Exam time! And what happens? Shit happens.
My phone gets taken away from me and i was given this old Nokia C1 phone.
But when you are passionate about something you don’t take NO for an answer and i wanted to see if i could use the most fundamental forms of hacking to gain access to a Facebook account.So with a book in front me to make my mom think i was studying i installed Opera mini 4.0 on this phone and began the dirty work. Mwhahahaha! Mojo jojo style.
This hack involves NO technical skills and is totally based on Facebook Social engineering.But what it does require is a creative mind.
Social engineering is a term in hacking that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.A social engineer runs what used to be called a “con game.”
Note:To get a bigger view of photos just click on them.
Finding the Subject
I saw her on Facebook .She looked like nice a person to me and i just wanted to hack her.I don’t know why.Just ask god.Her profile looks like this.
I stored all the information on her and of her.
Her birthplace,date of birth,everything was easily available on her profile.This is called information gathering.You gain all the information on the target by any means possible.
Just a tip:If you look at the status posts you can find really interesting things about people that hackers use for identity thefts.
I Google’d her name and tried to find more about her.But i didn’t find anything of significance as there are 100’s of Samridhi Jaiswal’s on this planet.But i noticed that her Facebook profile that she had a Blackberry pin that she had shared with everyone.I was like hell yeah! 😉
I Google’d the Blackberry pin and found that she was on ask.fm
Ask.fm is a website where you can ask questions to anyone anonymously and it’s pretty fun.But it also makes it a good medium for social engineering attacks.
I saw she had shared a part of her life over there.I noted down information from all the answers she had written in response to the people.
And as i had found on Google that her name was related to google+ and Rediff as well so i asked her anonymously on ask.fm if she was on Google+ and Rediff as well to which she said ‘No’.This helped me narrow down my attack on her.
Finding the Blind spot
Then i went to Facebook and used forget password option.
Clicked on Forgot your password?
I Entered her profile id.
Important Note: “See the first picture to know what a Profile id is”
(To see another non-digit profile id example you can go to my profile,you will see that my profile id is “attreya.bhatt” )
Facebook asked me to go through a procedure through which a normal user recovers his password .
There i learned two things about her.
1) Her email was email@example.com (Notice how it has 9 asterisks in between)
2) Her phone number had 15 at the end.
So i Google’d her email on Google in such a way that if that email had been used in anyway on any website,Google would have dug it out for me from the depths of hell.
I typed this Google: “firstname.lastname@example.org”
( ‘?’ i used this question mark search operator to refine my search on Google.This operator is used to fill in the blanks in a sentence with a single letter)
But i couldn’t find anything.Kinda sad.
Just a tip:Try Google’ng your email and see what you find.You may be surprised.
So i went back to the Facebook reset options and clicked on “No longer have access to these?” option.
Entered my fake email.And there popped her security question which was
“Where was your mother born?”
With the help of information i had gained from Facebook and ask.fm.I entered Mussorie (her previous school) and Dehradun (her maasi’s place).
But apparently her mother was born somewhere else and Facebook rejected my answers.
Being satisfied with the information i had.I decided to message her on Facebook.This is how the conversation went.
So i entered the answer given by her in the security question and abracadabra! the option to enter the new password was there.
How To Protect Yourself Against Social Engineering Attacks
- You need to be aware that such Facebook social engineering attacks and other such kind of methods that exist.
- Don’t trust people blindly.
- Beware of fake id’s guys and girls do not accept the friend requests of people you don’t know.
- Make sure you go today and check out security questions you have put on Yahoo,Facebook etc. and if someday someone sneakingly asks you your security question be sure to give him a hard one between the legs.
Disclaimer:I have written this post to make people aware of the most basic forms of hacking.No passwords were actually changed by me though i had the access to change it.It was done with the intention of satisfying my curiosity and not harm anyone.
If you loved this post make sure to Like,Share and Discuss it at all the places because if you don’t, i will come to your house and tickle your asshole till you die.So can either do it due to this fear or can do it to make your family,friends and girlfriends aware of such mind hacks.
If you’re into hackstories, sign up for the hackstories email list and we’ll send you the new posts right when they come out. It’s a very unannoying list, don’t worry. Also like our facebook page for latest tech updates.
And yeah one last thing…