4 Ways to Crack a Facebook Password and How to Protect Yourselffrom Them
Despite the security concerns that have plagued Facebook for
years, most people are sticking around and new members keep on joining. This
has led Facebook to break records numbers with over one billion monthly active
users as of October 2012—and around 600 million active daily users.
We share our lives on Facebook. We share our birthdays and
our anniversaries. We share our vacation plans and locations. We share the
births of our sons and the deaths of our fathers. We share our most cherished
moments and our most painful thoughts. We divulge every aspect of our lives. We
even clamor to see the latest versions even before they're ready for primetime.But we sometimes forget who's watching.
We use Facebook as a tool to connect, but there are those
people who use that connectivity for malicious purposes. We reveal what others
can use against us. They know when we're not home and for how long we're gone.
They know the answers to our security questions. People can practically steal
our identities—and that's just with the visible information we purposely give
away through our public Facebook profile.
The scariest part is that as we get more comfortable with
advances in technology, we actually become more susceptible to hacking. As if
we haven't already done enough to aid hackers in their quest for our data by
sharing publicly, those in the know can get into our emails and Facebook
accounts to steal every other part of our lives that we intended to keep away
from prying eyes.
In fact, you don't even have to be a professional hacker to
get into someone's Facebook account.
It can be as easy as running Firesheep on your computer for
a few minutes. In fact, Facebook actually allows people to get into someone
else's Facebook account without knowing their password. All you have to do is
choose three friends to send a code to. You type in the three codes, and
voilà—you're into the account. It's as easy as that.In this article I'll show you these, and a couple other ways
that hackers (and even regular folks) can hack into someone's Facebook account.
But don't worry, I'll also show you how to prevent it from happening to you.
Method 1: Reset the Password
The easiest way to "hack" into someone's Facebook
is through resetting the password. This could be easier done by people who are
friends with the person they're trying to hack.
• The first
step would be to get your friend's Facebook email login. If you don't already
know it, try looking on their Facebook page in the Contact Info section.
• Next,
click on Forgotten your password? and type in the victim's email. Their account
should come up. Click This is my account.
• It will
ask if you would like to reset the password via the victim's emails. This
doesn't help, so press No longer have access to these?
• It will
now ask How can we reach you? Type in an email that you have that also isn't
linked to any other Facebook account.
• It will
now ask you a question. If you're close friends with the victim, that's great.
If you don't know too much about them, make an educated guess. If you figure it
out, you can change the password. Now you have to wait 24 hours to login to
their account.
• If you
don't figure out the question, you can click on Recover your account with help
from friends. This allows you to choose between three and five friends.
• It will
send them passwords, which you may ask them for, and then type into the next
page. You can either create three to five fake Facebook accounts and add your
friend (especially if they just add anyone), or you can choose three to five
close friends of yours that would be willing to give you the password.
How to Protect Yourself
• Use an
email address specifically for your Facebook and don't put that email address
on your profile.
• When
choosing a security question and answer, make it difficult. Make it so that no
one can figure it out by simply going through your Facebook. No pet names, no
anniversaries—not even third grade teacher's names. It's as easy as looking
through a yearbook.
• Learn
about recovering your account from friends. You can select the three friends
you want the password sent to. That way you can protect yourself from a friend
and other mutual friends ganging up on you to get into your account.
Method 2: Use a Keylogger
Software Keylogger
A software keylogger is a program that can record each
stroke on the keyboard that the user makes, most often without their knowledge.
The software has to be downloaded manually on the victim's computer. It will
automatically start capturing keystrokes as soon as the computer is turned on
and remain undetected in the background. The software can be programmed to send
you a summary of all the keystrokes via email.
CNET has Free Keylogger, which as the title suggests, is
free. If this isn't what you're looking for, you can search for other free
keyloggers or pay for one.
Hardware Keylogger
These work the same way as the software keylogger, except
that a USB drive with the software needs to be connected to the victim's
computer. The USB drive will save a summary of the keystrokes, so it's as
simple as plugging it to your own computer and extracting the data. You can
look through Keelog for prices, but it's bit higher than buying the software
since you have the buy the USB drive with the program already on it.
How to Protect Yourself
• Use a
firewall. Keyloggers usually send information through the internet, so a
firewall will monitor your computer's online activity and sniff out anything
suspicious.
• Install a
password manager. Keyloggers can't steal what you don't type. Password mangers
automatically fill out important forms without you having to type anything in.
• Update
your software. Once a company knows of any exploits in their software, they
work on an update. Stay behind and you could be susceptible.
• Change
passwords. If you still don't feel protected, you can change your password
bi-weekly. It may seem drastic, but it renders any information a hacker stole
useless.
Method 3: Phishing
This option is much more difficult than the rest, but it is
also the most common method to hack someone's account. The most popular type
ofphishing involves creating a fake login page. The page can be sent via email
to your victim and will look exactly like the Facebook login page. If the
victim logs in, the information will be sent to you instead of to Facebook.
This process is difficult because you will need to create a web hosting account
and a fake login page.
The easiest way to do this would be to follow our guide on
how to clone a website to make an exact copy of the facebook login page. Then
you'll just need to tweak the submit form to copy / store / email the login
details a victim enters. If you need help with the exact steps, there are
detailed instructions available by Alex Long here on Null Byte. Users are very
careful now with logging into Facebook through other links, though, and email
phishing filters are getting better every day, so that only adds to this
already difficult process. But, it's still possible, especially if you clone
the entire Facebook website.
How to Protect Yourself
• Don't
click on links through email. If an email tells you to login to Facebook
through a link, be wary. First check the URL (Here's a great guide on what to
look out for). If you're still doubtful, go directly to the main website and
login the way you usually do.
• Phishing
isn't only done through email. It can be any link on any website / chat room /
text message / etc. Even ads that pop up can be malicious. Don't click on any
sketchy looking links that ask for your information.
• Use
anti-virus & web security software, like Norton or McAfee.
Method 4: Stealing Cookies
Cookies allow a website to store information on a user's
hard drive and later retrieve it. These cookies contain important information
used to track a session that a hacker can sniff out and steal if they are on
the same Wi-Fi network as the victim. They don't actually get the login
passwords, but they can still access the victim's account by cloning the
cookies, tricking Facebook into thinking the hacker's browser is already
authenticated.
Image via wikimedia.org
Firesheep is a Firefox add-on that sniffs web traffic on an
open Wi-Fi connection. It collects the cookies and stores them in a tab on the
side of the browser.
From there, the hacker can click on the saved cookies and
access the victim's account, as long as the victim is still logged in. Once the
victim logs out, it is impossible for the hacker to access the account.
A Couple More Facebook Hacks
For those with a bit more technical skill, check out the Same
Origin Policy Facebook hack and the somewhat easier, Facebook Password
Extractor. We will continue add more Facebook hacks in the near future, so keep
coming back here.
How to Protect Yourself
• On
Facebook, go to your Account Settings and check under Security. Make sure
Secure Browsing is enabled. Firesheep can't sniff out cookies over encrypted
connections like HTTPS, so try to steer away from HTTP.
• Full time
SSL. Use Firefox add-ons such as HTTPS-Everywhere or Force-TLS.
• Log off a
website when you're done. Firesheep can't stay logged in to your account if you
log off.
• Use only
trustworthy Wi-Fi networks. A hacker can be sitting across from you at
Starbucks and looking through your email without you knowing it.
• Use a
VPN. These protect against any sidejacking from the same WiFi network, no
matter what website you're on as all your network traffic will be encrypted all
the way to your VPN provider.
Protecting Yourself: Less Is More
Social networking websites are great ways to stay connected
with old friends and meet new people. Creating an event, sending a birthday
greeting and telling your parents you love them are all a couple of clicks
away.
Facebook isn't something you need to steer away from, but
you do need to be aware of your surroundings and make smart decisions about
what you put up on your profile. The less information you give out on Facebook
for everyone to see, the more difficult you make it for hackers.
If your Facebook account ever gets hacked, check out our
guide on getting your hacked Facebook account back for information on restoring
your account.
Bonus: If you're interested in who's checking you out, there
are some ways you can (kindof) track who's viewed your Facebook profile.
More Password-Hacking Guides
For more info on cracking passwords, check out our guides on
hacking Linux passwords, hacking Windows passwords, and our super-easy
beginner's guide on hacking Wi-Fi passwords (or for newer wireless routers, how
to crack WPA2-PSK wifi passwords).
No comments:
Post a Comment