Monday, 13 March 2017
In a perfect world, we could all sit back and just trust that our governments will do the 'right thing'. We can believe that the CIA, FBI, NSA are the good guys and there to help and protect us. We can believe that they are the 'good guys' and they are protecting us from the 'bad guys'. In a perfect world ...
The problem is we do not live in a perfect world. You just need to read the news to see how governments are hacking one another. How the 'good guys' wants more power and control to protect us from the 'bad guys' but how they misuse and abuse their power.
I live in South Africa and on a daily basis we read in the news how top government officials - even, and especially in the police and security sector - are attacking one another and exposing how the others are using their positions for self enrichment through corruption.
We live in the real world where there are no black and white (100% right or 100% wrong), but multiple shades of grey. No government or organization can be completely trusted. Not everyone working at that 'good' agency is 'good' and there will always be people that abuse their power.
We need wikileaks, we need hacktivists, we need people that fight for our privacy.
At redpill we understand that it is possible to abuse hacking tools and use it for cyber crime. We are constantly considering removing redpill Hacker from the internet for this reason. We however also understand that there are those who needs tools like redpill Hacker to fight for the truth.
Saturday, 28 January 2017
Please Note: The purpose of this article is to inform people of how hackers can steal information and to prevent the illegal and criminal use of Penetration Testing Software like redpill Hacker.
Cyber-criminals can install key loggers on your computer to get your login details. Sites that require a more secure form of log-in will send a verification code to the user's mobile phone (SMS - OTP) to prevent this type of attack. It is mostly banks but also other sites (think of Google's two step verification) that uses this method.
So how do hackers get past the mobile verification step?
Easy - The ask the user what the code is! It is called social engineering and this is how it works:
- They get information about you - usually everything they need they can get from your facebook account. All they need to get started is your email and phone number.
- They then use hacking tools to get your username and password from your computer.
- They will then give you a call claiming to be from the company (bank/google/etc) and informing you that they had some problems with users complaining that incorrect verification codes are being sent. They will inform you that they are doing random checks and will ask your permission if they can send you a verification code (giving you the illusion that you are in control).
- When you agree, they log into your site. You will then receive the code and it will all look very legit to you.
- To put you even more at ease they will then read you a code that you need to confirm. When it is wrong (it obviously will be) they will reply "oh no, not another one! What is the code that you received?"
The next text message you will receive from your bank is to inform you that the money was successfully transferred from your account!