Ever wanted to gain control of your friend's email id? I will explain to you how to secure yourself from such an attack in this post.
This hacking episode took place just a few days back and let me give you all the details about this attempt. Take this as a case study:
The person whose account was to be hacked was Mayank Chauhan.
The people involved in this hacking were Nikhil Sharma, Saikat Banerjee and Tanmay Sharma.
It seems that Mayank had a fight with Nikhil Sharma. So Nikhil hacked all his ids. But Mayank was able to get access to his id again. Then he implemented some 'top securities' , and challenged Saikat to hack him now.
This group used both guessing and phishing to get control of his two email id in order to get control of his facebook but eventually failed as Mayank changed the id he associated with Facebook.
So let me present a third party view of this episode i was not involved in any way:
Nikhil used forgot password option to 'hack' his email. His secret questions were
Q1. What is your place of birth?
Ans1. Delhi!
This was quite obvious as he lives in Delhi-NCR
Q2. Who is your favorite cartoon character?
Ans2. Shinchan!
Most of his friends knew his favorite cartoon was Shinchan. This was basically an open secret!
One ID under control now turn of another....
This time they used more sophisticated technique of phishing. This method can only work if the victim is dumb and the person doing it has good brainwashing qualities. By the time his one ID had been compromised he himself tried to get control of Nikhil's account and he looked for the net for that. He even asked some of his friends to help him. But unfortunately he asked the help of some friends who too were involved in hacking mayank's id. Such a dumb person he is!! They brainwashed him by suggesting a method by which he could possible hack someone else's account. Get an idea from this pdf
http://www.derkeiler.com/pdf/Newsgroups/alt.computer.security/2009-06/msg00097.pdf
This is completely rubbish and never try it! Make sure your security questions are very general but their answers should be very specific.People usually reveal a lot of personal information in Facebook which helps the hackers a lot. So avoid that.
And remember never hack anybody's id 'just for fun'. Hacking can get you in legal trouble so beware.
Any way I hope the following discussion with one of the conspirators will make it clear what actually happened:
me: Gimme more details
Saikat: about
1:33 PM me: That episode
Saikat: which episode bhai?
me: Taking control
1:34 PM Saikat: hacking?
jaldi bol
i have to go
me: Ha
Which account did he use?
1:35 PM Saikat: :P
hmmm..
well..
first i brainwashed him
1:36 PM as nikhil as hacked his account... and he got it back.. he challenged me to hack him... so.. i found out this little trick..
so...
i told him that this is a method to hack nikhil
i told him TO USE HIS OWN FB ID!
so that i can get access to his :D
but..
he didnt use his fb id..
and .. well..
i could only get access to his new account
1:37 PM i hope you understood the trick?
me: You took over nikhil's account?
Saikat: NO
i took over mayank's
did you understand the trick?
its just that..
1:38 PM me: No
Saikat: wait.
let me type
ITS JUST THAT>.. i create a real LOOKING.. gmail server id...
like..
officer.gmail@gmail.com
something like that
and tell him
that..
you have to compose a mail... with
the subject... PASSWORD RECOVERY
1:39 PM write the person's email id
your id
our own password
(THIS IS THE TRICK.. he is giving us access to his own id without knowing that the officer thingy email id is ours only!!!!)
then i give a stupid javascript code ( which doesnt work ofcourse)
:P
and tell him that this javascript..
confuses the gmail server
1:40 PM and returns back the TARGET ID..
which u gave first!
lol..
its just brainwash and bang
me: Good
Saikat: he has no idea that he gives me access
oi..
blog my name too :P
inputs :P
me: Okay
Saikat: nice method.
actually..
tanmay and i did it
credit goes to tanmay
me: The pdf you gave to me was made by you?
1:41 PM Saikat: no
tanmay and i found a better
way..
we discussed shit.
and introduced the IDEA
of brainwashing
its easy..
1:42 PM ok i am going
me: Then what was that pdf?
Saikat: well.. we read it..
and closed it
me: And?
Saikat: we didnt even think about that
i mean.
we thought that it was shit
but then tanmay and i came up with the idea of brainwashing
1:43 PM i brainwashed mayank
if someone reads that pdf
it wouldnt help him in anyway.
not a single fool will try it
i mean.. try to hack
me: Mayank tried it?
Saikat: yes
1:44 PM i brainwashed him pretty well.
me: Well he asked me how to hack and i gave him that
Saikat: .hahahhahahahahahahahahahahahhahahaha
me: And what about
The forgot password?
1:45 PM Saikat: hmmm its a difficult thingy guess work..
nikhil hacked mayank's id using social engineering
SE.. is one of 7 ways to hack
other ways are keylogger
phishing
etc
me: Then why did you have to do all this when you guessed them
1:46 PM Saikat: mayank removed all his ids from facebook
he had switched accounts..
and i didnt know his new id
which he was using for fb
so..
i had to implement this way
to get his NEW ID
and password at the same time
1:47 PM me: o...k
Saikat: i am going now.
are you going to give this convo in ur blog?
rofl
me: so you got control of 2 id?
Saikat: no
1:48 PM i thought i got control of two ids.. as i hacked gmail.. with this method... so i will get pass to fb as well!!
but it turned out that
me: That's a great idea
Saikat: mayank had made another id
and did it
so..
it was my mistake
that..
i should have told him in the beginning
that..
use a account
which is 30 days old
!
or frequently used!
me: Hehe
Saikat: OR
1:49 PM use the fb account u are using
it only works with that
ok
do blog my name
:|
i have to take a bath now
tere wageh se itne der se nahi gaya
me: But he still has control of his account.
Saikat: abe yaar
the id i hacked
it wasnt connected to his fb account!
he had made a new id
and did this shit
me: good
1:50 PM Saikat: bhai
ab main jaa raha hubn
tell me when u r done with the blog
aaah
me: Naha le!
Saikat: bye Remember Hacking is not an Indoor Game. It is a sport to be played outside. In order to win, you will have to get your hands dirty