In this article I’m going to describe the client sided techniques that are generally used by hackers to hack into Facebook, Twitter or Gmail accounts. The methods/techniques that I’m going to discuss today will be just an overview, but I promise that I’ll be posting the tutorials on ‘how to perform the attack’ in my upcoming articles. But for now, I’d expect you to understand the basics and get to know how hacking Facebook accounts works in real world scenario.
Below are the most common client sided attacks used by hackers to hack into social media accounts!
Method 1: Phishing
It is the most common method used by attackers to get control over your social identity profiles and accounts. This is a basic attack where the attackers create a fake page that looks similar to Facebook’s login page and the link is sent to the victim. Once the victim tries to log in to his account on that page the credentials are stored or sent to attacker and the victim is redirected to a different page. This way the attacker takes control over the victim’s social identity leaving the user helpless!
Follow the tutorials below to learn how to perform phishing attacks.
Method 2: Tabnabbing
The term ‘tabnabbing’ was coined by Aza Raskin, security researcher in the year 2010. This is a new type of phishing attack that’s getting popular these days. In this attack the webpage in the victim’s inactive tab is redirected to new page where the attacker is monitoring the user’s activity and hence finally ends up with the victim’s login credentials. I’m going to come up with a tutorial on tabnabbing soon in my upcoming articles.
Method 3: Cookie stealing/Session Hijacking
To understand what an attack such as session hijacking is, let us consider a scenario, where a user has just logged in to his Facebook account and after some time the user has directly closed the web browser without logging out of his Facebook account. Now, if the user opens up the browser again and types ‘facebook.com’ in the address bar, he/she will be directly served with his Facebook’s home page but not the login page that is generally served (provided, ‘delete the cookies while closing’ option is disabled, which is by default disabled). So the question here is, how the second time when you opened ‘facebook.com’ do the Facebook server recognized that particular profile belongs to your computer? The answer is, with the help of cookies that are stored in your system’s browser. Therefore, a cookie is a piece of text that is stored in your computer’s browser corresponding to a particular web server.
Getting into the attack methodology, all an attacker has to do now is, steal the victim’s cookie in his browser. Once the attacker obtains the victim’s cookie, he may edit his own cookie by replacing with the victim’s cookie. Now, when the attacker navigates to ‘facebook.com’ he is automatically served with the victim’s homepage without even asking username and password of the victim’s account. This is how by cookie stealing an attacker can take control over the victim’s Facebook account. But the limitation here is, cookies have an expiry date after which you need to login again with user credentials.
Method 4: Fake mail
This type of attack is done by script kiddies who are very new to hacking and basically rely on tools for hacking/cracking. Generally a fake mail is just an email asking for the user credentials which is sent to victim. If the victim is a laymen then he might easily fall for this trick but these kind of attacks fail 9 out of 10 times!
Method 5: Keyloggers
An attacker installs a Keylogger on victim’s computer which records the keys pressed on the keyboard. The keys recorded are made into logs which are either sent remotely to the attacker or stored on the victim’s machine without his knowledge and later when the attacker can have a physical access to the computer may acquire the logs. This type of attack works efficiently only when the attacker have a physical access to the victim’s machine.
Method 6: Trojans
Using Trojans to get access into victim’s machine is one of the most common methods how hackers gain credentials and complete access over the victim’s computer. Trojan is a type of malware, or you may call it a malware, which when installed on victim’s PC it starts listening at a particular port number. Further, when an attacker wants to access the infected machine, he simple connects back to the port number where the Trojan is listening. Once the attacker has established a connection with the infected system he will have complete access to the system and monitor the PC remotely without letting the user know about it.
Method 7: Stealers
These kind of attacks have become very rare now a days because it requires physical access to the victim’s machine and also due to the increased security by anti-virus programs. In this type of attack the attacker plants a stealer in an USB drive and plugs it into the victim’s machine. The stealer program on the USB drive automatically extracts the saved passwords in your browsers and starts creating logs in your USB stick. It works real quickly, therefore, just by plugging in your USB and removing it would possibly get the user credentials.
Method 8: Evil Twin attack
This is an advance attack methodology used by professional attackers to eavesdrop on data that is being transmitted over the wireless network. Here, an attacker creates a rogue access point where the attacker is monitoring the data that is being transmitted and hence can also modify the data that is being transmitted across the network. This type of attack can also be known as ‘man in the middle’ (MITM) attack. This is a typical client sided attack will enable us to intrude all the traffic that is sent and received across the network.
Method 9: Mobile spying
Mobiles, these days have become as common as water on earth. Almost everyone now-a-days use internet over mobile phones to use Facebook and this has caught the attention of attackers. There are a lot of tools coming up these days that are used to spy on mobile phones. You can make one custom mobile application for yourself too, if you are good at programming. These type of applications work similar to the monitoring software and constantly sends you the logs through an internet connection.
Method 10: Social Engineering
A non-technical and an effective approach of getting the user information such as bank account numbers, answers for the security questions or even passwords. If this type of attack is performed in an efficient manner, then a lot of sensitive information could be compromised. This type of attack is generally performed over a phone call with a false identity to again the information. In a scenario such as online shopping, suppose, the victim has just surfed an ecommerce website and have ordered some items. An attacker knowing about this can easily trick the victim to know his credit card details by simply calling the victim and asking a reconfirmation of the credit card details provided. Now we all know how this scenario is going to end like…
Finally we are done discussing the most common methods used by crackers/attackers to hack a Facebook or any other social media account. These attack methodologies stand good for performing a widespread attacks as well. I would recommend you to understand each of this attack thoroughly to get started into cracking! I will be posting more details about each of the method described above in my upcoming articles, so stay in touch by subscribing to our blog!
Comments
Post a Comment