was successfully added to your cart.

Someone Spying on Your Phone ?

By | Case Study ! | No Comments

Recently a person reached out to me for a forensic analyses of his phone. Intrigued I asked him to explain the problem. He didn’t want to discuss this on the phone and asked to meet-up. We met in a cafe.

The man (Lets call him K) wanted to know if his phone is hacked and if someone has accessed his messages.K was not too tech savvy but well versed with his phone and used typical applications such as Whatspp, Uber etc. He had not used a password to lock the screen until recently. He wanted to know if someone had copied messages from his phone when he left it unattended.

Now that is such a difficult question to answer. Copying can be done in so many ways and in this context could also imply taking a screen grab from other phone and there is no way one will have any sort of valid log of that activity. So unless there is bit more context and details for this query it would be really hard to investigate.


I gently nudged him to share the context for the request so that I provide him a right solution.  Here is the story, he was in the process of separating from his wife and during one of the fights she had threatened him saying that she has copies of his messages and will show the world the kind of person he is. He was paranoid and suspected that she had installed spying software and will use the messages out of context way to malign him.

I took a look at his apps to see if any suspicious software is installed. The samsung phone had two apps called shareit and shareall-dongle, both used to sync data and files between various devices. I asked him if he has installed them, he hadn’t.  While these are not necessarily spying software per say, but can be used to siphon out data to another device. Another redflag was the phone being backed up to a google drive with an unknown gmail account. The data usage etc seemed normal so any surreptitious data transfer is ruled out. We deleted these and kept the app footprint to few favorite apps. I also disabled bluetooth and other connections just to be sure.

Anyway all these measures are for future and we have no way of knowing for sure what happened in the past. Only small consolation is such illegally acquired messages will not be admissible as evidence. Domestic situations are really complex and can defeat best of the security measures.

So if you want to make sure you aren’t spied on, follow this simple steps. (This isn’t exhaustive and doesn’t cover more sophisticated attacks. A post on that will be put up shortly)

  1. Check application folders for any unknown apps.
  2. See if the data usage has increased for no reason.
  3. Check if you are receiving any Strange SMS (sometimes used to control the spying applications)
  4. Check your automatic backup settings.
  5. And finally keep the screen locked and dont store sensitive data on SD cards.


WordPress hack attempts.

By | Case Study !, Hacking | No Comments

One of the given perils of this business is you become prime target for hack attempts. A quick look at the history of security companies (From RSA to recent hacking team) shows that, it is imperative to  expect successful and unsuccessful hacks.  So we weren’t surprised when we got the below alert last week from word press.

word press alert

word press alert

The IP turned out to be from a very well know hotel in Kansas. They advertise complementary wifi in hotel rooms, lobbies and coffee shops. It is very hard to say weather the hacker is a resident of the hotel, an insider, a bot or some hacker sitting in their coffee shop. We did the prudent thing to do, sent the “hotel contact” a detailed information of the alert. Hope that will lead them to something that they can fix.

Coming back to the hack itself, the fact that saved this site from further damage is the security settings that wordpress provides. We have limited the login attempts to bare minimum. We have also taken all the security precaution possible (except hiding the wp-login link, which we have corrected now).

If your website does get hacked and it is a wordpress hack please check this for a detailed analyses and recovery. Of course official wordpress article does have  a very detailed list of steps both to prevent issues and recovery https://codex.wordpress.org/FAQ_My_site_was_hacked.

Gnawing suspicion of hacked gmail ?

By | Case Study !, Hacking | 3 Comments

Couple of days ago a friend of mine called me frantically and asked me for the help. She suspected her gmail account is hacked. Apparently few of her friends called her and said they are getting strange messages from her account. I took a look at her account. It wasn’t hacked, it was just a virus that she contracted while she clicked a spam email.

However her paranoia was justified, because gmail happens to be account recovery email for many folks. It is usually tied to bank accounts, social media account and other important websites for recovery. If one gets access to the gmail they can get access to lot of other important sites.

Here are the steps I asked her to do just to be sure,

  • First login to your gmail and click the “detail” on the bottom right link. It will give you details of all active sessions and login information. For normal cases it will be from devices owned by you such as mobile, ipad and laptop.  To be sure logout of all sessions and login again for the next step.
  • Change your password, it is always good to change it often. The steps are well documented on the google forum https://productforums.google.com/forum/#!topic/gmail/JEu0Dlm0DAE. As you notice there are couple of additional unintuitive steps here.  You may be wondering why those steps are necessary. Here is a 30 thousand feet explanation.
    • Signatures can be used to track one by injecting invisible scrips (written in white color). So turn them off. Same is true for vacation responders.
    • Email forwards are a great way of reading your emails with out raising any suspicion. (It could be done by a close associate who has access to your computer and surreptitiously adds this while you take say a  bio brake).

She did this and reported feeling peaceful :-). Irrespective of your state of mind, it is always a good practice to do these steps for your important accounts.

Hacked Facebook Account Recovery !

By | Case Study !, Hacking | No Comments

Recently two folks contacted us through our site. One from a country known for hackers and other from Mediterranean region. One from the hacked country had details of his education and work for a good measure so that we take the case seriously (We do take all seriously and we have methods to check for spams wherever possible and sandbox most of our communication).  However Thank you for pre-emptive measure sir.

Here is the synopsis. When they try to access their account it says it rejects due to wrong password although it is the password they remember. The forgot password doesn’t work either as the hacker possibly would have changed the password recovery email.  They both wanted us to recover the account. These kind of cases do not really require too much help from experts.

Here is the process, just go here and provide https://www.facebook.com/hacked and provide the email you registered originally with. It asks for some confirmation information and then restores the account for you. You may have to wait for sometime though.

Who hacked ?

This is the difficult part !! Unless you have some other circumstantial evidence, it is generally difficult(not impossible) to figure out who hacked. Better would be to add additional security measure in the way of “login session restrictions” and two factor authentication.

In some cases the hacker is just lurking (and not blocked you out), best in those cases some idea of who this is can be gained by looking at the activity log of the sessions.

Contact us at contact@argbyte.com for more information.

Facebook Account hacked !

By | Case Study !, Hacking | No Comments

An elderly gentlemen approached us (Well he is related to one of us). He is 70+ and uses FB as a social outlet. His children live elsewhere and he uses this as a means to keep in touch with his extended family. He is also part of many social groups on FB mainly dealing with community and some religious groups as well. While he is well educated and computer savvy he isn’t a big on computer security.


His trouble started randomly. He started noticing posts supposedly originated from him on his friends timeline. The post was vulgar in nature with a video attached of what seems like a scantily clad woman. He was horrified and promptly changed his password, deleted the posts and left apologies on the friends and family’s timeline. Also updated his status saying his account is hacked and expressed opinion that this was an attack on a particular community. But the posts continued.

That is when he approached us. We first assured him that this will be solved. After looking at the few timeline updates, we realized that this was a virus running amok. So we sat him down explained the concept of virus and assured him that there is nothing personal about this and this is a random software that is doing this. Then we went about the process of cleaning his account of the virus’s. A detailed step by step process is here https://www.facebook.com/notes/port-grand-karachi/how-do-i-get-rid-of-a-facebook-virus/347039501986645. We gave him some instructions on changing the password and not installing random apps that show up on the sidebar.

He spent two days worrying if it is coming back and is happy that it is back to normal.

This was a trivial issue but in some case a real hack may happen in which case we will do thorough analyses of the session locations, activity analyses and provide a report.
In extreme cases the hacker may lock you out, in which case you (we can help) can report it to FB and get your account deleted or reclaim it.

Abusive Emails !

By | Case Study !, Cyber Bullying, email abuse | No Comments

A founder (Mr Zhao) of a boutique company reached out to us with urgency. His business was getting tarnished by unknown person. He/She (The cyber criminal) was creating fictitious email accounts and was sending abusive emails claiming to be victim of the company. Seemingly unrelated to this a business associated had filed a complaints with the authorities claiming his dues were not paid. While Mr Zhao suspected it to be of the same person, he didn’t know how to prove it and take the matter with authorities.

Thats where we stepped in. With the help of our knowledge/frameworks, we set upon to prove three aspects.

1. Analyze all the emails (fictitious and right ones) and check for digital footprint (ISP,  ip addresses, macs if any). Unfortunately in this case, it turned out to be the cyber criminal was smart and he was using a proxie(s) or VPN or spoofed ids. Note if the criminal is using public networks it would be hard to trace them.

2) We analyzed the writing content for any similarities in styles. Unfortunately here also the abusive emails were intentionally written badly and official emails were well officious.

It was almost looked like these mails were unconnected and that is when we decided to try the email tracking tools to see if the emails were coming from the same location. Using these tools we sent a reply to the abusive emails as well as official emails. And true to the suspicion it turned out that all the emails were opened at the same location, thus providing us enough data to correlate these. Armed with this the founder went to the authorities and was able to quash the claims as well as convict the person of these crimes.