ISSUE 95

27 June 2019

Article of the Month   Around the World


How hackers hack Facebook Account & How to stop them?


Facebook is, undoubtedly, the most popular social networking website with more than 1 billion active users. Due to its popularity, many hackers (or should I say crackers?) are actively involved in hacking Facebook accounts of unsuspecting users. This article outlines the many strategies that such hackers use to gain access to Facebook accounts of hundreds of users each day and how you can stop them from hacking your account.

Email Address Hack

Most people leave their email addresses visible on their Facebook profiles. All a hacker then needs to do is know your name and he will be conveniently shown your email address at your profile. Also, most people share their email ids everywhere. How easily a hacker can then hack your Facebook account (and everything else associated with that email id) if he 'guesses' your password (if you use a weak password) or answers your security question! Here are some tricks you can use to protect yourself from this vulnerability.

How to safeguard your Email Address?
Just follow these steps:-

  • Hide your Email Address from everyone by going to Edit Profile>Contact and Basic Info>Clicking on the gear icon beside your email address> checking 'Only Me' if you have not done so already.

  • Change your primary email address to a one that is only known to you by going to Settings>Email> and changing your primary email to the new one (known only to you) and removing your previous email address.

  • For additional security, when in Account Settings, enable Login alerts to receive notifications and emails when a new computer or mobile device logs into your account.

  • Also, enable Login Approvals to receive a code on your mobile phone to login whenever your Facebook account is accessed from an unknown device. Login Approvals will need you to have added a mobile number to your Facebook account.

  • Moreover, enable two factor authentication to access your email addresses on your email provider's website as well to make sure that no hacker can exploit them to hack into your Facebook account.



Phishing is one of the easiest ways to trick users into giving out their login credentials. All a hacker does is setup a webpage similar in design to that of the Facebook homepage, attach a server sided script to track the username and password entered and store it in a log. Sending people emails stating that someone tagged a photo of them on Facebook in the same format as Facebook and giving a link below to the phishing website further reduces the chances of it being detected as a fake. Sometimes, spam Facebook apps, like those promising to tell who viewed your Facebook profile, automatically post links to phishing websites. A new trend amongst phishers is creating Facebook look-a-like widgets for stealing user's login credentials.

How to prevent yourself from being phished?

At all costs, avoid clicking on suspicious links. Moreover, always check the URL in the address bar before signing in. Avoid logging in through various "Facebook widgets" offered by websites and blogs. Instead, use Facebook's homepage to sign in. Always try to use Safe Search on search engines while searching. If you do manage to get phished, report the website so that others may get a warning before visiting it.

Keylogging through Keyloggers

Keylogger is a type of computer virus that tracks key strokes. Keyloggers can be installed remotely on a computer system by a cracker to record all the activity that is going on the victim's computer. Keylogging gets more easy if the hacker has physical access to the victim's computer.

How to stop keyloggers?

Install a good antivirus and update it frequently. Do not click on suspicious links and avoid downloading illegal software. Also, avoid installing free toolbars and other such spam software. Always scan third-person's flash and pen drives before using them on your computer.

Social Engineering

Social engineering involves using any trick to fool the user into making himself vulnerable to exploits. This could involve anything from sending spoof emails, pretending to be from Facebook, telling you to change your password to 12345678 to a hacker maliciously getting out the answer to your security question in a friendly chat or discussion.

How to prevent yourself from being socially engineered?

Stay aware during chats and discussions. Use a tough security question, preferably one whose answer you would never disclose to anyone. Moreover, Facebook, or any other company for that matter, will never ask you to change your password to 12345678 or do something as silly as asking you to send out your login details to prove that you are an active user. Always think before taking actions and your e-life on Facebook will be safe from hackers looking to hack Facebook accounts.





















1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru
  FBI Warning: The Lock Icon Doesn�t Mean That Website Is Safe


"...People surfing the web have come to rely on HTTPS and the lock icon in the address bar to feel secure as they browse the internet. But criminals have caught up, according to the FBI, and are including verification certificates for website designed to steal your information....."


Google Releases Open Source Tool For Computational Privacy


"...Google is releasing a new open-source cryptographic tool aimed at boosting privacy around sensitive data sets. The tool, called Private Join and Compute, is designed to help companies who are working together with confidential data sets......"


Hackers breach NASA, steal Mars mission data


'..The United States� National Aeronautics and Space Administration, better known as NASA, suffered a security incident recently that saw hackers make off with sensitive data relating to the agency�s Mars missions, including details about the Curiosity rover.....'

What Would 5G Technology Mean For Government?



'...The next big leap forward for cellular phone service, which is being called 5G because it�s the fifth generation of the technology, is rapidly approaching. That�s probably obvious from the many commercials being shown by service providers promising fast networks that can deliver applications previously impossible under 4G�depending on where a person lives and their access to the new networks...'

Global phone networks attacked by hackers


'....Hackers targeted mobile phone networks around the world to snoop on specific users, according to a report.
The level of access they gained to the networks meant they could have shut them down had they wanted to.......'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in May 2019


  Statistics - Sri Lanka CERT|CC

Phishing attacks that bypass 2-factor authentication are now easier to execute

'...Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block. The tool makes such attacks much easier to deploy, so organizations should adapt their anti-phishing training accordingly...'

Hacking these medical pumps is as easy as copying a booby-trapped file over the network

"...Two security vulnerabilities in medical workstations can exploited by scumbags to hijack the devices and connected infusion pumps, potentially causing harm to patients, the US government revealed today...."
Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

�...If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it.
Doing so could allow hackers to remotely take full control over your computer system.

That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.....�
Tesla 3 navigation system fooled with GPS spoofing

."..Israeli firm Regulus Cyber spoofed signals from the Global Navigation Satellite System (GNSS), fooling the Tesla vehicle into thinking it was at the wrong location. The spoofing attack caused the car to decelerate rapidly, and created rapid lane-changing suggestions. It also made the car signal unnecessarily and try to exit the highway at the wrong place, according to the company�s report..."

Notice Board

Training and Awareness Programmes - February  2019

Date Event Venue
01-07-2019 to
Sql Training ICT Laboratory, Ministry of Education
03-07-2019 Workshop on Revising Circular on Administration of Zonal and Provincial ICT Carders


Conference Room, ICT Branch, Ministry of Education
03-07-2019 IT Yahamaga Programme


Ananda Sastralaya
23-07-2019 to
EDUSCIRT Master Trainers� Training Program Hector Kobbekaduwa Agrian Researches Training Institute, Colombo 07

Brought to you by: