Category: web security

Recovering Hacked Facebook & Defeating Porn Ransom

Author wefightforsecurityPosted on July 13, 2021July 13, 2021Categories web security
Cyber crime
Dealing with active cyber crime

Hacked Facebook and picture being held ransom cybercrime

Intent and motive are two important parts of solving any crime, the same goes for cyber-crime.

This is a real case we had with the names anonymized for privacy purposes. Someone woke up Saturday morning to two rude surprises. We dealt with a compromised Facebook while also dealing with ransom of a picture from a compromised email address.

Many experts say pay the ransom, but the ransom had already been paid two weeks ago. This was before they reached out to us.

This has two moving parts, a hacked facebook and a ransom of a personal porn picture that no one wanted released. We are going to cover how we dealt with the hacked Facebook first.

How to identify who hacked your Facebook

Make sure all tabs are closed and no applications are running in the background on your desktop. This is so you can see what IP addresses are inbound with as much accuracy as possible.

  1. open up Facebook messenger
  2. Open up command prompt on Windows and when the person is writing, where you see those bubbles type netstat -an and hit enter. This will show all outbound and inbound IP addresses, 192.168 is an internal IP for every computer, as is 127.0.0.1. Ignore those addresses as those are from your machine.
  3. Analyze the inbound IP addresses, then use an IP reverse lookup to google maps. This is helpful if the attacker forgets to mask their identity with say, a VPN or Tor.
  4. Check lists of known VPNS and tor relays. This isn’t full proof, but it is helpful, as you will see in a minute.

The compromised Facebook was asking everyone for $500 in BTC or an ebay gift card. They were also portraying themselves as an old lost friend by changing the accounts name. Playing along got us enough of the same IP addresses repeatedly, which is what was needed. When we brought up the town they were in and how it was was they replied “Good”. When they were told there was plenty of evidence against them they deleted the facebook, or so they thought.

The head of Facebook Security is involved and they should restore the account.

Porn Ransom and how to combat it

The second problem, the porn ransom of the picture is where we are now. This took time to solve and when you have a ransom you’re short on time. The demand of money for the ransom continued.

I finally decided to stop focusing on the ransom and the pornography and treat the criminal like a human. What was the motivation behind the crime, why did they need this money? Once asked, they claimed they needed it for something in their house. This was a major breakthrough, because my reply was simple. I offered to teach them how to make that money legally with some apps, if you delete the picture permanently. They agreed to the terms, and I showed them how to make $500 really quickly online.

The picture was allegedly permanently deleted, but with criminals, well take everything with a grain of salt.

Regaining control of a hacked email and securing it after a hack

We regained control of the compromised email, so unless they downloaded the contacts, they had nowhere to post it, since the socials were also tightened down.

Moral of these two cases is pretty straightforward, everyone wants something. In these cases, isolate the two most important things the what they want and why they want it. I was then able to show them a legal way to obtain it.

The hacked Facebook case doesn’t appear to be related, as the tone of the writing, the words chosen, and timestamps of the messages are radically different between the two people. What we were told for free is that the image is somewhere on the deep web with the contact info, so this issue may persist. Time will tell.

We take pride in pro-actively and re-actively fighting threats, which in simple terms means we do both defense and offense security. If you need help, just contact us.

Cyber Security — A Beginners guide to Cyber Security

Author wefightforsecurityPosted on May 19, 2017May 19, 2017Categories cyber security, web security

What is cyber security?

Cyber security is the art of protecting your systems from criminals who mean to do you harm, including ransomware like wannacry which we recently wrote a guide on. Cyber security also helps you keep criminals out of your private information and even more importantly your customers private information.

If you haven’t heard of cyber security, then you most likely haven’t heard of phishing, which is fine. Phishing is another word for fraudulent emails sent to you by people who are trying to gain illegal access to your computer. Once they gain access to your computer, they can steal all your data, use your machine as part of a large network of thousands of machines to do whatever they want, also referred to as a zombie network and to make the malware keep spreading they can use your contact list to send it to all your contacts from your email address.

 

If you don’t think that’s bad, it gets worse. Once inside your system, the criminals have control of your computer, not you. They could charge you thousands of dollars to potentially relinquish control of it or they could put all your information online for the world to see. Of course there are plenty of other uses for your machine and your data, but we aren’t getting into that in this article, since that would make up a good portion of a   book.

 

Why does my website need security? I don’t store anything sensitive on it.

This is a point a lot of people make and while you may not store anything on it, people do come to your website and we make sure of that if you use our SEO services, to make sure people can find you on search engines. If people come to your site and it is hacked, they will either also get infected, see your site defaced and potentially have dead bodies on it, like we’ve encountered in the past, or Google could block them from going to your site, which also hurts your rankings on their search engine.

If Google blocks them from coming to your site, then this is a major damage to your reputation. If your site is defaced, that also damages your reputation. Most people don’t know that 60 percent of cyber crime victims go out of business and 50 percent of all attacks are against small businesses.

This is what your customers will see if Google blocks them from coming to your site

Google warning blocks access to site

Google hacked site warning blocks access to your website

 

So what can you do about this? Well, you can keep learning about cyber security by signing up for our mailing list, which sends out exclusive information only available to people on our mailing list.

 

 

 

Information Security Audit & Website Security Audit To Keep You Safer

Author wefightforsecurityPosted on May 18, 2017May 18, 2017Categories information security, web security

Information security audits are great for website security, server security and anything else that connects to the internet, like internet of things devices. We don’t mean to imply that devices that don’t connect to the internet shouldn’t be secure, on the contrary. All devices should be as secure as possible, but especially if they are online, including your computer system.

 

So, what do we do to help you with your information security audits and website security? A lot. We have a 100 percent success rate of finding flaws in customers software and then proposing solutions. If you hire us we will test your website security and server security or any internet connected device, that includes devices that only use bluetooth or wifi. In previous audits for internet of things products we’ve discovered how to make internet of things light bulbs explode and make drones fall out of the sky, hack security cameras or anything else we are asked to secure.

In web security and server security audits, we’ve helped secure Godaddy, government organizations, and a lot of financial companies. We want to bring our expertise to all the companies in the world, since information security audits shouldn’t be a luxury that only large corporations can afford. Our most affordable information security audit is affordable for most small businesses and our automated security tools are so cheap, they’re a steal. If you want to contact us, please do or you can sign up for tips on how to stay more secure and reduce the impact cyber criminals can have on your life by filling out the form below.

 

 

Website security: Is Website security easy to hack by criminals?

Author wefightforsecurityPosted on April 27, 2017April 27, 2017Categories web securityTags , , , , , , , , , ,

Website security is code that tries to stop criminals from illegally hacking your website and bypassing  security measures you have in place, if you have any in place.

How secure is website security on average?

On average it takes less then a minute to bypass website security that is supposed to stop criminals and automated tools can crack simple passwords in under 30 seconds, sometimes under three seconds depending how weak your password is and what type of machine  you have.  How is this possible? Most developers aren’t familiar how code can break, they just know how to write code that works and depending on the project, that can be complicated in itself. Education on how to secure code is very important, if we want to make more secure programs in the future.

What is website security?

Website security is supposed to stop criminals from getting into your site. It simply is code that is designed to make it so criminals can’t bypass it, but they may be able to bypass another part of your code, since there are so many ways into your average system.

Website security being illegally hacked by criminals is a major problem, since all your users data could be stolen, your site could be used to deliver malware to users, gain access into areas that require admin authentication, and so much more. Protecting website security is one part of our job, making sure we provide enough plans so everyone can afford web security is another part of our job. Whether you  can only afford malware removal  or need a security audit to find vulnerabilities, we have you covered. We continue to release more  products to help people stay as safe as possible without breaking the bank.

 

Hackers for hire to secure your website from criminals

Author wefightforsecurityPosted on April 22, 2017April 27, 2017Categories cyber security, web securityTags , , , , , ,

We are cyber security professionals, information security professionals, but when it boils down to it we are hackers for hire that are easy to find and easy to  contact. or hire by one of our hacker for hire subscription plans. When we are hired by the private sector we help secure your websites, servers, applications and any IoT device under the sun. Our plans currently only support websites, however we are professionals at IoT security, also known as internet of things security and server security.  Companies hire us to stop criminal hacking before it happens or if it’s already started we put a stop to it and provide an analysis of the criminals behavior and information we have on them, along with if they are known elsewhere, since many criminals want to be known, they just don’t want to be caught.

  What type of hacking will you not do? Since you’re easy to find hackers for hire will you do unethical hacking?

We are ethical hackers for hire that are easy to find, so we will not do illegal hacking.   We will end up putting a FAQ together about the most common requests for illegal hacking, but a few off the top of our head of requests are to hack another users facebook account for you, instagram, or any other service.  We don’t care if you tell us the person you want hacked is a cheating slimeball, that doesn’t make it legal to hack them. Since we’re ethical hackers for hire, we stick by our code and won’t hack cheating slimeballs for you.

What can you do as hackers for hire?

As hackers for hire we can do a lot, like secure your website, server, IOT products, etc. Working as hackers for hire we have recovered stolen laptops, We identified a hacker who claimed to be a woman in San Diego, who ended up being an Indian in India living in a flea hotel, who took a trove of unreleased music from a studio.

We’ve identified employees who have destroyed their companies systems making them inoperable. We’ve worked for fortune 100’s, we’ve had GoDaddy as a client showing them security flaws in their servers and we found a lot of issues.

We identify malware in companies infecting their users, we’ve helped make it so companies don’t have to pay ransomware by securing their systems and offer anti-phishing training.

What can we not do as hackers for hire? Whatever the law prohibits, which is becoming less and less. We can show you how insecure your internet connected devices are, also called internet of things devices, among other things.  It’s even legal to hack a car or anything else you own to show how insecure it is.