Hacking Facebook

untitledThere have been some recent local events that indicated a Facebook account was being hacked. It is common enough that Facebook has provisions for reporting such incidents. The correct term for malicious break-ins is “crack,” as in cracking a code.

I will use hack, as it is used interchangeably for crack nowadays by most people. Among the tools Facebook provides is the ability to audit logins by IP address. Simply put, an IP address uniquely identifies from what device Facebook was accessed.

It is approximate to the mailing address (physical address) for your residence. If you contact Facebook and, for example, find logins from China and you live in Texas, this may be a sophisticated break-in. Surprisingly, hacking a Facebook account using low-tech means is far easier and more common.

There are several ways of doing this, but I will mention a few of the easiest methods of gaining unauthorized access to Facebook accounts, although these methods can be used for other websites and accounts as well.

The first is what is widely known as “shoulder surfing.” Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim’s shoulder.

If someone watches you type in your information, they can do the same to gain access to your account. It is that simple. Concealing what you type for login, just as you would your PIN on an ATM, is a good habit to prevent this.

Another is gaining physical access to a computer, smartphone or other electronic device that has been left logged in to a site. If you walk away from your device, a hacker can access whatever account you have open and masquerade as you.

They have the same permissions on your account, as the device doesn’t know who is accessing the account(s). It only knows that the proper login credentials have been used on that device. To prevent this, do not leave your device in an area where someone can walk by and use it if it contains information you don’t want others to access.

The last of the usual low-tech methods involves using a password “vault” or caching system on your device. This includes browsers that offer to remember your password. Once you login to your device, navigating to a site like Facebook provides you with an automatic login if you have the passwords saved.

If you don’t logout and someone has access to your device, they can go to any website and access it as if they were you. To prevent this, always lock your computer. If you are using a public computer, don’t allow the password to be remembered.

Securing cyber and information technology assets requires a special skill. Not only is it difficult to consider all possibilities, but new cyber threats arise or evolve daily. Clearly, these are basics steps. However, they are the first line in preventing many cyber incidents.

About Roy
Roy C. Minton has worked with national and international corporations in cybersecurity, attaining the highest certification in the field (CISSP). He has acquired some skills that may help some of you. He shares in plain English what he has learned to help people stay safe online.

Feedback or questions are encouraged. Please send correspondence to the paper and he will answer or respond in the newspaper so everyone may benefit from the answers.


Print Subscription for Marion County & Surrounding Counties (Online subscription included)

Your online subscription will begin immediately. Print subscription will begin in approximately 1-2 weeks. Thank you for your subscription and for reading the Jimp!


Leave a Reply