This video tutorial will walk you through creating a BadUSB which will give you a reverse shell. This is the same thing as the USBRubberDucky from Hak5 except its only $3 (RubberDucky is 45 bucks).
- Use Decentralized alternatives.
- Fire up that VPN
- Fortify your browser and your devices
- Utilize Aliases for your own protection
Decentralized alternatives to popular websites on the internet are slowly beginning to pop up and gain prevalence as we are seeing increased prevalence on various media sources. Alternatives to youtube and other social networking sites like DTube exist. Here is an article listing 4 popular decentralized Social media platforms. Entirely decentralized portions of the internet are currently being tested. And of course we obviously have anonymizing darkwebs such as Tor, Freenet and I2P. However I would be an idiot not to note the fact that these platforms have had extreme amounts of trouble gaining any sort of traction with their target audience due to the fact that they lack the addictive simplicity that services like Instagram, Facebook, and Youtube have. Only time will tell if one of these platforms will gain enough popularity to become viable alternatives to what we currently have.
Get a paid VPN. Securing your connection to the internet is of the utmost importance due to the potential for 3rd party eves-droppers and the fact that we really don’t know what information is being given away by our internet service providers.
Utilize TOR or some other encrypted peer to peer darknet like I2P or Freenet. These systems are for the ultra-paranoid, and I don’t really recommend them for the average user who is simply trying to protect themselves preemptively.
Be careful what you download and get an Antivirus. Utilize www.virustotal.com to see if the file you have downloaded shows up on ANY antivirus. You can also use nodistribute.com if you don’t want your scan results sent to the antivirus companies. Protecting yourself from malware can help prevent your privacy from being invaded by governments or people.
Know your rights. Google around to know what the copyright and internet laws are in your area. Be aware of what the government can and cannot do to you legally.
Utilize secure Open Source software and host your own servers. Offshore servers may sometimes be necessary in the absolute worst cases of censorship. Open Source will ensure that no company will be able to revoke access to the software. The government hates open source because they can’t get their backdoors implanted into the code as easily, although it has potentially happened so be aware.
Note: I am speaking about all this in wake of the recent Mass censoring of Alex Jones and Infowars. Regardless of what your political ideology is, everyone deserves to be able to have their ideas heard. In current times, Corporate Censorship is a new breed altogether. Normally it would be the government, but with big corporate run media platforms anyone can be censored off the platforms if it serves the corporate interest. I’m no anti-capitalist. Quite the contrary, but I do think we need to push the free market in a direction that prevents censorship. Decentralized platforms and Open Source software can help with this. Stay safe.
Three Ukranian hackers connected to attacks on over 100 American businesses have been arrested. They used social engineering attacks and phishing attacks to steal financial information from a lot of businesses. These hackers were part of the Carbanak Group
Frequently the group would send emails disguised as hotel reservations. Said emails would contain malware designed to steal sensitive data.
The Carbanak Group sent an FDA food poisoning related email to a restaurant. They attached a list of “inspections and checks” which the business opened. Of course, the attachment contained malware.
Dmytro Fedorov, Fedir Hladyr and Andrii Kolpakov are being charged with wire fraud, conspiracy, computer hacking, access device fraud, and identity theft. So it looks like jail time is very likely for the Carbanak Group.
How to prevent
What can I do to prevent such an attack on my personal life or business? Social Engineering attacks are becoming extremely common today, because they are very easy to create and they tend to have a very high payoff for the hacker. First you need to know what phishing is. Phishing is when a hacker disguises some form of web service, message or other form of correspondence to make it appear like its coming from a legitimate source.
So my main advice is to always check the URL. Make sure it is secure (https) and if it has a SSL certificate thats even better. If you recieve an email always look at the domain of the email. Any misspellings in the domain can mean that its fake. If there are attatchments do not open them until you have verification that they are safe. If you cannot get verification that its from a legitimate source, you can always scan the attatchments before opening them, or analyze them within a VM.
Do not give your password away via plaintext ever. Use a VPN if you’re in public as there are potentially people who could be evesdropping on public networks (like at a Starbucks or Mcdonalds Wi-Fi) And Install an Anti-Virus on your PC. Also get the antivirus’s browser addon. These addons can tell you if the site has been reported as a hacked hacked site or a phishing attack.
Kevin Mitnick a famous white hat hacker is now a professional security consultant and entrepreneur. His among his exploits are the Pentagon, Nokia, and Motorola. He eventually got convicted and served 5 years in prison. Once he got out he became the rich security consultant we know today. Does crime pay? Perhaps if your reputation precedes you.
Gary Mckinnon hacked into 97 U.S. Military and NASA computers during 2001 and 2002. He was looking for information on UFOs and evidence of a conspiracy that the US government was hiding technologies that could solve the energy crisis. He also shut down 1000 government computers and somehow rendered 300 of the inoperable causing up to $700,000 in damages. Eventually he got caught but he dodged charges because he was Scottish and they denied his extradition.
Jonathan James AKA c0mrade started hacking as a kid and was the first minor to be arrested and sent to prison at the age of 16. He hacked into the Defense Threat Reduction Agency and NASA. He downloaded source code used for the International Space Station. He committed suicide in 2008 because he was afraid he was going to be wrongfully imprisoned for several attacks on corporate networks that he was under suspicion for.
Adrian Lamo would often hack into media sources and change details on the website. He would then notify the owners of the press source and help them fix their security. However when he hacked into the New York Times he got arrested. Though later on in life he eventually ended up helping out law enforcement by turning Chelsea Manning for being a source to WikiLeaks which he now deeply regrets. Fun fact about Adrian Lamo: He had Asperger syndrome.
Ryan Collins was the hacker (or social engineer rather) behind “the fappening” a hilarious exploit where Collins used the standard email phishing attack to gain access to celebrity iCloud accounts where he was then able to obtain a whole bunch of their photos. Many of said photos happened to be sensitive. In fact, they were nude photos of several famous celebrities including Jennifer Lawrence, Kate Upton, and Kirstin Dunst. Several celebrities chose to deny authenticity of the leaks including Ariana Grande.
Albert Gonzalez installed a sniffer in various corporate networks and was able to steal millions of users credit cards and ATM details. Apparently he sold about 170 million pieces of sensitive data resulting in one of the largest cases of identity theft ever.
Astra is said to be a 58 year old greek mathematician who hacked into a french corporation called Dassault Group and he sold sensitive weapons information to various companies over a period of five years. When authorities caught him in 2008 they never revealed his information but just said that he was a 58 year old greek mathematician. It just goes to show how versatile a degree in mathematics really is.
Kevin Poulsen stole wiretap info from the FBI, hacked a radio stations phone lines in order to win a Porsche, helped law enforcement catch 744 sex predators over MySpace and is now a senior editor for Wired. How does your resume compare to that?
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
You may recognize this quote from the hacker manifesto. This famous manifesto was written by none other than Loyd Blankenship. His writings helped to inspire a generation of hackers to drop the controller and pick up a linux distro. He was a member of the Legion of Doom hacker group and has been hacking since the 70s. You could call him one of the fathers of modern hacking. Whatever you call him, he’s definitely an OG.
Julian Assange started hacking when he was 16. He broke into NASA, the Pentagon Citibank, Stanford, and Lockheed Martin. His biggest accomplishment was founding WikiLeaks. He is currently in the Ecuadorian Embasy in London trying to prevent his Extradition.