Disclaimer: This article is for entertainment purposes only and to inform the public. Social engineering is something everyone should be educated on. The following scenarios are examples to show the public and business owners how these scams work so they can protect themselves. Having said that, it is next to impossible to stop.
Read the rest of this entry »
Archive for category hacking
One of the best things about the Firefox browser is the vast array of cool extensions available. Before we even begin, make sure you’re not using a Microsoft IE browser, it’s slow and filled with security holes. If you keep with the news, you’re probably aware of the Google-Viacom situation brewing. It concerns your privacy – check out Dan’s article Viacom Wants to Know What You’ve Been Watching to get updated.
Maybe you’re watching strange videos like, “Indonesian Cucumber Sex Secrets,” or “How To Steal Someone’s Identity the Easy Way,” and don’t want anyone to know…LOL. Generally speaking, if you’re logged into your Google account, everything you surf is logged and written to hard disk – permanently – where it can be studied, dissected and reanalyzed. Your entire on line life forms your secret profile. Imagine that everywhere you drove, everything you bought, everyone you talked to and so forth was recorded via outer space satellite and studied by governmental computer algorithms (they’re probably already doing that already). Well, that’s what Google and other search engines are doing. I personally don’t want Google or anyone knowing everything I do on line. It’s not so much having privacy because you’re a weirdo freak, it’s because you’re normal and Google wants to know your every move.
Here are a few Firefox extensions that can help protect your privacy:
One of my favorite plug ins for FireFox is RefControl. One obvious use is for those who use services like Entrecard, which is an easy to understand example. What exactly does the plug in do? It allows you to control what gets sent as the HTTP Referrer on a per-site basis. For those non-tech people, I’ll explain it this way:
When I’m clicking through Entrecard, every time I arrive at a new site, the referrer is Entrecard. In other words, I arrived via Entrecard. Well, that doesn’t do me any good at all. I want every new site I arrive at, to be referred by Revellian.com, not the site I was actually referred from. Why on Earth would I want to do that?
Read the rest of this entry »
Have you ever taken a psychological profile test for a job? I have taken dozens and once upon a time could not pass one. In America (the reason I say America is because I have no idea what is needed for employment approval in other countries), certain jobs will attempt to analyze you to determine certain aspects of your personality.
Most of these tests provide somewhere between 50-600 multiple choice questions using different cross referencing techniques to determine aspects of your personality. Most try to determine your trustworthiness based on past studies and statistics. The question is, are they accurate? My determination is maybe.
Several years ago, after losing a job, I was trying to get any job to earn income between good jobs – many of us have probably done that. I applied for a waiter job at the popular restaurant Applebees. They gave me one of these psychological tests which was 60 questions. I failed it miserably. Actually, I failed it so badly that the manager let me take it again because he thought there must have been some type of freakish anomaly. The second time I took it, I didn’t read the questions; I simply guessed on every answer and passed with flying colors. Of course I only worked there for a few days because I hated it.
I applied at another job which had 250 questions on their psychological test. I was actually already hired, but had to to take the test as a formality. I failed it! The woman administering the test said and I quote, “Oh my, you scored worse than anyone I’ve ever seen in my entire life. You are not qualified to work here. Your results show an incredible amount of possible deception and strong propensity to be dishonest and steal. This shows you are level 5 red, the most deceptive type of person known. I’ve never seen anyone have this score before.”
I said, “What? I’m not dishonest. I don’t steal or anything like that.”
She said, “Well, it says here you do. I’m sorry.”
I was hired by someone I personally know, who happened to know what kind of employee I am. He pulled some strings to get me hired – without actually passing the test! That is dishonest in itself – using an inside friend to get over on a test, but I did it because I needed to work.
So, are these tests really accurate? The truth is, these tests which try to determine whether a person is likely to steal is more of an intelligence test than anything else. Here’s an example of some questions asked (yes/no questions):
- Have you ever known anyone who has stolen from an employer and got away with it?
- If someone stole something from an employer and you were aware of it, would you report them?
Think about this. If you answer yes to the first question and yes to the second, then you are a liar…right? No, this is actually the correct answer. What they’re looking for is whether or not you are analyzing the questions (as you go along) or not, not so much how you answer the questions. If you’ve known someone who stole and got away with it, then you would obviously not report them because otherwise, they wouldn’t have gotten away with it! Right?
You see, they are looking for your ability to notice things like that in the whole of the test. If you remember question to question what your answers are, then you are more likely to let a previous answer to affect following answers – this demonstrates your propensity to lie, cheat or steal. The truth is, if you fail the test, you are either extremely honest or extremely dishonest; neither of which will get you the job. This shows extremism in your personality, which the employer is not willing to take a chance on.
Another view is that you are simply too smart for the job. These tests are based on your ability to steal and get away with it. If you’re smart enough to do that, you will not be hired. I don’t steal from employees, but because I’m smart enough to and never get caught, it is too much of a risk to take for the employer. Many jobs are looking for people too dumb to steal effectively. They want you to be dumb so you’ll get caught.
If you have problems passing these tests…just guess on every question and you’ll have a 50/50 chance of passing because most have factored in the fact that you may be guessing! It’s a catch-22 for intelligent people to pass these tests. My advice is to not make any mental notes while taking it. Answer the questions quickly with the first thing that comes to mind and you’ll have a 95% chance of passing, In today’s world of tests like these, you need all the knowledge you can get.
Just so you know, I do not steal from employers. I have been fired from seven jobs for ratting people out who did steal. Nobody likes a rat, not even employers (especially not fellow employees who do steal). You see, most people do not have the guts to stand up for what is right and tell on someone for doing something illegal or wrong. These tests basically lump dishonest and extremely honest into the same category, which is in itself a travesty of justice and should be illegal.
Bottom line, don’t think…just answer, and do it quickly
The FBI, CIA and homeland security actually want people who cannot pass these tests as their top operatives because of their ability to deceive. It’s funny isn’t it? Maybe I’m in the wrong line of work. It sucks that any employer would depend on these psychological profiles. Whatever happened to actually meeting a prospective employer in person? 
Wow…today is an amazing day here at Revellian Dot Com – I could never express just how great a day it is! Earlier, well actually yesterday on July 07 at around 9:30 PM, my site disappeared. It was replaced with a site comprised of Indian Writing. I was shocked to say the least as I thought my site had been hacked. It is a horrible feeling to think your site has been stolen. Initially, I called my host (Bluehost), and they told me that I had been hacked and there was nothing I could do. I had a knot in my stomach that sat like a hand grenade in the deepest trenches of my bowels; the sudden realization that everything you’ve worked on for years – wiped out in seconds by some evil hacker – what a horrifying feeling.
To be absolutely straightforward and honest, I must tell you that there are only a few people I thought of whom I completely trusted to check out my situation: Garry Conn and Andy Bailey – two guys that really know what they are doing. I also thought of contacting Brown Baron, Mike Wheeler, Bush Mackel, Mark Sierra or Madhur Kapoor – five other guys whom I consider experts on the subject. I am a psychic even if you do not believe in psychics, and I just knew instantly who would be available at that very instant: Garry Conn. He was logged onto Googletalk – so I asked for help. Garry stepped in and started asking questions, like how to log into my WordPress account.
It’s a really big deal to just divulge your most private of information to someone, but I know anyone of these 7 guys are trustworthy, which is really saying a lot. It’s nice to know people! Let’s get to the nitty gritty. I contacted Garry Conn, and he responded instantly. What was so awesome is that Garry has 3-way calling, so we called my host together – what a great feeling to have an expert on the line with you. The first guy we talked to from Blue Host was Darren (at least I think that was his name). Garry asked him several questions and told him he believed my site wasn’t hacked, but was instead a problem with my C-Panel (the backend of Blue Host). The guy was really unhelpful and basically told us to fix it ourselves. Garry was insistent that the problem was not a WordPress issue, but was a server side issue on their behalf. I actually have two domains, one of which is not being used, but both were pointing at a strange site.
We finally talked to a superior, who actually helped. In the midst of telling us what the problem might be, the higher ranking Blue host employee discovered the problem which stemmed from them having multiple customers on the same server. In my case, the idea of having my blog hacked by some form of code injection really scared me – this is why I asked for help. Garry handled the entire situation with absolute professionalism. I really didn’t even know what to say, but Garry did – he basically commanded the guy and finally the problem was resolved. So, my site was not hacked.
In the process, I learned that I have too many plug ins and a bunch of database tables that are unneeded. I am currently cleaning all that junk out of my system. Garry said he doesn’t use any plug ins at all. I learned some valuable information in the process. If you use a plug in, contact the author and ask if if it changes your database or if it only adds something on the surface. Sometimes, plug ins do things to your database that cannot be undone – so be extremely careful when adding one. He showed me a page on the WordPress codex, WordPress Database Decription. There are only 10 tables necessary for any WordPress blog. I am cleaning out all the ones which are not needed. Before you get into deleting any unnecessary tables, be sure to back them up beforehand. If you have any questions, contact one of us for help.
I had a fantastic conversation with Garry via the phone. We talked about everything from blogging, politics to life itself – a great conversation. I could go on forever about all this, but I just want to thank Garry Conn. He really helped me out and it means the world to me. There really are great people out there, and I consider Garry to be one of the best. My blogging spirit has been renewed. Be sure to visit Garry at Garry Conn dot com and check out his incredible make money on line ideas. He wrote a great post entitled Garry Conn dot Com is Fixed! Come Check it Out! which explains some turmoil he went through during a server crisis. Maybe I could have fixed it myself; maybe someone else could have helped me; all I know is that Garry Conn is the one who did it. When you face losing everything, and you get it back with no problems – what a great feeling. Thanks Garry!
In part one (social engineering), I discussed a few ways your private information can be stolen, leading to full blown identity theft. Though I discussed popular methods, they are not the number one way to have your identification information ripped off. Criminals that want this information, don’t want to spend agonizing hours, ending up with crumbs – they want fully detailed lists, comprised of thousands of identities.
The places where are highly personal information exist are staggering. Your fingerprints, bank information, family history, drivers license number, social security number and endless other data are stored on hard drives all over the world. Any person with access, from store clerks to computer technicians can easily steal or copy anything they want.
When you hand your credit card to a waiter in a restaurant and they walk away for 5 minutes, they could easily swipe your card in a pocket sized magnetic strip copier, and have all your information. The fact is, there are so many people with access to this information, but nobody pays attention to them.
One of the most lucrative illegal businesses is selling black market copies of DVD movies. Any fourteen year old kid with clandestine Blu-Ray decryption software (which you can get for free) can start a highly profitable business right out of their cars – simply by getting a job at a DVD rental store. This allows them to attain a massive inventory, the cornerstone of any successful business. Sure, the job pays $6.00/hour, but the extra $1000.00/week selling illegal DVD’s makes that job one to keep for many young people.
A Frightening Example
A few days ago, 96 students from a San Diego State fraternity were arrested for running a highly organized, illegal drug ring – selling to anyone on campus with money. One of the students was only a month away from graduating with a masters degree in homeland security. One was a criminal justice major; another is suspected of having ties to the Mexican mafia. This is only one campus. Think about all the people who got away with similar crimes and actually do have jobs in the CIA, FBI or homeland security. It is frightening to contemplate, but happens every day.
Corrupted Law Enforcement
People believe that highly classified computer systems are secure, and surely your information is safe with them…right? Think again Sherlock. Most, if not all of the FBI’s mainframe has already been copied and sold thousands of times. You could probably buy a copy of it yourself, if you knew where to look. For crying out loud, an IRS employee could leave work everyday with hard drive back ups to sell on the black market. Some experts believe that that homeland security’s entire system was copied and replaced with an exact replica of itself. Sounds impossible? Read Joanna Rutkowska’s article Introducing Blue Pill – a fascinating post. It is possible to steal information through hacking, but the old fashioned method of just taking it is even more effective. The Hell’s Angels motorcycle gang has judges, politicians, FBI agents and many others infiltrated into the system, just to show a common example.
And then you have corrupted law enforcement, the king of all illegal information. The great thing is, when they get your information, they get everything. Sometimes they even have your DNA profile and a fresh copy of your fingerprints. This information is sold every second of every day on the black market. We live in a new world, where criminal elements – completely above the law – run and control everything you see. If you don’t believe it, you are living under a rock.
Fingerprints
The days of fingerprints being a reliable resource for identifying criminals is becoming an outdated joke. It is extremely easy to copy a person’s fingerprints. It is even possible to produce a pair of gloves with fingerprints embedded in them. Want to be someone else? Just put on a pair of special gloves. A criminal can now become anyone they want and leave someone else’s fingerprints all over the crime scene. To see just how easy it is, check out How To Fake Fingerprints. This is a basic method, but very effective. Imagine if someone made thousands of copies of anyone’s prints and sold them to criminals all over the world. It is happening as we speak.
The Art of Intrusion
I mentioned Kevin Mitnick’s book, The Art of Deception in part one of this two part series. The Art of Intrusion, his second book, takes a different approach. This offers actual case studies of unbelievable crimes committed by hackers – breaking them down into detail. Written like a crime thriller, it offers much insight into how actual hacks were achieved. You can download the free e-book version in PDF format from The Art of Intrusion.pdf. In today’s world of information super thieves, everyone of us needs to be educated in these important matters. If you are reading this article, then you need to read this book. Chances are, you probably work with information thieves, or have them in your family. They are everywhere. Like I said before, the best way to protect yourself, is by understanding how they do it. Take a stand and get informed.
Check out part 1: Identity Theft: Social Engineering
How easy is it to steal someone’s identity? How exactly do the thieves get your private information? It’s much different than most people believe. One of the biggest problems is that law enforcement is doing literally nothing to contain this worldwide problem. The answer is not in governmental Internet control, regardless of what they think.
I know many bloggers and site owners who are afraid to use their real names and pictures on the Internet, fearful their information may help out the criminals. I totally disagree with that. If you wish to protect your anonymity, do it for other reasons, not because you’re afraid of being violated. To understand how they steal your information, we must understand the criminal mindset.
LAN networks and phishing
Signing in to your e-mail account or buying something on line with a credit card is actually an unlikely place for crooks to get your information, unless it’s on a LAN network. If you use cable Internet or broadband, make sure you use a router. I personally wouldn’t plug an Ethernet cable into my computer without a router for protection. Never send private information over a LAN (local area network). For those of you who don’t understand, it’s a public network access point, like a coffee shop, hotel, college campus or at work. Never buy something on line while connected through a LAN. Your information can be stolen by any hacker using an easy to use Linux program like an Ettercap filter or many others. Using this method, the hacker’s digital footprints are virtually impossible to trace and you will never know who stole your information. Any non-technical person can learn how to steal information on a LAN in around thirty minutes – yes, it’s that easy.
Never sign into any financial account from an e-mail
If Pay Pal, or the IRS sends you an e-mail, DO NOT sign in using that link! It’s known a phishing – you may have heard of it (it’s shocking how many people don’t know really understand this). Neither one of these ever send those types of e-mails. If you get an email from pay pal saying you need to update your account information, do not answer it. If you’re concerned, Just go to Pay Pal directly and sign in. The most likely way for the criminals to get you on line is through a phishing attack.
Social Engineering
The methods listed above are not the most effective way for criminals to steal your information. The real way is through social engineering. For people like me and others interested in hacking, this is completely redundant information; however, I realize most of you have probably never even heard of it.
What exactly is social engineering? a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.
Examples of Social Engineering:
- If you have a private, unlisted phone number, it is child’s play to get it. I could call the electricity company where you pay your bill, for example, and tell them I’m doing a reference check for homeland security. I would say, “Thank you for your help. The current phone number for Mr. Doe is 555-7125-5479, is that correct?”
They answer, “No, the correct number is…”
Boom…I have your private, unlisted number. This is a simplified method, but you get the idea.
- Kevin Rose, co-founder of DIGG, had a fantastic example of social engineering on his web based video show “The Broken” about how to get free pizza for life. He walked into a pizza delivery behind a customer and stood in line so he could overhear their order. After getting their name and what they ordered, he walked out. Thirty minutes later, he called the pizza place, told them he had come in earlier and received a bad pizza but couldn’t eat it. He talked to the manager, got a free pizza comp and reordered. He went down and picked up his free pizza. He chose a place that did mostly deliveries, but used the identity of a walk in customer – very smart indeed. Just don’t be dumb enough to actually try it, you may go to jail.
The Art of Deception
Hacking is not a bad thing and hackers are not bad people. There are hackers and there are crackers (script kiddies, punks or chumps), it is the crackers who do evil things. A hacker builds things and makes them better, a cracker breaks and steals things. Hackers built the Internet, so they are beneficial people. My favorite hacker of all time is Kevin Mitnick. I highly recommend reading his book, The Art of Deception, the bible of social engineering.
I read this book a few years ago and just reread it again. The best way to protect yourself is to understand how your information is actually stolen. This book is of monumental importance – a must read for everyone. You do not even have to use the Internet to have your information stolen. This book shows you in a series of real world examples, how information thieves operate. This book will open your eyes to the true reality of how it’s done. I have the utmost respect for Kevin Mitnick for turning his life around and doing something great for society.
Check out part 2: Identity Theft: Corruption is Everywhere
Easily Put All Passwords On A Reference List
This is not for your windows sign on! This will allow you to copy all your current passwords for anything you use in your browser. This is not password hacking, so don’t worry!
Would you like a text file listing all your windows passwords? Currently, I have over 70 different passwords. They are mostly like this: $63547jft)^$8ldbhd7655790pp:.<;”. That’s one tough password to remember. Like me, you probably depend on your browser to automatically remember them for you.
