BROWSER HACKING

BROWSER HACKING

Hacking is an age old art of getting things without paying for it, or gaining access to places you are specifically denied entry. If you ever picked-up a round metal electrical box knockout plate that resembles a coin and deposited into a public telephone coin hopper or a toy / bubble-gum machine's coin hopper with the intention of making a free phone call or getting a few bubblegum balls or a toy for free, then you're guilty of hacking. If you've ever jumped over the fence at a soccer or rugby match or sneaked-in at a music festival undetected, to avoid paying the gate fee, then you are guilty of hacking. If you ever boarded a train without buying a ticket knowing full well that the station at which you intend to disembark doesn't have any ticket collectors, then you hacked the system. 

Hacking takes various forms and is not purely associated with computers. People hack their electricity boxes, in order to pay less for electricity. People hack their DSTV decoders to gain channels they are not paying for. People hack their public telephone cards to increase the available credit so that they can make more calls than the card initially allowed. People hack the MVG Casino cards to increase  the number of tier credits on the card, then simply redeem the card and collect the cash from the casino tellers.  In a nutshell you're a thief.  However, some consider getting away with such behavior as clever or mentally superior, by  outdoing/surpass/ outshine, others at their own game.  

With the following information you can easily gain access to other peoples computer data, not intended for publicly consumption. Skillful use of a few commands, could get root access to other peoples computers, access to their passwords, credit card data and other personal information. If it's your thing, you could steal the identities of careless or ignorant computer users. However, computers that are properly configured will deny you access.

WARNING & DISCLAIMER:-

This blog installment is published purely as an educational aid; and as a tool for those who wish to broaden their computer skills. I do not in anyway encourage hacking other peoples computers. I therefore cannot and will not be held  responsible for whatever  you do with this information.  Use it at your own risk. Its main objective is to point out security flaws and software vulnerabilities, so that you can properly secure your own websites on your  computer network. 

The tool we are going to use is the Google Chrome browser, though any browser would do. However these advanced commands may not work on other browsers. With it, Google makes it possible to find sources of personal information, confidential data, and info about web services as well as system vulnerabilities. The following is a list of alphabetical web browser commands that most people are totally unaware of.

GOOGLE COMMANDS

allintext:
allintitle:
allinurl: 
cache:

daterange:
inanchor:
intext:
intitle:
info:
inurl:
link: 
numrange: 
phonebook:
related:
site:

These commands have a special syntax including some Boolean operands (AND, OR, wildcards and quoted strings) like those listed below to hone your search results. Internet search engines can be divided into two groups,  those that perform  "subject index searches" and those that do, full-text searches.  For example Yahoo! is a searchable subject index engine whereas Google is a full-text search engine that employs "spiders" to index billions of web pages which can be search by  title or content.

+   (logical AND)
-  (logical NOT)
|  (logical OR)
* (wildcard for a single word)
.  (wildcard for a single character)
" " (text delimiters)

intext: - searches only body text of webpages and explicitly ignores link text, URLs, and titles. Eg. intext:food

allintext: - presents  documents containing the specified phrase in the text, but excludes the title, the link descriptions and the URL. Eg. allintext:money

allinurl:  - presents the search phrase only in the url and excludes body text and title. Eg. allinurl:peace

Caption of a root directory

This gives you an idea of how to the these search commands. So try any of the following by copying  and pasting in url bar, then search:-

phonebook:Audi Centre JHB
site:apple.com/robots.txt
info:donald trump
numrange: 115-135
microsoft cache:IIS 5
money | love
Hitler -Hess 
Index of +password.txt  
Index of /admin  
Index of /credit-card  
"Index of /root"  

inurl:server-info "Apache Server Information" 
intitle:"active webcam page"
intitle:phpMyAdmin "Welcome to phpMyAdmin"

intitle:index.of finances.xls

"three * pigs" - the asterisk will insert a missing word - (little)
"three * mice" - the asterisk will insert a missing word - (bind)
"donald * trump" - the asterisk will insert a missing word - (John)

Using a combination of the above commands, gives search results you never imagined possible.  Any web server with Index browsing enabled would allow anyone to  browse the web server parent directory like a local directory and have access to all its sub directories. Be Warned that deleting or changing files on other peoples computers constitutes a felony and is punishable by law.

CYBER ATTACKS

CYBER ATTACKS

Did you know that Cyber attacks for today exceed 1,523,196 and is about half a million less than yesterday's 2,043,871 cyber attacks. If you don't believe me, you can verify it for yourself here. The malware families that account for about 40 percent of all recorded attacks are from the Worm32.Conflicker, the Virus.Win32.Sality, the Cutwail botnet and the Neutrino Exploit kit. These treats have been  religiously turning MS Windows computers into DDoS and spam-spewing botnet drones for at least the  past five years. But now, that Cryptowall ransomware version 4 was released, corporate cyber security companies are on a back foot. This is exactly what is portrayed in the Series Mr. Robot when Evil Corp's entire data centre got hacked and  encrypted with 256-bit AES encryption.

Hacks taking place every the day

The trick to doing this, is to open a backdoor through some unauthorized remote administration software. Once this is done, you essentially own the target computer system. Trojans like Cryptowall, Netbus, Back Orifice and SubSeven have several customizable options to get the job done.

Looking at the daily cyber war far between attacking countries like USA, China,  Portugal,  Germany,  Russia,  Sweden,  United Arab Emirates,  United Kingdom,  Netherlands,  and Turkey, etc, and target countries like USA  India,  Chile, Sweden,  United Kingdom, Taiwan,  Poland,  Brazil,  Norway,  Russia, flinging virus and Trojans at one another is bound to strain relations.

Hackers are attacking targets across all borders

Some of the malware threats are:- 

Worm32 Conflicker
Banker.Win32.Bancos.K
Trojan.Win32.ZeroAccess.A
Worm.Win32.Brontok.B
Trojan.Win32.Virtu.A
Trojan.Win32.Mwzlesson.A
Virus.Win32.Sality.
Operator.Andromeda.gx
Operator.Cryptowall3.bbe
Operator.Trojan.Win32.Grafter.e.a
Trojan.Win32.Smokeloadr.C

FSOCIETY

F-Society, Fsociety, fSociety, fuck society.

Mr. Robot is probably the best series I've seen in 2015. The story line revolves around an anarchic, highly secretive, anti-establishment  hacker group named "fSociety" based in Coney Island New York, intent on recruiting Elliot Alderson (Rami Malek) to help them with their mission to destroy the conglomerate E Corp and in the process cancel world debt . Elliot is  a socially anxious yet morally righteous "white hat" super-hacker,  whose day job with Allsafe Cybersecurity is to protect E Corp's servers against external exploits. Fsociety contact Elliot using a Distributed Denial Of Service (DDoS) attack that takes E Corp offline, but leaving a message in the DAT file on  one of E Corps servers for him. As a result Eliot becomes cautiously affiliated to  "fSociety"  which is led by Mr. Robot (Christian Slater). After disabling the rootkit that was responsible for the DDoS, instead of deleting the file, he changed its root attributes, granting himself sole access.

Elliot, Mr Robot and Darlene after the E corp crash.

Elliot is a social outcast, skitso, a little nutso and very different, continually hallucinating about traumatic incidents that he experienced as a child by his father who was his best and only friend. Living alone and lonely, existing in his own mental space and his own reality, his narcotics-clouded brain, blocked out the fact that the alluring coder Darlene (Carly Chaikin) is actually his sister, even though they interacted to some degree, and that fSociety's imaginary leader "Mr. Robot" was in fact their late father. Elliot also frequents a therapist, Krista Gordon who assists him to deal with his anger, his anxiety and  his introversion but not out of choice. He is a hacker my night and exposes offenders who he feels needs to tow the line. At the end of it all, Elliot's  often unreliable  mind couldn't piece together E Corp's take down nor could he recollect whether or not he orchestrated it.

Elliot Alderson (Rami Malek) in Mr Robot

In their  determination  to bring down the world corporate structure, fSociety members adopts a disguise that looks somewhat like the the Monopoly Man when flighting their video manifestos, making demands that E-corp donate all the ill-gotten gains to charity and give all the clients a reprieve. But when E-Corp doesn't comply with their demand, they encrypt all their data with 256-bit AES encryption ransomware, disabling all banking, credit transfers, credit card purchases etc. In the real world, to decode AES-256 bit encryption would take approximately trenonagintillion  years to exhaust half the combinations of a AES-256 key. Restated, some  ~6.7e40 times longer than the age of the universe which is estimated to be 14 billion years in existence.

Support for fSociety for cancelling the debt of masses

All this has a very current day ring to to it especially as ransomware is used to encrypt business computers globally. Ukranian hackers have been instrumental in extorting money out of American businesses with CryptoWall and CTB Locker for almost three years and there isn't much that the FBI and the CIA can do about it.  Mr Robot series paints a picture of a global corporation that is the villans, and the hacker collectives, each battling with his own mentally and personal socially issues, as the heroes that society roots for.  The underlying message says that all it takes to destroy the financial world is a few crackpot hackers and and internet connection.

However, the series does however gives laymen especially the corporate types a perspective of the data world of cyber spying, viruses, honeypots, spiked emails, trojans, rootkits, ransomware, encryption keys and other computer system vulnerabilities. The TOR network and onion routing protocols are mentioned a few times and in the very first episode it is highlighted that whoever owns the end nodes, owns all the data that traverses it. Meaning if any hacker owns the ISP of the business his targeting then every bit of data that flows through their data pipe belongs to him or her.

Scenes showing hackers destroying their own computer equipment "wipe down mode" is a bit overboard, and microwave oven and incinerator are a bit dramatic since power supplies and computer boxes are incapable of retaining any data. Most experienced hackers cover their tracks very well and leave no evidence behind unless they want to be caught. Except for the hardrives, the computer's BIOS, routers, cellphones and flash memory, the majority of other computer components save no information about use whatsoever. 

A CPU cooking in a microwave

Computer hardrives, hubs/switch, power supplies incinerated

Besides, the Computer Abuse and Fraud Act is notoriously difficult to navigate and just as difficult to prosecute suspects. Considering hackers using  the TOR browser is routed through several connections all over the world and changes their IP number through proxies at least 3 times masking  their true identity online and making their connection appear as if it is coming from another country like Estonia for example. So the "IP address evidence" that is left behind  is not theirs but rather totally anonymous.  In fact the FBI has been paying a university crack team a million dollars to decode the TOR onion protocol yet more than 2 million hacks  are taking place daily globally.

TORRENTS

TORRENTS

Man is a self centered social creature with an inmate need to associate with other like minded social creatures. As such, they hob-nob, mingle,  brag and boast about themselves, their abilities, their possessions and their achievements to the point that it makes other people  sick of their bullshit. Today the Internet is inundated with social networking apps with dozens more still pending, not to mention those on the distant horizon. Platforms for these hyper social individuals that just crave the needs to be in everyone else's face, faking it as if they going to win an Oscar for it. Currently the most prominent of these platforms are Facebook, Twitter, PerfSpot, Instagram, MySpace, Bebo, Xing,  Sonico, Millat Facebook, Pinterest, LinkedIn, etc, but in no particular order. 

Admittedly social networking has made global communication easy, quick, transparent and very convenient, especially for those who have family and friend abroad. One would think that Telcos are loosing millions in revenue, since nowadays few people are using the telephone networks for telephonic communication. But in reality that's is a myth, they are not loosing millions but instead raking in billions in revenue from bandwidth sold to virtually everyone who owns a smart phone or has an internet connection. Yet most people only use a fraction of the data bandwidth that they pay for monthly, forfeiting several megabytes if not gigabytes. Instead of the Telcos allowing their patrons to accumulate or consolidate their unused bandwidth over time, they usurp it, and this translates to an even greater bottom line for these giant Telco world wide. 

There are some people that are pissed, who hate these policies, and see this as corporate theft and are angered by it, to the point that they resorting to hacking  Telcos. Case in point,  the Talk-Talk lost thousands because of ongoing hack attacks. Their CEO very calmly apologized to the patrons for their inability to secure their networks, but never for stealing from their clients. Be that as it may,  another "social networking platform" known as Torrents can quite easily be used to spend your excess data bandwidth instead of donating it back to these already wealthy Telcos and at least get some books, movie series, full movies, etc in return. A Torrent is a digital file that contains metadata about files and folders to be distributed and uses trackers to interconnects peer to peer networks. 

Bit torrent, Tribler, μTorrent, Tixati, Bittornado, Vuse, Mediaget, Frostwire, Bitlord, Deluge,  Bitcomet, etc... are just a few Torrent clients for Windows, Mac, Android and Linux, amongst several others. Torrents allows your computer to connect to hundreds of other host computers globally. However, the files you choose to download are not hosted on any particular computer but on hundreds of computers strewn all over the internet each seeding a few bytes of the file you need  until the file is fully downloaded. Torrents can be used to download anything from computer software, books, tutorials, music, movies, series, and even porn, if that tickles your pink parts. 

They are very unlike the regular social networking apps that allow people to pass off  their bullshit as insight and their fake comments as caring, spending endless hours umbilicaled to the networks and setting themselves up to be get hacked. Once the files you chose are downloading your computer seeds the file to others who also wish to have the file in question. Torrents can download at speeds of more than  1.5G in an hour or as slow as a 10 megabyte files taking several hours to download. However, Torrents are frowned upon by the authorities and many Torrent sites like Piratebay , and Kickass, Isohunt,  have been forced to close down because of "copyright infringement". However prior to this, these sites have been duplicated and operate in the.org domain. There are also several other Torrent sites like Megatorrents,  Torrentz,   Limetorrents, Torrentfreak, etc. So take extra care when downloading ,  copyright  computer software,  music, books, etc, because the authorities, spooks and government agencies, could track your IP and prosecute you under US Digital Millennium Copyright Act. An alternative is to use the Tor browser if you wish to browse anonymously, without leaving behind a browser history. Several of the Torrent sites are hosted on servers that serve pornographic materials, so if you a bit of a prude, steer clear of Torrent sight because popups can turn out to be quite embarrassing especially if you using a computer in a public place.

RANSOMWARE

2015 WAS THE YEAR OF RANSOMWARE  

Computers and ICT networks are prone to electronic failure but with the expert help of ICT professionals, network up-time can almost be guaranteed to 99.98 percent. However, for the past decade computer and network redundancy and global replication services, ISP's and corporate networks have been under attack from, Heuristic Computer Viruses, Worms, Malware, Spyware, Trojan/backdoors, Adware,  Rootkits,  Scareware, Keyloggers, and the worst of all Ransomware attacks that appear to be more personal.  Not to mention the physical threats by hackers, making the jobs of network security personal more intense and challenging. Costing companies huge additional and unnecessary expenses globally. 

It is predicted that Ransomware is going to be the greatest emerging security risk in 2016 and the general consensus is that 2015 has been the year of Ransomware. The purpose behind all intrusion software is to disrupt, create chaos, steal data and extort money. The reasons, avarice, sadism, vindictiveness, arrogance, aggression, envy,  anger, bitterness, jealousy, hate, narrow-mindedness and plain unadulterated evil. Can you even imagine a cracker hacking your computer system stealing your personal information as well as take over your computer holding  it ransom until you make their specified payment and endure the uncertainty whether or not thy will release you computer once payment is made. 

Globally security experts are doing the utmost to reverse engineer Ransonware software in an attempt to put a stop to this thievery. 
Surprisingly there are number of them amongst which are TeslaCrypt, Alpha Crypt, CryptoFortress,  Chimera , CryptoWall, Ransomware infection, MBR Ransomware  (MBR stands for Master Boot Record), CryptoLocker and the worst of all CTB Ransomware (CTB atands for Curve-Tor-Bitcoin). Crowti (aka Cryptowall) and Tescrypt (aka Teslacrypt) are two Ransomware families that cyber gangs and e-criminals used  to infect  more than half a million Computers  running Microsoft Operating System and Microsoft Security Software. In fact the majority of Ransomware is targeted at the Microsoft Windows operating system and is sent as spam and e-mail attachments with the following names.

disgruntled.zip
facto.zip
headband.zip
woodworking.zip
firefly.zip

If the attachment, is unpacked, it unloads a .scr file, which if activated will launch a dropper of the Dalexis class.  It will then connects to a series of hard-coded URLs, from which it will download  CTB Locker.  CTB Locker will change  all your file name extensions to .crypt however the various flavours of Ransomware can change it to any of these  file name extensions listed below. (NB! This list is not exhaustive)

*.aaa
*.abc
*.cry
*.cpyt 
*.crypt 
*.crypto
*.darkness
*.ecc
*.enc
*.exx
*.ezz
*.kb15
*.kraken
*.locked
*.nochance
*.obleep
*.vault
*.zzz

One way to combat Ransomware is to keep a snapshots of the files in a secure area of your network that wouldn't be affected by Ransomware if the  machine is infected. Alternatively store an offline backup image of your hard drive so that your data can easily be restore. Refrain from downloading or access e-mail attachments from people you don’t know and never  click on  e-mails links you receive from unknown e-mail addresses. Also make absolutely sure your  anti virus / security solution is up to date and able to detect and block CTB Locker, and change your online security protection level by adjusting your web browser security settings.

THE DEEP WEB

THE DEEP WEB

For the past few months, Hackers have been making it to the news headlines virtually everyday and a lot has also been said about the "Deep Web". It is said that terror outfits flourish in the "Deep Web" and black market goods from illegal drugs, medical prescriptions, and firearms, etc, can be purchased directly from websites like Alpha Bay, Dream market, Korova, Outlaw Market, Valhalla (Silkkitie), etc,  and you can even hire a hit man to kill your mother-in-law. Having said purchase, implies online credit card transactions, but using this form of payment on the "Deep Web" could render your banking account empty. The way to transact on the "Deep Web" is to make payment with Bitcoins. Bitcoins are rapidly becoming one of the most popular currencies for both online and offline transactions. Bitcoins can be purchases from Silkroad and will require you to set up an account. Transactions are done with a a bitcoin address and a unique private key / PIN number (private wallet software). 

But first, the "Deep Web" is also known as the  "Invisible Web" and the "Hidden Web", which is Internet jargon (search terms) referring to the content on the World Wide Web that are not indexed by search engines. Many believe the "Hidden Web" to be 97 percent larger than the Internet as we know it, of which only 3 percent is available to search engines.  This is true to a degree because most private networks that make up a huge chunk of the Internet do not permit  web spiders to crawl their sites because their robots file denies access to web crawlers hence not available in regular search results. It is also said if you need to buy anything illegal from sites in the "Deep Web" you have to access the sites via a a VPN using a Tor browser in order to fly under the radar of the FBI and CIA and NSA. 

If you desire privacy and a degree anonymity when browsing the net, then the Tor network is an excellent idea, but you sacrifice speed. If you are using Linux then JonDo IP changer is a safer option than Tor. A Whonix-Gateway distro, provides even better protection against IP and location discovery on a Workstation. Then there is also the Tails distro which includes really cool networking features, using the Tor browser that does a good job of hiding  your identity and prevents traffic analysis by zig-zaging your connection through an array of anonymous servers.  These systems are secure but if you download anything fro the Internet via Torrent Network you still risk to expose your IP number which can be easily traced. The Tor browser can be downloaded here.

CYBER WARFARE

CYBER WARFARE

On Friday the 13th November 2015, social network giant Facebook deleted the group page of the Cyber Hacktivists  Anonymous which was exposing a list of more than a thousand pro-ISIS social media accounts. Facebook announced that the existence of the group was a "violation of their Terms of Service and Community Standards" and subsequently banned all Anonymous administrators, without prior warning and without giving any reason. Exposing the pro-ISIS accounts was in retaliation to the bloody terror attacks in Paris that claimed the lives of more than 130 people and left over 352 injured. The hacktivist collective Anonymous has publicly declared total war against ISIS. One of their spokespersons, spoke in French, on a video posted on YouTube saying  "Anonymous from all over the world will hunt you down. Expect massive cyber attacks" whilst hiding behind their signature Guy Fawkes mask.  

The French Interior Minister Bernard Cazeneuve also said that "war" had been declared on France and that "anybody who attacks the Republic, the Republic will fight back." "They will not destroy the Republic, it is the Republic will destroy them," he added. In retaliation French jets have been bombing  the ISIS stronghold of Raqqa, Syria since Monday the 16th November. 

Meanwhile, in response to Anonymous' statement, the militant group ISIS  released a statement, responding to Anonymous’ declaration of total war, calling them IDIOTS, and suggesting anti-hacking tips to their supporters to protect themselves against cyber attacks. The reply from ISIS to the Anonymous group was sent via one of the ISIS-affiliated official channels, dubbed “Elite Section of IS”, using the messaging app, Telegram.

An Anti-terrorism "ethical" hacker group known as Ghost Security Group (GSG), going after ISIS says that ISIS regularly use cryptocurrencies to fund its terrorist operations.  Adding that they hired a team of blockchain analysts to trace several Bitcoin addresses and found one  account containing $3 Million in US dollars worth of Bitcoins. 

Even though ISIS is called the Islamic State is has very little to do with Islam if any. ISIS is an abbreviation for Israeli Secret Intelligence Service a.k.a  Mossad (Israel's intelligence agency). ISIS is in fact a collective American-CIA-Mossad-Saudi Intel Covert Operation. Fidel Castro  slammed the  USA/Israel for creating ISIS and retired Lieutenant  General  Ian McInerny said “We have helped create ISIS”. NSA documents leaked by Edward Snowden revealed that British and American intelligence agencies and Mossad worked together to create the Islamic State of Iraq and Syria (ISIS).”  The leader of ISIS is known as Abu Bakr Al Baghdadi but his real name is Elliot Shimon, a Zionist Jew born from two Jewish parents, trained by Mossad in espionage and psychological warfare against Arab and Islamic societies.  He is a blackhat hack. The ISIS objective is to create unrest and chaos in the middle east -from Pakistan to the Mediteranian Sea, by deceiving the brain-dead public with the "Renegade Muslim" facade in plain sight while they steal the oil and gas.

The Iran-Iraq-Syria Pipeline and the Qatari pipeline needed access via Syria to reach the Mediterranean coastline for the oil tankers to transport it to the Americas. In order to control the the pipeline from end-to-end America declared war on Sadam Husain for weapons of mass destruction and in the process vanquished Iraq killing thousands of Iraqis, taking control and setup several US army bases. A blink of an eye later, America's war on terror attacks Afghanistan demanding that the Taliban hand over Osama bin Laden and expel al-Qaeda, vanquishing the country killing thousands of Afghans, taking control and setting up several US army bases. Then, sanctions against Iran for their used of Uranium  for electrification and its possible use for weapons of mass destruction. But  they still working on Iran. Meanwhile Syria the last piece of the puzzle goes up in flames  with barrel bombs being dropped on the masses and America declaring was on ISIS on all fronts  and bombing the Syrians into submission. All the ISIS killings are purely collateral damage  because with the pipe line is more valuable than people. With all this middle  eastern turmoil, ISIS has now grown into veritable armies with modern advanced weaponry and vehicles with thousands of foot-soldiers covering the faces so that the masses cannot identify them as Caucasians. To achieve their goal of  world domination / new world order, with America at the helm, they have unceremoniously killed tens of thousands of innocent bystanders. 

Be that as it may, France is currently in the global spotlight because as few as 130 innocent people were killed yet the entire civilized world turns a blind eye when tens of thousands of innocent Palestinians men women and  children are massacred by  Israeli settlers, gunmen and Israeli Government policies. Conservatively speaking, between 2000-2005 as many as 4,907 Palestinians were killed and as many as 8,611 wounded and between 2006 and 2015 as many as 5,500 Palestinians were killed and as many as 20 400 wounded, but spotlight, not even a candle. Shame on all of you!