theft. The way an impersonator uses the user’s online account will be different from the way the real user uses it. It would leave a fingerprint that is different from the status quo, which could prove a theft.

What is Car Hacking And Can it Be Prevented?

in Hacking
Car Hacking

Modern car makers have been producing “smart cars” that use computers connected to the internet.

Electronic Control Units (ECUs) are on-board computers that use multiple networks and communication protocols – such as the Controller Area Network (CAN), Local Interconnect Network (LIN), and Media Oriented Systems Transport (MOST) – to communicate with each other. The presence of these components makes “smart cars” susceptible to remote car hacking by cybercriminals.

Learn about car hacking and how you can protect your car from it.

What is Car Hacking?

Car hacking is the exploitation and manipulation of vulnerabilities in a car’s electronic control unit to gain access into the car, gain control of some parts, or obtain user information.

This issue garnered a lot of attention in 2015 when security researchers, Charlie Miller and Chris Valasek using just a laptop from a house 10 miles away, remotely hacked a Jeep Cherokee driving on the streets of St. Louis.

The driver, a journalist named Andy Greenberg was in on the experiment but had no idea what to expect. By exploiting susceptibilities in Uconnect, the internet-connected system in Fiat Chrysler vehicles that allows owners to control the vehicle’s navigation and entertainment system, sync media, make phone calls, and remotely lock the car, Miller and Valasek took control of the vehicle’s air conditioning, windshield wipers, steering, and brakes.

They were able to cause a brake failure that sent the Jeep crashing into a ditch. This incident caused Fiat Chrysler to issue a quick recall of 1.4 million vehicles in the first and only cybersecurity-related vehicle recall to date.

Is It Happening Already?

It has been predicted that by 2022, 125 million cars will be connected to the internet. The reality of this slaps harder when you think about how much chaos can be unleashed in the world if car hackers became mainstream.

From stealing cars by hacking keyless wireless fobs to tracking them by compromising GPS tracking software, car hackers are already making their moves.

According to an Israeli firm, Upstream, there were 176 electronic cyberattacks aimed at vehicles in 2019. That’s a 123% increase from the 78 attacks in 2018. Toyota also announced a breach in some of its vehicles that exposed the personal information of 3.1 million users of the brand in 2019.

Can Car Hacking Be Prevented?

what is car hacking

While the idea of someone with a malicious intent remotely gaining access to your vehicle may seem scary, you’re not entirely powerless in preventing this from occurring.

Much of the power lies in the hands of car manufacturers to build models of cars with fewer vulnerabilities. However, as a car owner, you can protect your vehicle by following these highly recommended tips.

Safeguard Your Wireless Car Fobs

Most of the hacks that have occurred involved unauthorized persons gaining access into vehicles via wireless car fobs. Wireless car fobs allow you to unlock your car doors without needing a key.

If the fob is nearby, and you try the door handle of your car, the car sends a signal to the fob which then instructs the car door to open. When it is not nearby, the signal won’t be strong enough and the car handle won’t respond. But if a hacker knows where you keep your fob, he can trick your car into thinking it is nearby. The hacker would simply amplify the signal, then an accomplice close to the car would gain access. All they need to do is get in the range of the fob.

Hackers can surreptitiously stand close to car doors and manipulate the fob. That is because most people keep their fobs in easily predictable and accessible places. This is why it is advised that you keep your fob in your refrigerator. And you could also use a Faraday bag. It blocks the signal so criminals won’t be able to gain access to it.

Always Reset Password for Your GPS

Always change the password of your car’s GPS tracking system from the default password.

A hacker was reportedly able to switch off the engines of vehicles driving under 12mph. They only had to guess the usernames of the vehicle’s iTrack or ProTrack accounts and input the default password. This stresses the importance of using a secure password that cannot be guessed easily.

Update Your Car Software Regularly

Always update your car software as soon as you get an update. Older software usually have bugs and flaws that are often absent in the new one which reduces your car defences against hackers.

Put off the WiFi and Bluetooth of your car when it’s not in use. The car’s internet connection is often one of its biggest vulnerabilities.

The Ashley Madison Hack: What Exactly Happened?

in Features
Ashley Madison Hack

Ashley Madison, a dating service that caters to married people or people in relationships seeking an affair, suffered a major security breach in August 2015. Impact Team – a hacker group – leaked personal details such as names, email addresses, credit card information, and sexual fantasies of about 30 million users of the service. The Ashley Madison hack was a historic data breach.

Learn about the Ashely Madison data leak and the controversies that followed.

How Did the Ashley Madison Hack Happen?

Founded in 2008, Ashley Madison runs a widely popular web service with the unashamed intention of helping married people have extramarital affairs. “Life is short. Have an affair.” is the company’s catchphrase.

In July 2015, hackers threatened to release company data including sensitive customer information. The hackers gave an ultimatum to Avid Life Media, the parent company, to permanently shut down Ashley Madison and Established Men – a sister hook-up site that linked young ladies to older successful men – within 30 days. 

The hackers accused ALM of promoting extramarital affairs and prostitution. Impact Team called out the company out for not keeping its promise to delete user data from their website after users paid the required fee of $19. The data included site usage history and personal identifying information.

To drive their point home, the Impact Team published a file containing some of the company’s financial information, including employee salaries and profile details of two customers of the site. 

The First Major Leak

On August 18, after the 30-day ultimatum had elapsed and the websites were still running, the hackers posted “Time’s up” on the dark web together with a BitTorrent tracker file cryptographically signed with a PGP key. 

The tracker file was actually a compressed 10 GB file that contained usernames, passwords, home and email addresses, height, weight, sexual fantasies, the last four digits of credit card numbers and even GPS coordinates of millions of users as well as passwords for the site’s Windows domain, and PayPal account details of executives of the company.

The Second Major Leak

The second dump was on August 20, two days after the first. This data dump was quite different from the first in that it mostly contained the company’s internal Data, including a 19GB file of ALM’s CEO Noel Biderman’s emails, and Ashley Madison’s website source code. 

The Third Major Leak

The Impact Team served a third-round of dumps. The leaked data included a list of government emails used to create user profiles, mailing addresses, IP addresses, the total amount spent on on-site purchases, and signup dates. 

Authenticity of Leaked Data 

Ashley Madison

The authenticity of some of the leaked data is still in contention. Accounts were often created without the consent of the real email address owners (sometimes as a prank). The site required the real owner of the account to pay $19 to permanently delete their profile. But they never deleted user data.

Cybersecurity experts noted that just because an email address was in the data leak didn’t mean the legitimate owner created a profile.

For instance, one of the email addresses appeared to have belonged to Tony Blair, a former UK prime minister. However, experts proved that the majority of the leaked data was authentic. Brian Krebs, a popular security expert, confirmed that lots of Ashley Madison account holders agreed.

The Aftermath of the Ashley Madison Hack

cybersecurity

Avid Life Media released a statement condemning the hack. They called it an act of criminality. CEO Noel Biderman had to step down from his executive position, an action he claimed to have taken in the best interest of the company. 

Subsequently, the company offered rewards for information about the hackers. The Police in Toronto also showed commitment to finding the culprits. The company together with the Canadian Police and US FBI worked to investigate the attack and arrest the perpetrators. A $500,000 bounty was offered for information on the Impact Team but no arrests have been made to date.

Canadian law firms Charney Lawyers and Sutts and Strosberg LLP filed a $567 million class-action lawsuit against ALM. The suit was on behalf of all Canadians citing the 30 million users whose information were published. They included the users who paid Ashley Madison’s permanent-delete fee but did not have their information erased in the suit as well. Ruby Corp (rebranded Avid Media) announced $11.2 million to settle the lawsuit.

Fallout of the Hack

Ashley Madison leak

Users with leaked information were targetted after the cyberattack. Josh Duggar, a reality TV star and Christian YouTube Sam Radar were among those that suffered public disgrace.

Numerous search websites popped up that allowed people to search for the emails of their colleagues or spouses. Some individuals and companies blackmailed users. Others received extortion emails requesting for bitcoin.

Customers of the website also suffered great psychological consequences resulting from the hack. Having to deal with an affair publicly hurt the victims as well as their spouses and children. A good number of those affected sank into depression and anxiety. Tragically, two suicides were traced to the hack, one of a pastor and professor at the New Orleans Baptist Theological Seminary. 

Security 

Security researchers revealed poor security practices in Ashley Madison source code. It had hardcoded security credentials such as database passwords, API secrets, and SSL private keys. The online service also didn’t use email verifications to filter bots and prevent people from opening multiple fake accounts. 

The only things they seemed to get right was not storing full credit card numbers on their servers. They made use of Bcrypt, a strong password-hashing function to hash customers passwords rather than leave them in plaintext. 

The hack arguably made people more conscious of their data privacy and holding companies accountable.

How Do You Know If Someone Is Watching You Through Your Phone?

in Hacking/Privacy
how do you know if someone is watching you through your phone

The unfortunate reality is that your phone camera can be accessed and switched on without your consent. How do you know if someone is watching you through your phone? Find out in this article!

How Do I Know If Someone Is Watching?

It is not easy finding out if someone can see you through your phone camera. The methods used to hack your phone to install spyware are not easily discovered. It takes specialized software applications to detect spyware on devices.

However, there are a few things you should look out for.

1. Your Camera Is Acting Weird

If, for some reason, your camera is acting out of the ordinary, that may be a red flag.  

Things that show your camera has been compromised include sudden photographs in your camera app you did not take yourself. Further, your camera app appears in recent apps even though you have not opened it.

The camera is very sensitive since it works hand-in-hand with built-in microphones and speakers on your phone. Access to your camera by hackers makes it easier for someone to watch you through your phone.

2. Strange Files

can someone see you through your phone camera

Beyond identifying unexpected videos and images among the files on your phone, other strange files signify a compromise. If you see files with unusual extensions you did not install yourself, you should be alert.

You should always check out for files you did not create since hackers need to install software on your device to make their work easier. 

For instance, an app on the ethical hacking platform Kali, called Metasploit, uses Adobe Reader 9 (a very popular document reader) to gain access to devices. 

The hackers behind the program found a way to exploit file installation loopholes to have remote access to devices. 

Hackers can use this method to steal documents, photos, and videos, and upload incriminating content to your device. Always delete strange files as soon as you identify them on your phone.

3. Apps Running in the Background

In some cases, malware is attached to regular looking applications. 

This has happened more frequently on Android devices as bad actors have managed to slip bad applications into the Google Play Store. Also, don’t download apps from unsecured or random websites.

When you identify apps running in the background for no reason, it might be a sign that someone is watching you through your phone.

Apps in the background are also characterized by sluggish device performance, high data usage, mysterious pop-ups, and a decrease in battery life.

Now that you have identified what to look out for, the next step will be what to do to prevent someone from watching you through your phone. 

How to Prevent Someone From Watching You

someone is watching you through your phone

The best solution to preventing phone spies will be to stay away from all applications you are not sure of. However, you cannot be too careful since these attacks evolve frequently.

Here are some ways you can prevent someone from watching you through your phone.

Scan Frequently

It is best practice to scan your device regularly to check for potential compromise or unknown software. For things like this, a manual scan will not be enough.

You will need specialized software like antivirus applications to detect spyware. You should also note that some applications that claim to be antivirus software are spyware themselves. Only use apps that have been reviewed and verified by industry experts.

Check App Permissions Frequently

App permissions have been prioritized by the most popular mobile operating systems, Android, and iOS. These permissions are displayed before you download the app or right before the app is about to use it.

Sometimes app permissions that have been granted in the past are used by applications to track you through your phone. Permissions like access to the camera and location can be used in the background by apps for tracking.

To prevent this, you should reduce permissions granted to apps you do not use frequently. Also, you can disable permissions for apps when you are not actively using them.

In conclusion, it will be very difficult for hackers to gain access to your device if you take your cybersecurity seriously. In the event that the unfortunate happens, being alert will help you detect any changes on your phone. 

Finally, putting small stickers on your phone’s camera lenses is a simple and cheap way to prevent anyone from looking at you through your phone’s camera.

OnlyFans Hack: Did the Popular New Platform Get Compromised?

in Hacking
OnlyFans

OnlyFans has become one of the most popular sources of adult content, and just like other sites in the space, it might have suffered a breach. The reported OnlyFans hack is not close to other major adult site hacks like Ashley Madison or WifeLovers. However, it entrenches the narrative that these sites are major targets for hackers and need to work on their security.

In this article, we look into the OnlyFans hack claims and what that means for users.

Did OnlyFans Get Hacked?

In February this year, over 1.6 terabytes of content from OnlyFans appeared online from what looked like a hack. The majority of the content came from female pornographic content creators.

Journalist Vonny LeClerc was first to mention the issue. LeClerc, in a now-deleted tweet, pointed to a link where people could view the stolen data.

Head of marketing at OnlyFans, Steve Pym, responded to Vonny LeClerc’s tweet to explain the situation:

“We have investigated claims of a site wide hack and found no evidence of any breach of our systems,” he said. “The content contained in the supposed ‘leak’ seems to be curated from multiple sources, including other social media applications.”

The leak includes several videos and images from OnlyFans specific creators.

OnlyFans has become the new heaven for online adult content creators. It allows influencers, models, artists, and even ordinary people to share content for pay. It rose to prominence after similar platforms stopped operating due to the FOSTA federal bill.

The OnlyFans hack or leak will affect the revenue of creators. Several victims rely on their exclusive OnlyFans content as their significant revenue stream. Unfortunately, the premium content that was exclusive to OnlyFans is now available for free.

A couple of Twitter users attempted to profit from the OnlyFans leak by selling the stolen content at a discount. Further, Twitter was quick to suspend such accounts to prevent further damage.

Is OnlyFans Free Of Blame?

Other reports also claim the leak included up to four terabytes of content with the username of creators attached. To clarify, it seems to be a collection of content from OnlyFans content creators across several platforms into one large free file.

OnlyFans’ claim that it was not breached may be valid. Regardless, it shows that there are vulnerabilities with the distribution methods of the platform. Sites that sell video and images usually make it hard for these media to be downloaded. Some platforms make it impossible for you to take screenshots or screen record.

At the time of the leak, OnlyFans did not have these strong measures in place to protect content on the site.

OnlyFans sent notices to platforms where the stolen content was being hosted to take it down. What’s more, OnlyFans is providing support to victims of the leak.

Top 5 Dark Web Hacker Forums

in Hacking
hacker forums

Hacker forums are among the most active communities in the underground market. You can hire a hacker to undertake a penetration test or pay someone to hijack a social media account for you. Additionally, dark web hacking forums are a place to discuss a variety of hacker-related topics anonymously.

In this guide, we will share a list of hacker forums that you can find on the dark web.

Diving into Hacking Forums

hacking forums

According to investigations published by security firms and cybersecurity experts, the number of hacking communities on the dark web is on the rise.

Most of the hacking forums are closed to the public and one must request an invitation to join. Also, the majority of these groups focus their discussions on specific topics and practices, such as DDOS attacks, social media hacks, data theft, etc.

However, not all hacker forums are a hotbed of criminal activity as often depicted in the media. Some hacker communities work for social causes like highlighting oppressive governments or providing censorship-free platforms for citizens.

Torum

Torum claims to be a non-profit cybersecurity forum that was launched in 2017. The hacker forum has a self-governing structure that confers authority and privileges based on seniority, with new members having to share a minimum of 10 posts to unlock key features.

The forum’s three main sections include:

  • Beginner
  • General, and
  • Main

New users have to post at least three times in the beginner’s lounge section to post in other sections. The general section is for public announcements or to spark new marketplace discussions about topics such as carding, vendors and dark web marketplaces. Users can also post challenges and puzzles in this section as well as create CTF/hacking teams and share training videos.

The main section contains the majority of the educational and informative posts with popular threads covering topics such as cryptography/malware, denial of service, social engineering, website pentesting, etc.

http://torum43tajnrxritn4iumy75giwb5yfw6cjq2czjikhtcac67tfif2yd.onion/index.php?sid=dd899d947f96f6d5ddca67c7b5b19f62

BHF

BHF is a dark web hacker forum that boasts over 200,000 members. The site allows you to access the platform without registering including the threads and messages. However, if you need to reply or access any protected messages, you will have to sign up. The forum is mostly in Russian so you either need to be using Google Chrome or any other browser with an auto-translate feature.

The forum shows an impressive level of traffic even by popular dark web standards. Discussion threads are updated on an almost real-time basis, with some topics attracting over 100,000 responses. Certainly, a prime attraction to the forum is its ‘contests.’ The contests include competitions and giveaways such as bitcoin prizes, VPN accounts, and other items.

The forum provides users with programs related to Hash, SQL, Checkers, Proxy, Bruteforcers just to name a few. Furthermore, the BHL marketplace facilitates the purchase of leaked databases, user passwords, accounts, codes and even trading of cryptocurrencies. If you are looking for digital marketing tips and tools you can access them on the ‘WebMasters’ section.

https://bhf.io/

0Day

0Day is one of the more advanced hacker forums that also doubles up as a marketplace. Forum members can browse the forum without registration though you will have to load funds in order to trade on the platform.

You can purchase/test exploits from categories such as private, remote exploits, local exploits, web applications, dos/poc, and shellcode. In addition, you can follow the review in the comment section of each exploit and share your feedback with other members.

http://mvfjfugdwgc5uwho.onion/

HackerPlace

Hackerplace is a deep web hacker forum that acts like an online directory, listing various hacking and programming related materials.

You will not only find discussions, but can also access marketplaces, search engines, and other services. You can browse and select a thread about hacking books to access up to 100 cybersecurity and hacker titles.

http://hackerw6dcplg3ej.onion/?c=home

Hack Forums

Hack Forums is a hacker forum on the clearnet that you can access without a Tor browser. The site claims to have over half a million users which would make it one of the largest hacker communities online. In order to access any of the threads, registration is mandatory.

While not your typical dark web hacker forum if you consider its stringent registration procedures, the site is not without its merits. To begin with, users can access a number of security and hacking tools for free. This includes BIP39. Epoch Converter, Base64 Encoder/Decoder, Hash Encryption and many more. You can browse and share posts about basic and advanced hacking, website hacking, as well as access hacking tutorials.

Interestingly, the forum strives to remain on the right side of the law and, therefore, restricts the sharing of any personally identifiable information. Also, the forum logs, monitors, and shares IP addresses and other private details with law enforcement agencies. While useful if you are looking for information the forum is not anonymous, unlike its .onion counterparts.

https://hackforums.net/index.php

Having said that, all the hacker forums listed are a rich source of information and a platform to connect with fellow hackers on the dark web.

Top 3 Dark Web Podcasts in 2020

in Dark Web
Dark Web Podcasts

The dark web can be very confusing. There is a lot of jargon and misinformation that makes it hard to separate the wheat from the chaff. However, all hope is not lost. Besides the numerous online communities, there are also dark web podcasts that can help you learn more about the deep web, dark web, and darknet.

In this article, we introduce you to our top three favorite dark web podcasts that you can listen to in 2020.

Darknet Diaries

darknet diaries

Darknet Diaries is a podcast that was started in 2017 by Jack Rhysider. This podcast is dedicated to “covering true stories from the dark side of the Internet. Stories about hackers, defenders, threats, malware, botnets, breaches, and privacy.”

While Jack wanted for such a podcast to exist, he found out that there was none. That drove him to create the Darknet Diaries. The first episode for Darkent Diaries was aired in October 2017. For the most part, Jack worked alone on the first 40 episodes.

After the 40th episode, Jack got additional researchers, editors, writers and graphic designers to help with the work. Besides the Darknet Diaries, Jack also runs a tech and podcasting blog and has also appeared on several podcasts. Since its establishment, Darknet Diaries has produced over 60 episodes.

Cyber Talk Radio

Cyber Talk Radio

Cyber Talk Radio is another great darknet podcast that you can listen to. Brett Piatt is the host while James Woodward and Juan Diaz both work as producers for the podcast. The show is sponsored by Jungle Disk, LLC, which is a cybersecurity suite designed for small businesses. Bret, James, and Juan all work for Jungle Disk, LLC.

Cyber Talk Radio is a weekly podcast that focuses on computer security and the Internet. Their tagline is “From the dark web to your radio dial.”

With over 150 episodes under its belt, this show has also hosted guests for various episodes. With the guests, Brett has been able to host expert interviews on matters of cybersecurity.

The Dark Web Vlogs

Dark Web Vlogs

The Dark Web Vlogs is another exciting and thrilling deep web podcast. The podcast is hosted by an ex-CIA agent known as The Ghost. Today, The Ghost works as an Independent Operative focusing on mysterious and unbelievable cases. The host responds to requests to assist in some of the most bizarre cases that exist in the world. Individuals who reach out to the host do so because they cannot get help elsewhere or it is just not possible. In her podcast, she talks about these requests and how she helps the individuals. To ensure complete privacy, she does not use the real names of the people who reach out to her. The Ghost does her podcasts in the form of stories where she narrates the requests and the events that unfold once she accepts a request.

According to The Ghost, “These jobs are outrageous, mysterious, and unbelievable, from reaching out to other dimensions and worlds to other beings, as well as the paranormal, CERN, The Vatican, humanoid robots, and inner earth. Lizard People, Giants, Aliens and more.”

If you are looking for a thrilling podcast to listen to, The Dark Web Vlogs is a great place to start!

If you want to learn more about the dark web, you can read our article on the best dark web books or just keep browsing the Dark Web Journal.

What the Fappening 2.0 Can Teach Us About Personal Cybersecurity

in Hacking
the Fappening

A major hack that led to the release of intimate photos of celebrities resurfaced again in 2017 dubbed the Fappening 2.0.

In this article, we look at the event and what it can teach us about personal cybersecurity.

What is the Fappening 2.0?

In 2014, a major leak occurred that included several intimate photographs of celebrities and other known people. The unfortunate event repeated itself in 2017, leaking private photos of hundreds of celebrities.

Fappening 2.0, also known as Celebgate 2.0, started with the circulation of private photos of Emma Watson and Amanda Seyfried on the dark web. Later, these images found their way to 4Chan and then to Reddit. According to a report by Softpedia, the Fappening 2.0 affected several dozen other celebrities.

Rose McGowan (actress), Paige (WWE star), Katie Cassidy (actress), Alyssa Arce (model), Rhona Mitra (actress), Analeigh Tipton (figure skater & actress), Kristanna Loken (actress), April Love Geary (model), Iliza Shlesinger (comedian), and Lili Simmons (actress) were among the victims.

Just like the first Fappening event, these images were stolen by targeting cloud accounts containing pictures of these celebrities. 

One of the hackers arrested concerning Fappening 1.0, Edward Majerczyk, revealed the method through which he obtained these pictures. According to Majerczyk, he sent phishing emails to his victims that appeared to be security messages from Internet Service Providers.

The Department of Justice reported that “Majerczyk accessed at least 300 accounts, and at least 30 accounts belonging to celebrities” from November 2013 to August 2014.

Anyone could be in this situation due to the general lack of security consciousness among internet users.

The rest of this article looks at measures we can take to avoid being victims of hackers.

What the Fappening Can Teach You About Cybersecurity

the fappening 2.0

People use the internet for several things, and one of them is to share private information like photos. However, sending private information across the internet is risky without the appropriate protection.

When you share information, the protection of the data depends on the parties you share them with. This is very true for private content usually shared among couples. Your other half is required to protect the data as much as you do to prevent loopholes that can be exploited by bad actors.

One of the effective ways to ensure security on both ends is to use applications that exist for the private exchange of information.

Chat applications like Signal and Telegram (secret chat feature) provide better security for intimate conversations.

Signal

Signal is a privacy-centric messaging app that uses end-to-end encryption by default. Moreover, Signal doesn’t store any message metadata or use the cloud to backup messages like What’s App.

Using this application for general chats, especially private chats, is a better option than using most apps. For instance, the European Commission asked staff to move all instant communication to Signal in February 2020.

Telegram Secret Chats

Telegram’s secret chat is popular among young people for intimate conversations. This feature is different from regular chats and requires you to start a new “secret chat” conversation with people to use it.

Secret chat uses end-to-end encryption by default and leaves no trace on Telegram servers. Also, you can’t message forwarding from secret chats, and you are informed of any screenshots or screen recordings done by the other party.

More Steps to Protect Your Privacy

Beyond using private chat platforms, there are other steps to take to ensure that your private data is protected.

Avoid Auto Backup of Photos on Cloud

Do not backup intimate photos on the cloud. In most cases, you do not intentionally save these photos or videos to the cloud as back up to cloud storage is mostly automatic.

To avoid saving unwanted photos to your cloud storage, disable automatic backups, or frequently check your cloud storage application to remove unwanted images permanently.

Use Strong Passwords

Always us strong passwords set for your personal accounts like email and social networks.

A strong password can not be guessed easily based on your personal information. Also, avoid using the same password for all accounts on the internet.

Additionally, a second layer of security makes it more difficult for hackers to access your accounts. Two-factor authentication (2FA) and security device keys are excellent tools to protect your most important accounts.

Don’t Fall for Phishing Emails

It is unlikely that you have not yet received phishing emails given their prevalency today. Most are easy to recognize as they are obviously not from a real service provider. However, hackers are getting more and more sophisticated.

To ensure you don’t fall for a phishing email, avoid clicking on links in emails and do not download attachments. Unless you are expecting an email from service provider, it is better to access the platforms directly. And not through links in an email.

The Bottom Line

The burden to keep yourself safe on the internet starts with you. Something like the Fappening could happen to you too if you fail to take personal cybersecurity seriously.

If you decide to keep private information online, make sure you take the neccessary steps to ensure that bad actors can’t access it.

More importantly, if you want to be sure that private pictures cannot leak online, you simply shouldn’t take any.

You should also read our article on the Top 5 Privacy Tools You Can Use To Protect Yourself Online.

Top 10 Hacking Tools, Apps, And Software You Should Know (And Probably Fear)

in Hacking
hacking tools

In this article, we discuss some of the most known hacking tools, apps, and software to make you aware of some of the most pressing cyber threats out there.

John the Ripper

John the Ripper also referred to by its initials JTR, is one of the most well-known password crackers. This hacking software can crack even the most complex passwords out there. It’s an excellent security tool to use to test password strength in your operating system. This password cracking tool mainly performs dictionary attacks. It takes text string samples from a text file that contains complex and popular words that can be found in a dictionary or from real passwords that have been cracked before. It encrypts them in a similar manner as the password that’s being cracked and compares the results to the encrypted string.

Although it’s an ethical hacking tool, John the Ripper can be used to decipher algorithms and passwords such as Kerberos AFS, Hash Lan Manager, DES, MD5, Blowfish, and MySQL, among others. In addition, it’s an open-source, multi-platform tool available for Android, Mac, Windows, and Linux. 

AndroRAT

One of the most commonly used hacking apps for Android is AndroRAT. AndroRAT is an abbreviation of Android and RAT, which stands for Remote Access Tool. This tool enables hackers to remotely control almost everything on an infected device, such as call logs, contacts, and even locations via Network/GPS.

In addition, a hacker can also open a URL on the device’s default browser, take a picture, stream videos, and sound from the microphone or any other source. They can also place a call or send a text message.

Elcomsoft Phone Password Breaker

Elcomsoft Phone Password Breaker is one of the most dangerous hacking tools for iOS. In fact, most government organizations use this tool. The tool was initially designed to help extract scientific information. However, its ability to copy any targeted gadget remotely transformed it into one of the most famous iOS hacking apps. It’s for this reason that the Elcomsoft Phone Password Breaker is more of a hacking gadget than it is a programming tool.

With this tool, you can break passwords on an iPhone, decrypt iOS backups using GPU acceleration as well as iCloud Keychain, and files from the iCloud. In addition, this tool can download iCloud backups, sync data with or without an Apple ID password or get data from Microsoft accounts.

Metasploit

Metasploit is an open-source project for pen-testing. It’s one of the most popular hacking tools available today. The Metasploit hacking software can be described as a collection of hacking tools and frameworks that can be used to carry out different tasks. In fact, Metasploit is a must-learn tool for anyone that wants to become a penetration tester.

This software provides users with vital information with reference to known security vulnerabilities and aids in IDS testing strategies, plans, methodologies and the formulation of penetration testing for exploitation. There are three different versions of the Metasploit software:

  • Pro – suitable for IT security teams and penetration testing
  • Community – ideal for infosec students and small companies
  • Framework – excellent for security researchers and app developers 

Metasploit also supports different operating systems such as  Mac OS X, Linux, and Windows.

NMAP

hacking apps

Network Mapper, simply known as NMAP, is one of the most popular open-source hacking tools. It is mainly used for security auditing and network discovery. Thousands of system admins globally use it to monitor service uptime or host as well as manage service upgrade schedules.

As a tool, NMAP creatively uses raw IP packets to discover which hosts are present on the network, the kind of services the hosts are providing information on, the operating systems as well as the type and version of packet firewalls/filters that the target is using. With NMAP, the admin user can determine whether the associated nodes and network need patching. Also worth mentioning is that the NMAP tool has been featured in almost every hacker movie

Wireshark

Wireshark is free open-source hacking software that lets you analyze your network traffic in real-time. It has a sniffing technology that allows it to detect any network security problems. It’s also effective for solving common network problems.

Wireshark uses its sniffing technology to capture packets of data in the network in real-time and then display them in a human-readable format. This way, it becomes easier to identify any potential problems such as threats, low latency, and vulnerabilities.

THC Hydra

THC Hydra is another software that works in a similar manner to John the Ripper. It’s a very popular password cracker and has a very experienced and active development team behind it.

THC Hydra is a stable and fast network login hacking tool that uses brute-force or dictionary attacks to try different types of login combinations and passwords against any login page. It also supports several sets of protocols such as Mail (IMAP, POP3, etc), LDAP, VNC, SSH, SMB, and Databases. 

SN1PER

Sn1per is a well-known scanner for investigating vulnerabilities. It can easily be loaded into Kali Linux and has a free and paid version. This hacking app is perfect for scanning for vulnerabilities as well as for enumerations.

While Sn1per is an excellent application for ethical hackers who can find vulnerabilities on their servers or networks, black hat hackers can also use it for unsavory purposes.

Cain and Abel Hacking Tool

Cain and Abel (also referred to as Cain) is a very popular hacking tool. It was designed to operate as a password recovery tool for Microsoft Windows. However, off-label, black hat hackers can use it to crack different types of passwords by cracking password hashes or using network packet sniffing.

When used to crack passwords, this tool can use methods such as rainbow table attacks, brute-force attacks, dictionary attacks or cryptanalysis attacks. 

IronWASP

IronWASP is an excellent hacking tool for anyone that is keen on learning and performing ethical hacking. Similar to other tools we’ve mentioned in this list, IronWASP is open source and multi-platform. You can use it to audit public applications and web servers.

What makes this hacking tool appealing is that one doesn’t need to be an expert to use its main features. It’s entirely GUI-based and full scans can be done by just a few clicks.

If these hacking tools have sparked your curiosity about ethical hacking, check out our guide on how to become a hacker.

Is Hacking Illegal? Yes and No!

in Hacking
Is Hacking Illegal

“Is hacking illegal?” People often ask this question when they hear about hacking since it is mostly seen as a negative action.

In this article, we explore the legal implications of hacking based on global legal principles. The first thing everyone will want to know is, is hacking illegal? The answer is yes and no.

The answer is both affirmative and negative depending on the kind of hacking activity in question. Hacking is a very broad area that includes several activities that are either legal or illegal.

Hacking for research purposes, to find a bug or test the strength of a network with permission have no legal implications. On the other hand, hacking as part of organized crime or for political purposes will usually incur legal punishment.

Black vs White Hat Hackers

is hacking illegal

When looking at the legality of hacking, the two main divisions of hackers come to mind: black and white hat hackers.

Black hat hackers are individuals or groups that disregard ethics. They gain unauthorized access to computer systems and use it for financial gain and malicious intents.

Acts like hacking a company or a person without their permission are viewed as an offense under the Computer Misuse Act 1990 in the United Kingdom and the General Data Protection Regulation by the EU. 

A classic example of a black hat hacker who got into trouble with law enforcement for his actions is, Daniel Kaye. Kaye attacked a Liberian phone operator in October 2015, causing the nation’s internet to go down. The British hacker is now serving a three-year term in prison as a result of his actions. 

White hat hackers are on the good side of the law. They respect ethics and the global view of what is right. Due to this, their actions support organizations in making the security of their computer systems more robust. 

Nevertheless, white hat hackers can still get into trouble with the law. In 2017, an 18-year old ethical hacker was arrested after he had discovered a bug and reported it to authorities. 

In the middle of black and white hat hackers are grey hat hackers who do not believe in ethics but usually hack with good intentions. Hackers that fall in this category stand a higher risk of facing legal repercussions than white hat hackers. 

Punishment For Hacking

The punishment for crimes related to hacking differs depending on the severity and the extent of the violation.

In the US, obtaining national security information will put you behind bars for ten years while trafficking in passwords will land you a one-year jail term for your first conviction.

To conclude, hacking is illegal when a computer system or information is being accessed without permission. With written permission of the owner of a computer system, (white hat) hacking is generally legal. However, the exact legal framework surrounding hacking differs from jurisdiction to jurisdiction.

Go to Top