By Lex Celera with help from Web Developer
These past few days, a number of people have reported of getting logged out of their accounts and everything tied to it. A number of people have reported it to be politically motivated:
[NOTE: The Facebook post has since then been removed.]
Without confirming anything, we ask: has anyone’s Faceook account actually been compromised and was ACTUALLY used for malicious activities? A majority of these cyber attacks concentrated on accounts are simply EITHER mass reporting or checking your public username and repeatedly entering random passwords from different devices, CAUSING Facebook to promptly lock your account for your security.
Some general tips
- From the fear and panic this caused, some people turned to “malware removers” which are actually phishing tools (yes, “to fish” for your credentials and THEN gain access). Don’t.
- When browsing the net, please make it a habit to check the URL for [https] to ensure the session you’re using is secure, especially when you are inputting your sensitive contact details. Most phishing tools won’t have this TLS certificate.
- Furthermore, the recent Yahoo! user creds database leak could have been used, so I implore people to stop using Yahoo! for anything other than throwaway accounts and switch to the more secure Google with Two-Factor Authentication on. Please check https://haveibeenpwned.com/ to see if your account has been compromised. If so, take the necessary measures.
- As for the TLD (Top Level Domain, e.g. ateneo.edu) IP addresses, anyone can simply ping the TLDs and get the public IP addresses. It’s not Rami Malek-level blackhat wizardry.
I’ve been compromised/locked out/hacked, what do I do?
- Recover your account and make your passwords harder to guess. Here is a relevant xkcd. If you know of xkcd already, great. If you don’t, congratulations.
- Enable Two Factor Authentication BUT NOT via SMS, since our GSM networks MAY BE compromised at this point. Google Authenticator is your friend.
- If you feel you are the target, or just want to be more protected, consider using a VPN(Virtual Private Network). These are kind of expensive, but there are free options like Opera VPN. These aren’t as secure as the paid ones, but hey it’s better than nothing. Opera VPN is free for mobiles, and is built in the Opera desktop browser.
As for the Stingrays, no word yet. Hard to tell if your SMS’s are being read/compromised. They can’t read your phone memory for past messages, but they CAN read the messages as you send them, IF you connect to the Stingrays. Instead of SMS, it’s better to use apps like Telegram or Signal.
Photos from Inquirer.NET and from Facebook