All aspiring "Sunday" hackers hope to get up one day and, with two clicks on the keyboard, easily enter the designated victim's Facebook account, so they can see everything that is shared or the messages sent to other friends. In addition to violating all laws on privacy and private property (in fact the account is a property, therefore violating it provides for very strict laws), entering someone else's Facebook is not as simple as they describe it around, they are necessary well-studied social engineering techniques, often tailored to the victim.
In this guide we will describe (without going into the specifics of the tools used) the techniques still valid for entering another's Facebook and finally the methods that we can use to defend our account from these threats.
READ ALSO -> The basics of information security
Techniques for entering another's Facebook
With the massive arrival of HTTPS and SSL on all Facebook pages, the simple sniffing of packets exchanged on the network (perhaps in a public WiFi network) is no longer a viable way: access data is encrypted from the PC to the server, we would only sniff unusable encrypted data.
But there are still some effective techniques that hackers can use to access others' Facebook accounts.
1) Keylogger
The keylogger is a malicious program or hardware device we study to record each key pressed on the keyboard, storing all the keystrokes in an encrypted file that can be recovered by the hacker both via the Internet and physically recovering the keylogger or the file generated by it.
Hackers retrieve Facebook's email and password by simply reading our keystrokes on the keyboard.
Software keyloggers are for all intents and purposes viruses, so many antiviruses react to it and protect us from the threat of interception by blocking the execution of the program.
Hardware keyloggers are much more sophisticated and difficult to intercept: these are nothing more than small devices (PS / 2 or USB) that are interposed between the connection of the wired keyboard and the PC port, intercepting the data during the transit.
All pressed keys are stored in the internal memory of the hardware keylogger, ready to be spied on.
The victim's PC will not notice anything, as will the antivirus (which cannot intercept a hardware keylogger).
At the end of the espionage work, the hacker will only have to physically recover the keylogger and download the data contained therein to enter another's Facebook with ease.
READ ALSO -> Best Free Anti-keylogger against malware spying on your computer
2) Phishing
Another technique used to steal other people's Facebook accounts is sending phishing emails to the victim.
These trap emails will ask the victim to re-enter Facebook's login data in a maliciously created page (often quite similar to the original Facebook page) for login problems or other types of problems, often cited to create panic. in the victim ("your Facebook account will be deleted", "Facebook will become paid if you do not enter the data immediately" etc.).
Using refined social engineering techniques, the frightened user will insert his Facebook credentials without too much trouble into the page created by the hacker, effectively giving his access data.
The danger of these emails can be difficult to understand, especially for novice users with the world of computing and the Internet.
READ ALSO -> Recognize fake, fraudulent, unauthentic emails
3) Device theft
The decidedly more direct and dangerous method to enter someone else's Facebook is to steal a victim's PC or smartphone, with all the risks involved.
Compared to previous methods (which allow you to go unnoticed even if the threat is discovered) this is what jeopardizes both the security of the hacker and his safety, since it is not known how the victim will react to the theft.
Being a hacker does not automatically mean being a good pickpocket!
READ ALSO -> Anti-theft app for Android to control and block your mobile phone remotely from your PC
4) Man-in-the-Middle attack
One method for accessing someone else's Facebook is to carry out a difficult Man-in-the-Middle attack, where the hacker replaces one of the servers used to connect and thus manages to capture the access data via a page. Fake Facebook, although quite similar to the original.
Since the pages are encrypted and certified, it could be very difficult for the hacker to carry out this type of attack, given that he will have to deceive modern browser security systems (which he indicates when a page has unauthenticated or secure certificates).
But laziness and the inability to identify the dangers could lead many users to blindly trust what they see on the monitor, unwittingly providing all the access data to the "listening" hacker.
If this type of attack succeeds, it is very difficult to trace the attacker as it is practically impossible to understand if we are still under attack or not!
5) Device cloning
This is definitely the most advanced technique, used by high-level hackers and very difficult to apply since in many cases the program will have to be configured manually (therefore excellent programming knowledge is required in all currently known languages).
The hacker approaches the unaware victim and, within a certain range of action, launches an app on the smartphone capable of "cloning" all the apps and data contained in the victim's smartphone.
Compared to the cinematic cloning that we see in the TV series or in the movies (two-three seconds and away!) This copying process can also take hours, since it uses NFC, WiFi Direct and Bluetooth to clone and, in case of a lot of data to copy, a large amount of time may be required.
The two phones must remain close enough to carry out the copying process, so the hacker will need a situation in which we abandon the smartphone in a specific point for a long time: while we sleep, while we are in the shower, while we are in class at the university (maybe we left the smartphone to the professor's chair to record the audio of the 2-hour lesson ...).
At the end of the copying process, the hacker's smartphone will be completely identical (software side) to the victim's smartphone, so he can easily access the Facebook app and any other personal information.
The cloning apps are difficult to use and program, but ready-to-use smartphone devices are also on the market (in the Darknet) for cloning any modern smartphone, even if they still require extraordinary capacity in order to be prepared for copying.
How to defend your Facebook account from hackers
From the first part of the guide we understood that there are still many methods to enter another's Facebook, so we will have to adopt strategies to defend ourselves adequately.
1) Enable two-factor authentication
A first defense system against hackers is offered to us by Facebook itself: when logging in with our credentials we will have to enter a code sent via SMS or via a dedicated app to confirm our identity.
We can activate this security system (effective against hardware, software, MITM and phighing keyloggers) by opening our Facebook account, clicking at the top right on the down arrow menu, clicking Settings -> Protection and access and finally enable the item Use two-factor authentication .
We choose which method to use for authentication among all those available, so as to have more than one method to securely access your account.
READ ALSO -> Sites / apps where you can activate the two-step password verification
2) Install a good antivirus on PC
Choosing a good antivirus will allow you to block all keyloggers and malicious links that can be sent via phishing emails.
A good free antivirus that we recommend to use to protect the whole PC is Kaspesky Free, available here -> Kaspersky Free .
Already in its free version it is able to effectively stop all types of threats for PCs with Windows, also providing protection against malicious links (through the dedicated extension).
3) Use a VPN
To avoid Man-in-the-Middle attacks it can be effective to mask every trace of our Internet connection using a VPN connection.
With the VPN all our traffic will be further encrypted and our connection will be anonymous (even the IP will be masked), considerably increasing security while browsing.
Among the free VPNs we point out Avira Phantom VPN, downloadable for free here -> Avira Phantom VPN .
We start the program when we want to increase network security or when we connect to stranger networks or public networks, so as to avoid any type of attack mediated through hacker tools.
READ ALSO -> Best free VPN services and programs to surf safely and freely
4) Protect your smartphone
The most dangerous and effective attacks can be carried out against our smartphone, so we recommend focusing on it in order to better protect our Facebook account.
In addition to common sense (we avoid leaving the smartphone unattended at a specific point for more than 15 minutes) we can install an anti-theft tool and an antivirus, to be activated when we are forced to leave our smartphone unattended.
A good anti-theft device for smartphones is Cerberus anti-theft, which we can download here -> Cerberus anti-theft .
With this app installed, we will no longer have to fear smartphone theft.
We will be able to recover the position of the lost device, take photos and videos of the hacker without noticing it, start an audible alarm, make remote settings via SMS and prevent shutdown or formatting (at least on some devices).
As an antivirus system and app blocker, we recommend using the Kaspersky Mobile Antivirus: AppLock & Web Security app, downloadable from here -> Kaspersky Mobile Antivirus: AppLock & Web Security .
This complete suite protects against attacks of any nature and also offers an App Lock, a filter for calls and SMS and a very effective anti-theft system to find your smartphone immediately.
