was successfully added to your cart.

WordPress hack attempts.

By | Case Study !, Hacking | No Comments

One of the given perils of this business is you become prime target for hack attempts. A quick look at the history of security companies (From RSA to recent hacking team) shows that, it is imperative to  expect successful and unsuccessful hacks.  So we weren’t surprised when we got the below alert last week from word press.

word press alert

word press alert

The IP turned out to be from a very well know hotel in Kansas. They advertise complementary wifi in hotel rooms, lobbies and coffee shops. It is very hard to say weather the hacker is a resident of the hotel, an insider, a bot or some hacker sitting in their coffee shop. We did the prudent thing to do, sent the “hotel contact” a detailed information of the alert. Hope that will lead them to something that they can fix.

Coming back to the hack itself, the fact that saved this site from further damage is the security settings that wordpress provides. We have limited the login attempts to bare minimum. We have also taken all the security precaution possible (except hiding the wp-login link, which we have corrected now).

If your website does get hacked and it is a wordpress hack please check this for a detailed analyses and recovery. Of course official wordpress article does have  a very detailed list of steps both to prevent issues and recovery https://codex.wordpress.org/FAQ_My_site_was_hacked.

Gnawing suspicion of hacked gmail ?

By | Case Study !, Hacking | 3 Comments

Couple of days ago a friend of mine called me frantically and asked me for the help. She suspected her gmail account is hacked. Apparently few of her friends called her and said they are getting strange messages from her account. I took a look at her account. It wasn’t hacked, it was just a virus that she contracted while she clicked a spam email.

However her paranoia was justified, because gmail happens to be account recovery email for many folks. It is usually tied to bank accounts, social media account and other important websites for recovery. If one gets access to the gmail they can get access to lot of other important sites.

Here are the steps I asked her to do just to be sure,

  • First login to your gmail and click the “detail” on the bottom right link. It will give you details of all active sessions and login information. For normal cases it will be from devices owned by you such as mobile, ipad and laptop.  To be sure logout of all sessions and login again for the next step.
  • Change your password, it is always good to change it often. The steps are well documented on the google forum https://productforums.google.com/forum/#!topic/gmail/JEu0Dlm0DAE. As you notice there are couple of additional unintuitive steps here.  You may be wondering why those steps are necessary. Here is a 30 thousand feet explanation.
    • Signatures can be used to track one by injecting invisible scrips (written in white color). So turn them off. Same is true for vacation responders.
    • Email forwards are a great way of reading your emails with out raising any suspicion. (It could be done by a close associate who has access to your computer and surreptitiously adds this while you take say a  bio brake).

She did this and reported feeling peaceful :-). Irrespective of your state of mind, it is always a good practice to do these steps for your important accounts.

Hacked Facebook Account Recovery !

By | Case Study !, Hacking | No Comments

Recently two folks contacted us through our site. One from a country known for hackers and other from Mediterranean region. One from the hacked country had details of his education and work for a good measure so that we take the case seriously (We do take all seriously and we have methods to check for spams wherever possible and sandbox most of our communication).  However Thank you for pre-emptive measure sir.

Here is the synopsis. When they try to access their account it says it rejects due to wrong password although it is the password they remember. The forgot password doesn’t work either as the hacker possibly would have changed the password recovery email.  They both wanted us to recover the account. These kind of cases do not really require too much help from experts.

Here is the process, just go here and provide https://www.facebook.com/hacked and provide the email you registered originally with. It asks for some confirmation information and then restores the account for you. You may have to wait for sometime though.

Who hacked ?

This is the difficult part !! Unless you have some other circumstantial evidence, it is generally difficult(not impossible) to figure out who hacked. Better would be to add additional security measure in the way of “login session restrictions” and two factor authentication.

In some cases the hacker is just lurking (and not blocked you out), best in those cases some idea of who this is can be gained by looking at the activity log of the sessions.

Contact us at contact@argbyte.com for more information.

Facebook Account hacked !

By | Case Study !, Hacking | No Comments

An elderly gentlemen approached us (Well he is related to one of us). He is 70+ and uses FB as a social outlet. His children live elsewhere and he uses this as a means to keep in touch with his extended family. He is also part of many social groups on FB mainly dealing with community and some religious groups as well. While he is well educated and computer savvy he isn’t a big on computer security.

Facebook-hacked

His trouble started randomly. He started noticing posts supposedly originated from him on his friends timeline. The post was vulgar in nature with a video attached of what seems like a scantily clad woman. He was horrified and promptly changed his password, deleted the posts and left apologies on the friends and family’s timeline. Also updated his status saying his account is hacked and expressed opinion that this was an attack on a particular community. But the posts continued.

That is when he approached us. We first assured him that this will be solved. After looking at the few timeline updates, we realized that this was a virus running amok. So we sat him down explained the concept of virus and assured him that there is nothing personal about this and this is a random software that is doing this. Then we went about the process of cleaning his account of the virus’s. A detailed step by step process is here https://www.facebook.com/notes/port-grand-karachi/how-do-i-get-rid-of-a-facebook-virus/347039501986645. We gave him some instructions on changing the password and not installing random apps that show up on the sidebar.

He spent two days worrying if it is coming back and is happy that it is back to normal.

This was a trivial issue but in some case a real hack may happen in which case we will do thorough analyses of the session locations, activity analyses and provide a report.
In extreme cases the hacker may lock you out, in which case you (we can help) can report it to FB and get your account deleted or reclaim it.