Hacking Archives - SocialHax

A 19 year old Becomes a Millionaire by Hacking

Posted on March 9, 2019by piratech

A Teenager Becomes a Millionaire Through White Hat Hacking:

Hacking often refers to the breaching of information without a person’s consent or knowledge. It basically is the unauthorized intrusion into a computer or a network. It can be used to alter or change a system for different purposes or goals. Hacking can also mean the involvement of unusual or improvised alterations to equipment or processes.

A hacker has expertise in computer skills, and will know their way around systems and security features. They are often skilled programmers who use their technical knowledge to exploit bugs in order to break into computer systems.

The above-mentioned information is a very generic definition of hacking, It is what most people associate with “hacking” or “hackers”. They’re often used in a negative connotation, giving us the same feeling whenever we come across these words. However, it is very important to clarify that hacking is not only used in a negative sense. In fact, “ethical hacking” is on the rise.

“Ethical hacking” is also known as penetration testing. By definition, it is an act of intruding/penetrating into system or networks to find the threats and vulnerabilities in those systems which a malicious attacker may find and exploit, causing loss of data, These vulnerabilities could also lead to financial loss or other major damages. Ethical hacking or “white hat” hacking is different from intrusive or “black hat” hacking, in that its purpose is to increase and improve the security of the networks or systems. It does this by fixing the vulnerabilities found during testing. The tools and methods of ethical hackers might be similar or even the same at times, but the intentions and reasoning behind the act are totally different.

Recently, a teenager named Santiago Lopez made millions of dollars utilizing ethical hacking on HackerOne.

HackerOne is the number 1 ranked platform that helps organizations find and fix critical vulnerabilities that have the potential of destroying or exploiting your information in any sense. HackerOne is well known and has partnership with the U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,200 other organizations in order to find and protect them against all kinds of vulnerabilities.

Like most of the hackers, Lopez is also self-taught. His specialty and expertise lies in finding Insecure Direct Object Reference (IDOR) vulnerabilities.

Lopez first gained interest in this field from watching a movie about hacking. His interest grew in this area, and then he started watching and learning to hack from online tutorials and by reading blogs. At the age of 16 he signed up for HackerOne, not knowing what he was getting into. He knew that he had to hack into company databases and he kept his name @try_to_hack in order to motivate himself further. He still goes by this name. Once he had signed up for HackerOne, he earned his first fifty dollars in a few months and that’s what motivated him further and showed him a path that he could do it.

Lopez continued making the internet a better place for many people who are associated with and have put their entire trust in HackerOne. Lopez choose ethical hacking because; “To me, this achievement represents that companies and the people that trust them are becoming more secure than they were before, and that is incredible.”

So this is how Lopez, a 19-year-old teenager worked his way up in the hacker community and proved himself by earning the first million dollars of his life. His story is a textbook definition of how practice, enthusiasm and talent matters – and is needed to get the top spot in any field.

Hacking News

Hacking School Computers to Change Grades

Posted on April 6, 2018by adezero

Hackers recently targeted a Virginia high school in order to change the grades of multiple students. The hackers were able to obtain access to teacher accounts when they sent out a phishing link. The phishing link was included inside an email that pretended to be from the “Oaktown High School’s Honor Council” dedicated to “honor and integrity”. The link then directed the user to a malware site, which downloaded key logger software onto the computer.

A key logger records strokes on the user’s keyboard, including passwords and other sensitive data. That information is captured by the hacker, giving them the ability to access the user’s accounts.

Hacked School System

The Virginia high school hackers used their access to make several changes in the school system:

After the emails began circulating, there were multiple cases of grade changes being requested, as well as students’ passwords being changed and emails being sent through remote log-ins, according to the search warrant. The court document does not say whether the hackers were successful in changing any grades, and Fairfax County Public Schools officials declined to say. –The Washington Post

Hacking Grades Could Result in Heavy Charges

Law Enforcement haven’t found the high school hackers, but if they do, charges could be steep.

There was a recent case of a University of Georgia student who hacked into his professor’s computer in order to alter his grades. He was charged with over 70 counts of computer forgery and computer trespassing.

According to the Washington Post, these types of grade-changing hacks are increasing. There are also services for hire to help students change their grades through hacking, as well as YouTube tutorials.

Photo credit: Katy Levinson

Hacking News Social Media

YouTube Staffer Live Tweets Shooting, then gets his Account Hacked

Posted on April 3, 2018by adezero

A YouTube staffer was live-tweeting about the active shooting when it happened at the YouTube headquarters earlier today. Shortly after, his Twitter account was briefly hacked.

Earlier today, a woman open fired at the YouTube headquarters and tragically shot 3 people before taking her own life. Vadim Lavrusik, a product manager at YouTube, was live tweeting the incident as it was happening.

Active shooter at YouTube HQ. Heard shots and saw people running while at my desk. Now barricaded inside a room with coworkers.

— Vadim Lavrusik (@Lavrusik) April 3, 2018

Not an hour later, Lavrusik’s account was breached by hackers.

At about 2:10 p.m., after Lavrusik tweeted that he was safe and evacuated, a new tweet came up from the account, writing, “PLEASE HELP ME FIND MY FRIEND I LOST HIM IN THE SHOOTING,” with a Flipboard URL linking to a photo of KEEMSTAR, a YouTube personality.

Three minutes after that tweet, another post came in saying, “my name is so gay honestly.” -CNET

looking like someone hacked vadim’s account, per last two tweets pic.twitter.com/Hy66RxAWXj

— ಠ_ಠ (@MikeIsaac) April 3, 2018

Twtter’s @Jack was alerted to the issue and promptly restored his account.

Three people have been reported to be injured in the shooting, they have been taken to the hospital.

Hacking News

Rhino Horn Auction Page is Hacked

Posted on August 12, 2017by adezero

A webpage for a Rhino horn auction in South Africa looks like it has been hacked.

Looks like the rhino horn auction website has been hacked pic.twitter.com/jahtpiTgGz

— Rachael Bale (@Rachael_Bale) August 11, 2017

https://www.theguardian.com/environment/2017/jun/26/rhino-breeder-auction-horns-south-africa-rhinoceros

A breeder planned an auction of rhino horns in South Africa. This is what the Guardian tells us about the auction:

A rhino breeder in South Africa is planning an online auction of rhino horns to capitalise on a court ruling that opened the way to domestic trade despite an international ban imposed to curb poaching.

The sale of rhino horns by breeder John Hume, to be held in August, will be used to “further fund the breeding and protection of rhinos”, according to an auction website.

Hume has more than 1,500 rhinos on his ranch and spends over $170,000 a month on security for the animals, in addition to veterinary costs, salaries and other expenses, the auction website said.

“Each rhino’s horn is safely and regularly trimmed by a veterinarian and capture team to prevent poachers from harming them,” it said, adding that Hume has a stockpile of more than six tonnes of rhino horns.

As of right now it appears that rhinohornauction.com is hacked. The site now reads: “Oops, your website has been seized! Everything on your website and server have been erased! Your lack of common compassion for animals is outrageous and has been dealt with properly. We have downloaded all your credentials and removed your files. Next time, do not run a website that auctions off animals, or we will auction off your data.”

Guess they were not running web hosting security from SiteGround 😉 Looks like the site is back up and running, but for how long?

The twitter account NFAgov is providing some information about the hack.

*Update 8/12/2017, 2pm EST: it looks like the Rhino Horn website is back up and in tact. However, the NFAgov twitter account promises, “they won’t be shortly”

Hacking News Social Media

Hackers Find Exploit and Reactivate LizardSquad’s Twitter Account

Posted on September 3, 2016by adezero

On September 2, hackers calling themselves “Spain Squad” used an exploit to take control of several previously suspended Twitter accounts. Among these accounts were usernames like @Hitler, @botnet, @LizardSquad and @1337. Twitter re-suspended all of the breached accounts shortly after the hack, but it is unclear whether or not they are still vulnerable to this exploit.

One of the hackers aligned with Spain Squad tweets about reactivated accounts.

“It could be a vulnerability in Twitter’s software, a compromised staff account, or some other explanation. It’s also unclear whether the exploit is still active, or was patched concurrently with the banning of the hijacked accounts.” (Business Insider)

A spokesperson for the hacking group has stated they can do even more than recover old accounts with the exploit they found:

“The new exploit allows Spain Squad to change to suspend active accounts, change a user’s Twitter handle and even take control of active accounts. So far, the group has only demonstrated the ability to recover officially suspended accounts — though all of those have already been re-suspended by the social media company.” (Engadget)

Twitter actively suspends accounts that violate their Terms of Service (TOS). Sometimes these suspensions can be temporary and the user is able to restore their account after acknowledging broken rules and promising not to violate TOS again. Often, the user must delete offending tweets before the account will be restored. Alternatively, a Twitter account can become permanently suspended, which means the account is never to be restored under any circumstances. Restoring access to accounts that were thought to be never again accessible could prove to be profitable for hackers selling screen names that may be valuable. However Spain Squad claims to be non-malicious. Whatever their intent, they were definitely doing some of it for the lulz when they took control of the LizardSquad account:

Hacking Security

Are The Shadow Brokers Like Snowden? Theory Suggests Insider Hack

Posted on August 23, 2016by adezero

By now, most of our readers have heard of the Shadow Brokers, the hacker group who obtained a large trove of data from the National Security Agency (NSA) and leaked information about the NSA’s cyber tools. The cyber tools were apparently stolen from the Equation Group, a cyber attack operation who experts believe are part of the NSA.

(Watch a quick overview about the NSA hack – “NSA Reportedly Hacked By Group Called The Shadow Brokers”):

Initially, evidence suggested that the Shadow Brokers were Russian, but a new theory is emerging that whoever is leaking this data might be “a second Edward Snowden… albeit one with different motives” (Fortune). James Bamfield, a journalist who is well known for his publications about United States intelligence agencies, believes that Russia would not want to publish these hacks if they obtained them, because companies would quickly patch their vulnerabilities and the information would soon be worthless to anyone trying to sell the data. He also brings up that the bad English used by the hackers seems to be phony. Furthermore, he suggests that the hacker(s) could be linked to the NSA’s Tailored Access Operations (TAO) which is a unit of the surveillance agency that gathers intelligence related to cyber-warfare. He states:

“Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations” (Reuters).

As of now, the “second Snowden” theory is just that – a theory. Most experts still say Russia is behind the hacks. Nevertheless, as Bamford puts it in his commentary – the “NSA may prove to be one of Washington’s greatest liabilities rather than assets.”

Hacking News

Hacker Steals User Data from Epic Games Forums

Posted on August 22, 2016by adezero

The usernames and email addresses of over 800,000 Epic Forums users were stolen by a hacker. According to Leakedsource.com, the attack happened on August 11. The hacker obtained the data by exploiting “a known SQL injection vulnerability found in an older vBulletin forum software, which allowed the hacker to get access to the full database” (ZDNet). In addition to the usernames and email addresses, the database contains scrambled passwords, IP addresses, birth dates, and activity such as posts, comments and private messages. Access tokens for Facebook were also breached. Epic Games has stated that the scrambled passwords will not be not easily crackable.

An Epic Games Spokesperson says that passwords do not need to be changed for the Unreal Engine and Unreal Tournament forum but a “compromise of our legacy forums covering Infinity Blade, UDK, previous Unreal Tournament games, and archived Gears of War forums revealed email addresses, salted hashed passwords and other data entered into the forums. If you have been active on these forums since July 2015, we recommend you change your password on any site where you use the same password.”

Epic’s Forums were also hacked last year.

Hacking News

Did Another Hacker Steal NSA Exploits from the Shadow Brokers?

Posted on August 22, 2016by adezero

A Twitter user who goes by @1×0123 claims to have stolen the data that The Shadow Brokers hacked from the NSA.

Gizmodo reached out to the hacker and were unable to verify their claims. However, back in April, NSA whistleblower Edward Snowden, gave them praise for reporting a vulnerability which may lend some credibility.

Thanks to @1×0123 for reporting a piwik vulnerability to @FreedomofPress! Great work. Got a bug report? Please contact @ageis with details.

— Edward Snowden (@Snowden) April 10, 2016

The hacker says they just need “some money to pay bills and stuff” and offered to share 50% of it with Gizmodo if they wanted to make an offer.

Hacking News Security

Facial Recognition gets “Hacked” Thanks to Facebook

Posted on August 22, 2016by adezero

Facial recognition technology is utilized in many different systems. Biometric software is used in facial recognition tools for security purposes and other applications such as social media marketing. Algorithms use a statistical approach to identify facial features – and facial recognition is increasingly used as a crime-fighting tool. In the future it could be used to monitor employee attendance at work, to enhance security measures at ATMs and to prevent voter fraud. Many privacy advocates see a problem with this technology because it could quickly turn us into a surveillance society.

University of North Carolina researchers have discovered a way to get around facial recognition security. By using a virtual reality (VR) system to develop 3D models of the face, they were able to trick the biometric security measures. They did this with just a handful of photos found on Facebook and were able to fool the systems more than half the time (Newsweek).

Clearly this is a huge security flaw in the technology which means other types of “verifiable data” would need to be used for authentication in order for facial recognition to be a feasible option. One technique that could be used is the detection of infrared radiation which would be given off by a real face, not a 3D model (Techworm).

For more information on how facial recognition technologies work, check out this video from Brit Lab:

Bitcoin Hacking News

A Seized Silk Road Wallet is Moving Bitcoin to the NSA Hackers

Posted on August 22, 2016by adezero

Last week, a group called the “Shadow Brokers” claimed to have hacked the NSA – stealing their code, exploits and spy tools. They leaked bits of information on GitHub and claimed the information was stolen from the Equation Group, a group who most believe is a computer surveillance wing of the NSA. The Shadow Brokers says they will auction off the data to the highest bidder. Leaks from Edward Snowden have demonstrated that this hack is legit. (The Register) Security experts believe that the hacker group is Russian.

Now it appears that there are some Bitcoin moving from a seized Silk Road wallet to the Shadow Broker’s auction. This leads some experts to believe that “the US government is potentially bidding to prevent stolen NSA exploits and tools from ending up in the wrong hands”. It could also mean that the government might be making an attempt to trace where the Bitcoins are going. Additionally, it must be noted that the co-founder of a major Bitcoin investigation company says that payments are also going in the other direction. This could simply indicate that spam is being sent in very small payments to famous addresses. (ZDNet)

So far, the Shadow Brokers have collected around $1000 in Bitcoin payments – a far cry from the 1 million Bitcoins they have demanded (which would be worth just over a half a billion $USD at the time of this writing). The U.S. government seized several thousand Bitcoin when shutting down Silk Road, so this may be their source of funds when dealing with the Shadow Broker hackers.

Learn more about the Shadow Brokers hack of the NSA here: