Why Everyone Wants to Hack Facebook Accounts

Hi guys,

is there a way to see a person’s full Facebook profile although we aren’t friends? I don’t want to hack into the account, I just need to see the information and pictures. I just need to find out some stuff and I hope that somebody can help me. Thank you!

You see these kinds of questions all the time if you visit some deep web forum sites. More often than not, these questions come from ex-boyfriends trying to hack into their ex-girlfriend’s account. At other times, they are current boyfriends trying to see if they can find some incriminating information about their girlfriends. Where are the females? It seems they prefer to look for answers on the regular web. It doesn’t mean they are any less interested in hacking into Facebook accounts than males. In fact, interest in hacking Facebook accounts seems pretty balanced across the genders.

That said, there are some differences in how the genders treat ex-partners on Facebook. Females, at least teen females, are more likely to unfriend their exes, as shown in the following diagram from Pew research.

fbgirlbehavior

This could lend some support to the statistic that finds a 60-40%, male-female stalking percentage. The fact that more men than women would be unfriended by exes may lead to their stalking-like behavior.

However, women do, in fact, worry about current and ex-boyfriend behavior. This is a typical request from a worried woman.

… my gut telling me he’s cheating on me. Is there anyway I can hack into his Facebook to check? I have tried these online “hack” things but they are fake and stupid. So is there any proper website that’s free that can help me hack into it? I don’t want some stupid one that says “do this survey and you will get the code” etc. please help!

She is referring to websites that offer to help people like her. Many people wanting to hack into a Facebook account may be lured in by sites that promise to do just that. Some of these sites even claim they will do it for you for free. That’s pretty hard to resist. But like most things that seem too good to be true, this certainly is.

Here’s how one of them works. You are told to type in the URL of the Facebook account you’d like to hack. If you do this, you will see a progress bar looking as if it is verifying the URL, finding the password, decrypting, etc. In fact, you can type anything in the URL box and get the same results. After a surprisingly short time, you will get information that the password for the desired account has been found. The thing is, you need to get a verification code from them.  They assure you it is free, you just have to do one of the following:

fb verification

 

Yeah, it seems tempting. Just give them some information and you can access that account that’s been driving you crazy. However, doing so could give you all sorts of problems from unwanted spam to having malware installed on your computer. Oh yeah, and you still won’t get the password. I should also mention caution in hiring hackers you may find advertising in the deep web. You could easily be scammed.

Facebook knows it’s under constant attack and has implemented a bug-bounty program to give a financial incentive to white hat hackers (pentesters) who find holes in their system. Recently, pentesters found two holes in Facebook’s security. One found a problem in the verification code policy and another found a backdoor installed in Facebook’s corporate servers. Both vulnerabilities could have been, and may have been, damaging and both holes were since patched with the pentesters receiving rewards of $15,000 and $10,000 respectively. So, it’s not only regular Facebook users who are interested in hacking Facebook.

The third group most interested in hacking Facebook accounts includes professional hacking gangs and nation-states that are looking for a way into a corporate or government network. They know that if they compromise an endpoint on a network, they may be able to parlay this into a full-blown attack. Facebook is the first place these hacker go to mine for information that could help them design a good spear phishing email that will eventually allow them to get a foothold on a corporate or government network. Interestingly, all of the three types of potential Facebook account hackers will use the same ways to get into an account.

Yes, Facebook accounts can be hacked

 … and there’s really not much Facebook can do about this. And to be perfectly honest, it’s pretty easy. It has nothing to do with Facebook vulnerabilities but everything to do with individual vulnerabilities. The better you know the person you want to hack, the easier it is for you to hack them. Your friends are in a better position to hack you than your enemies.

Here are some ways people will try to compromise your account. Remember, this information is simply to prevent you from becoming a victim.

Friend Requests

 Narcissists love Facebook and love Facebook friend requests. The more friends they have, the more popular they may seem to themselves and others. Narcissists generally leave their Facebook pages open to the public. They want people to know who they are, how wonderful they are, and how many friends they have. They will rarely decline a friend request, even from people they don’t know. But remember. If your account is open to the public, anyone who sees the comment section can use it to post their own comments, whether they are your friend or not. They can even post on your timeline. What they post can include links to malicious websites, suggestions to download programs that contains hidden malware, or an image file that, when clicked on, will install malware on your computer or device. In short, having a public file leaves you open to attack.

It is a little more difficult to hack a site that is not public. You will have to get the person to accept you as a friend to get to the good information. However, according to a Pew survey, 50% of friend requests from unknown people are accepted. This percentage increases if the request is from someone who looks physically attractive. This seems to be more important for males than females (~ 60/40%).

Although you may accept a friend request from someone you don’t know, it’s better for a hacker to pretend to be, a friend of a friend. Statistics show requests from friends of friends are more likely to be accepted. Hackers often develop fake profiles to make friends. One of your friends may have really accepted a friend request from one of these fake profiles. Once part of your friend’s network, they can more easily befriend you. Remember your friend was not their true target, you were.

At some point you might get a friend request from someone you are already friends with. This may seem odd, but maybe you think they started a new account. Checking their profile, you may see all the familiar pictures and believe they are who they claim they are. However, in most cases of friend requests from someone who’s already your friend, the request is fake. It is quite possible that a hacker has taken information from a friend’s account to make a cloned account. Always contact such people through their original account or by email to verify the new account.

Advice: Don’t make your account public. Assume all friend requests are illegitimate until proven otherwise.

Keyloggers

Keyloggers are programs installed on your computer or device to record every keystroke you make. In other words, hackers can use these to discover your passwords. If they lack physical access to your device, they will need to trick you into installing the keylogger. This can be done by sending you an email. Again, if the email is from someone you know, it is easier for them to get you to, for example, open a photo that you attached. It is possible to get a completely FUD (fully undetectable)  keylogger so your antivirus programs will never know it is there.

Advice: Don’t open attachments in emails or visit suggested links from people who might be interested in what you’re keeping private on your Facebook page. Emails can also be sent from a friend who has had their email compromised, so it doesn’t hurt to check with this friend before clicking on anything.

RATs

RAT is an acronym for remote access Trojan. This is malware that an attacker can get you to install in the same way they would get you to install a keylogger. A RAT, however, is far more powerful. With one of these, an attacker can see everything you do on your computer and even take control of such things as your camera. RATs often include keyloggers. In short, once someone has installed a RAT, they know everything about you and can even become you if they want. They can see everything you do on your computer and look through your Facebook page at will. They can even takeover your Facebook page by changing the password.

Advice: Generally the same as for keyloggers. RATs, especially ones that you can get for free online, can often be detected with antivirus software. Run a complete virus scan as often as possible.

Password Guessing and Brute Force Attack

An attacker may use special software (known as brute force software) to find your password. Facebook, however, will only allow a certain number of guesses which neutralizes such programs. The truth is that most people use predictable passwords. I guessed my mother’s password in 5 seconds. It was the name of her cat. The more a person knows you, the better their odds of guessing your password.

Advice: Change passwords to something completely unpredictable and make them longer, at least over 8 characters and preferably more. Make your password a unique sentence. Use lots of numbers and symbols.

What do they want?

 Identity Theft

 Bots are often used by hackers to comb the web for personal information. Such hackers want birth dates, email addresses, and other personal information to steal your identity. They can use this information to get credit cards, drivers’ licenses, and make online purchases. They often sell batches of such information in the deep web. They could also use it to destroy your reputation by using your identity to post online. Personal information is good business and no place has more of it than Facebook. If your account is open to the public and contains personal information, you are just waiting to be hacked, if you haven’t been already. The bad news? According to recent findings, 63% of Facebook accounts are open to the public.

Stalking

My guess is that almost everyone stalks someone on Facebook at some point in their lives. Statistics vary from between 80-90% for people checking out ex-partners. You may just call it curiosity. In other words, expect to be ‘stalked’ by someone at some time. However, when curiosity becomes obsessive, it can lead to true stalking. Almost all stalkers will look to Facebook for information on their victims. Most stalking is benign, but occasionally it escalates to dangerous levels. Dangerous stalkers are obsessed with gaining, or regaining, control over a victim. Facebook is the first door they will open with this end in mind.

Access to corporate or government networks

 Most major hacks these days are based on social engineering. Hackers will spend considerable time gathering information on their target so that they can write a good spear phishing email. Such an email will most often appear to come from someone the victim knows or from someone in authority. Facebook will have information that attackers can use. If, for example, the victim has recently been on a vacation and posted pictures on Facebook, a spear phishing email may make reference to the trip and photos. They may even attach some  photos of their own, ask you to open an attachment, or invite you to visit a site that matches your interests.

The attacker already knows you work for the enterprise they want to attack. They already know you are connected to the corporate or institutional network. If they can compromise your computer or mobile device, they can get onto that network.

They may have a variety of goals. Some attackers simply want to get their hands on the troves of personal information that is often stored on big corporate and government networks. Once they get this personal information, they can sell on the deep web to others who can use it to make credit cards or use it for spamming. Some may want to penetrate a network to steal money. Some hackers are looking to gain an edge over a competing company and will want to get information on their product development. Other nation-state attackers are simply looking for information that could give their country an advantage. Yes, your Facebook account has the potential to compromise national security.

As Facebook continues to grow in popularity, interest in hacking individual accounts will continue to increase. This has little to do with Facebook security strategies and everything to do with human nature. People will always wonder what their ex-partners are doing and criminals will always look for information that will help them make money. Companies and institutions can try to make their employees stop visiting social network sites or force them to make their accounts private, but they will never be able to completely stop all irresponsible behavior. Unless your company or institution has hardware separated security architecture, your employees’ irresponsible behavior online can compromise your entire enterprise. It happens every day.

 

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s