Facebook as we know is the most popular social- networking site with over a billion users, which makes it a very delicious delicacy for hackers who can penetrate the system.
This are the most popular ways that hackers are using to penetrate and hijack peoples facebook account and use it for illlegal things.
1. BruteForce Attack
Any password can be cracked easily using Brute-force attack. Brute-force attacks are series of techniques that try every possible combinations of numbers, letters and special characters until the right password is match.
Brute-force attacks usually take a very long time depending upon the complexity of the password. The time required to crack the password is determined by the complexity of the password and the processing speed of the computer.
Countermeasure: Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.
Example: Passwords like “12345” or “password” can be cracked easily with this technique unlike passwords like “tHIS_2MaRtG33K”
2. Social Engineering
According to Wikipedia : Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.
In a lame man understanding Social engineering is process of manipulating someone to trust you and get information from them.
For example, if a hacker wants to get the password to a workers laptop, he may call another co-worker and act like his supervisor. Sometime hackers call the victim pretending to be from bank and ask for their credit cards details.
Countermeasure: If someone tries to get your personal or bank details ask them few questions. Make sure the person calling you is legit. Never ever give your credit card details on phone.
3. Rats And Keyloggers
In key logging or RATing the hacker sends key logger or rat to the victim. This allows hacker to monitor every thing victim do on his computer. Every keystroke is logged including passwords. moreover hacker can even control the victim’s computer.
Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated.
4. Phishing
Phishing is the most easiest and popular hacking method used by hackers to get someone account details. In Phishing attack hacker send fake page of real website like facebook, gmail to victim.
When someone login through that fake page his details is send to the hacker. This fake pages can be easily created and hosted on free web-hosting sites.
Countermeasure: Phishing attacks are very easy to avoid. The url of this phishing pages are different from the real one. For example URL of phishing page of facebook might look like facbbook.com (As you can see There are two “b”). Always make sure that websites url is correct.
5. Rainbow Table
A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm such as md5 and is transformed into something which is not recognizable.
A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very commonly used hashing algorithm to store passwords in website databases is MD5.
It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords.
Example: ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592 and zero length string (“”) is d41d8cd98f00b204e9800998ecf8427e
Countermeasure: Make sure you choose password that is long and complex. Creating tables for long and complex password takes a very long time and a lot of resources
6. Guessing
This seems silly but this can easily help you to get someones password within seconds. If hacker knows you, he can use information he knows about you to guess your password. Hacker can also use combination of Social Engineering and Guessing to acquire your password.
Countermeasure: Don’t use your name, surname, phone number or birthdate as your password. Try to avoid creating password that relates to you. Create complex and long password with combination of letters and numbers.
To the outside world, I'm just an ordinary geek. But in secret, I work to make my world information-safe. In order to succeed, I must become someone else... I must become something else.