Securing your Internet Accounts — part 1

haRies Efrika
3 min readNov 28, 2020

“Help! my facebook account has been hacked!” — they said

Well okay before we are talking about how to secure your internet/ social media accounts, let us talk about definition first.

Hack,

is actually an unconventional process in improving something, making something better, or to gain something. Something out of the book. Something unusual, but works. The “hack” itself does not necessary be a bad thing. Ever heard life hack ? It teaches you on how to utilize things properly, to make our lives easier.

Crack,

on the other hand, in Information Technology context, is the process to gain information illegally. Such as brute forcing, or finding hole or back door to steal digital information.

Therefore in my opinion, it should be “Help! my facebook account has been cracked!” Super duper not important right ?

You’re right, lets continue 😄

Nowadays, most of the public social media platforms, have been built very very securely. Like there is noooo way somebody could break into Facebook and steals your login information.

There is nooooo way somebody else could know what your password is, UNLESS — you are giving them hint.

Cracking is not always about creating hi-tech program to go intrusive. Much more efficient way to crack someone’s password is either by:

Social Engineering: try to gather the information offline — having conversation with target; walk behind the person in starbucks while they are opening their laptop, etc.

or by Phishing.

Phishing, in IT context, is the process of lying, conning to other people, so that they will enter their credentials into fake website. Here’s how they are doing it.

Say I am the cracker. I created a website — very very look like a Facebook login page, everything looks entirely the same. But of course I cannot have the actual Facebook address, but I could provide a similar fake address like www.faceb00k.com or facebook.greatweb.com — where people perhaps do not notice too much on the difference.

Anyways, next step I will post a public story, post public feed, or even post a paid advertisement in Facebook. To make this interesting, I would put a very hot anime characters as main theme, or perhaps I would put a very sexy image as a bait. Or I could pretend to sell iPad in a very good condition, but the price super low. Many examples. The point is, I am trying to lure my victim to go to my fake website, from the original website.

On the fake website, the visitor without much suspicion, thought they are required to login again — so they enter their credentials there. At this point, the victims just innocently share their password to the crackers. The next day they know, they are no longer able to login to Facebook. Even worse — they are no longer able to login to gmail, just because they USE THE SAME PASSWORD for gmail 😄 😅 This is true story and many people have fallen to this ̶p̶r̶i̶c̶k̶ trick.

There are many other types of phishing that I won’t explain one-by-one. Another example somebody could also call your mobile phone and asking OTP number sent via SMS.

Solution

What if I tell you my facebook password right now ? You would not be able to login anyways. Even if you know the password, Facebook would still ask me personally, whether “is that you, who tried to login just now — please confirm” ?

The feature is called 2FA / two factor authentication. The details on this one will be elaborated on part 2 😺 stay tuned!

So haRies, what is your facebook password?

Have you tried entering “I-Love-Ries” ?

--

--