In the Dark Web we can find everything, both information pages and reputable media. We can also find pages about illegal activities. Between that and certain myths about her, there are thousands of people who are looking for all kind of information.
One of the most recurrent questions in these media is that of how to hack our partner’s Facebook or lover. In order to check to what extent the information circulating on the Dark Web on this topic is useful or reliable, we have decided to navigate the depths of the web and check first-hand what is being said and whether it is useful for anything.
For this we have investigated a community where this topic has been discussed with some regularity, and we have tried to discover if there is a method with which to do it. And these are the conclusions we have reached.
Learning to hack: the long way
First things first – on Hidden Answers there are thousands of threads about the topic. Entering the Dark Web is one of the classic questions asked by many users: how do I get to hack a … account? It is true that there are people who know a lot about hacking browsing it, but it is not the hive that series like CSI: Cyber they have wanted to sell to the general public.
A thread in the English version introduces certain concepts that can serve as a starting point. Now, to get to master them correctly it is necessary invest a lot of time to learn how it works and how to use it. These concepts are as follows:
Phishing. It involves sending a fraudulent email to the victim posing as a legitimate service, in such a way that they are tricked into providing us with their access credentials, generally by making them click on a specially prepared link.
Keylogger. Broadly speaking, it can be defined as a malware that records a user’s keystrokes. Victims can be infected with them in various ways: through a person who has physical access to the victim’s computer and installs it on the machine, or through a corrupted installation file.
By brute force. Literally, it consists of trying to guess the victim’s password by sitting in front of a computer, typing in passwords until the attacker finds the correct one.
Remote Access Tool (RAT). It is a malware that is commonly classified as a Trojan. Through this Trojan, remote access to the victim’s PC is achieved, so it is not necessary to have physical access to it. Using one of these tools you can spy on any activity on a machine, as they are designed to give attackers full control. It is one of the NSA’s spy methods.
These concepts, although they are used recurrently as part of the language of computer security, have significant disadvantages when attacking the hacking of a Facebook account. The main one is that, as we have already said, mastering a large part of them takes practice and time. And in the case of brute force attacks, we can be typing passwords indefinitely without achieving anything.
In another thread of the Spanish version hacking manuals are offered in case the questioner wants to try it on their own. These manuals, by the way, can be downloaded from a cyberlocker located on the Clear Web. They are not even hidden resources: it is information that anyone who knows what to look for can find.
This information is intended for people who wish to learn computer security concepts in general. At no time is it said that they are concepts that indicate a clear way on how to hack a Facebook account: they are only general lines on how to start researching on the subject, and carry out some first practices.
The Clear Web is full of manuals dealing with this matter. Some are even planned as online courses. Therefore, it is not necessary to go to the Dark Web in search of this information as we have already commented.
The hire hackers scam
According to another thread that appears in the Spanish version, if someone says they can, they probably I’m trying to scam who wants to get it. On the Dark Web we can find pages with alleged hackers who offer their services to the highest bidder, such as Rent A Hacker. This is nothing more than a manifestation of the most morbid side of the Hidden Web: that supposed paradise of hackers and cybercriminals.
In the case of Rent A Hacker, we find a person whose advertising it has no waste:
Experienced hacker offering his services!
Hacking (illegal) and social engineering have been my business since I was 16 years old. I’ve never had a full-time job, so I’ve had plenty of time to get better as a hacker and make a ton of money over the last 20 years or so.
I have worked for other people before, and now I also offer my services to whoever is willing to pay for them.
This supposed hacker charges 200 euros to hack a Facebook account. He says he has a lot of experience with his business model and social engineering that he can manipulate anyone. However, Are these types of pages legitimate?
According to what is discussed in this thread on DeepDotWeb, they are not at all. Different users tried to hire the services of this rental hacker, and apparently (and as we mentioned above) they have paid for smoke. They have dedicated themselves to fattening the pockets of one of the many scammers out there on the Internet, not just on the Dark Web.
In another answer thread on the Clear Web, in this case on Quora, it is noted that hackers don’t advertise in this way. Anyone who does it is probably trying to scam whoever is looking to hire him.
In another article published in Forbes, it is said that there are even sites on the Clear Web like Hacker’s List that they stink of scam from afar: there is no protection for users who try to hire them, nor is there a secure payment method for those who do. If we needed confirmation that these services are legitimate, the vast majority of them clearly are not.
Ok, so what can be done?
Something that everyone (users and media) seems to agree is that, to get access credentials to a victim’s Facebook, you probably have to have physical access to their computer or resort to social engineering.
Social engineering as a method of attack is very widespread today, because the weakest link in a user’s security is the user himself. As someone else comments in one of the most comprehensive answers we’ve found, the only way that really works is to trust “human stupidity.”
What do you mean by this? To what is easier try to fool the user so that you kindly give us your access credentials, than try to get it by our own means. Those who use social engineering care to know their victim very well, reaching the point of being able to manipulate their emotions to get what they want. They can even build a profile of it with their social media posts.
As if that were not enough, they exist compilations of computer tools to attack the human element, and which are grouped together in the Social Engineering Toolkit. This compilation can be found on Kali Linux, a distribution geared towards security auditing.
Suppose we managed to steal the victim’s login credentials using this method. Even with all the information in hand, several things can happen:
Facebook informs the user through their email account that their account has been accessed from another device. It is possible that the social network itself will not even let the attacker in because it is not the usual device, so it sends the account owner the IP address, the operating system that it uses and, in addition, its geolocation. Considering that Tor is not totally anonymous, the attacker could be located.
If the user has two-step authentication enabled, the attack attempt will probably be thwarted.
In a nutshell, it is almost impossible to hack a Facebook account. It would take an expert a long time to achieve it, due to the obstacles that the social network itself has put in order to try to secure the most of its users’ accounts. And if for someone with a lot of knowledge in the field it is very complicated, let alone for any user.
In Genbeta | The supposed tools of the NSA are democratized: they drop in price on the Darknet with different packs