Skip to main content

Help, someone's trying to hack my Facebook account!

So I received a phone call with a friend saying the exact words in the title.

This friend suddenly started receiving password notifications for several of their social networking sites (Facebook, Twitter etc) and other applications. The more interesting aspect is that this friend has an upcoming legal case so the multiple password notifications from independent applications and sites was a little more than conincidental. Given all the incorrect uses of the word "hacker", I refuse to call this person or people "hacker(s)" and really, what he/she/they did is not that subtle.

I had some advice for my friend, which I first bounced off another good friend, Brian Honan, who was extremely helpful as always and had some awesome additions.

So this post is not intended to tell you how to be safe on the Internet or how to harden your laptop/destop/phone. I simply thought I'd publicise this advice in case anyone-else ran into the same scenario (bear in mind that this advice is primarily intended for a non-technical person, who may have to contact law enforcement -
  • Record everything. Using a bound notepad (not the type you can tear a page from), note every event with date and time of each incident, as well as the actual details of the incident.
  • Print out all emails, messgaes, screen shots etc that relating to every incident encountered. 
    • Date each incident and link it back to the record in the notebook.
  • Report it to law enforcement, they may not be able to do anything but at least it will be reported to them and they will have a record to go back on if it becomes serious. 
    • The notebook and printed evidence will obviously help with initial report and any subsequent reports.
  • Likewise report to the provider's security team (e.g. Facebook, Twitter, LinkedIn [I could only find a link to the hack, not their Security Team :(], Google etc - they all have their own security team and they should be pro-active in helping). Some companies have a "security team" in name but not in reality so your email will go to trash essentially or in geek terms "/dev/null". However, again, there is a record.
  • Report every incident to both bodies. Do not leave anything out.
  • Change passwords and use enhanced security of any service they are using, e.g. Gmail and Facebook have advanced security settings. Use two-factor authentication where possible. As we all know, nothing is infallible but raising the bar helps and tends to discourage the vast majority of attackers onto an easier target.
  • Run regular AV scans on all your machines (do not flame me for recommending AV, I know the many short-comings, however, for all its failings, it does have a place for many end-users and it will catch the "known" stuff.
  • Decouple any applications from their social network profiles. If you log into any site "with Google" or "with Facebook" etc, remove that facility from the site and set up a unique password that is complex, difficult to guess but that you can remember.
  • If required (given the many unique passwords that you now have), use a password manager. Some folk like them, others don't. I feel that most users have a tendency to use simple, common passwords or simply re-use the one complex password, both of which have been shown to be the case in multiple hacking stories this year, and ultimately password managers strongly discourage this behaviour. Overwall (imho) the advantages outweighing the negatives (such as single point of failure), although I prefer not to have my password managers in the "cloud", rather on local systems that I have physical access to. For a much more detailed discussion check this link out.
This list is not perfect, nor is it endless and I'm happy to modify it based on valuable suggestions.

The blog post is intended to help others (non-technical, not as Internet savvy as many techies) who believe their Internet accounts are being attacked for whatever reason.

Just my 0.02c and I thought I'd share.....

Comments

Popular posts from this blog

Being a Support Engineer @ 10gen - Part 1

There's a mis-conception around the role of a "Support Engineer".  As a clue, it's not what Urban Dictionary   says   - A person whose job is to answer calls from customers of a small- to large-sized company...... They are teathered to a their desk all day via phone headset........ phone jockeys usually hate their jobs.......they are are paid well enough..........until they completely burn out, and hate everyone.   and doesn't always involve this - Image Source: http://half-bakedbaker.blogspot.ie/2009/11/cannoli-and-broken-computer.html As you can see  here , there's lots of open roles in  10gen  and more specifically with 10gen, in  Dublin . I thought I'd write this quick blog to explain what Support Engineers actually do and why I joined 10gen as a "Support Engineer". I could be wrong but didn't Google come up with term " Site Reliability Engineer " to do away with the stigma associated with being a

MongoDB Authori(s|z)ation

Introduction Having answered numerous questions on the new and old authori(s|z)ation within MongoDB, I thought I'd write a short blog post explaining how things work as there seems to be some confusion. What's New Prior to version 2.4 , there was a very basic sense of "Role Based Access Controls" (RBAC) within MongoDB as there were only two roles - read readWrite which is quite limited. For example, if the user has "readWrite", that user is essentially "root" and the user can add/remove users as well as inserting data into the database, i.e. there is no role segregation. Version 2.4 added in the following 3 core roles - userAdmin dbAdmin clusterAdmin with a notable extension such that there are now 4 roles that apply across all databases - readAnyDatabase readWriteAnyDatabase userAdminAnyDatabase dbAdminAnyDatabase This increased RBAC is a significant improvement from a security perspective in MongoDB. It is imp

Separate MongoDB Syslog by Facility

In my last post , I showed how you can set up MongoDB v2.2 to syslog its logs off to a remote syslog server. As my `tcpdump` snippets show, the syslog messages hit the syslog server tagged as "user.info", which means that they're assigned to the "user" facility with a severity level of "info". I've received a few questions regarding the possiblity of splitting out syslog messages by facility, however, as everything is currently sent to a "user.info" bucket, so-to-speak, this is not possibility. There is a current feature request for this capability and work will be done on this but if this is important for you, I'd strongly encourage you to vote for this feature. In the meantime, however, (whilst not ideal) you can still do some host filtering with rsyslog as outlined here .