In the news

Posted on
of 2,351
First Prev
/ 2,351
Last Next
  • One of 8chan's finest no doubt.

  • That's a @villa-ru level of detective work.

  • Coleen Rooney, PI

    WAGatha Christie

    (Stolen from twitter.)

  • It's actually how counterintelligence find spies. Hilarious.

  • If phone hacking is so easy, surely Instagram account hacking must be a doddle?

  • I'm still hoping that the sun have been caught hacking vardeys insta account and are shut down.

  • "Phone hacking" is mostly a misnomer as far as what the tabloids were doing. They were exploiting weaknesses in voicemail systems, not in people's actual phones. It didn't require any technical attack on the phone or the mobile network.

    Hijacking somebody's phone number is depressingly possible, but Instagram is also tied to a specific device and won't give a new device access just because it recognises the phone number in the SIM. Access has to be transferred, which requires actions on both the old device and the new, after which the old device loses access. There is also web access, which can be run on one web browser in parallel to the single phone/tablet, but that has to be initiated from the phone.

    So no, not easier than "phone hacking".

  • If Instagram needs action on the old device to transfer an account to the new what do you do when your old device is on fire?

  • But credential phishing is trivial

  • I changed phones recently and only had to log in to Instagram.

    My wife and I have a shared house account for the renovations that we both have access to on at least 4 devices.

    I think I get an email telling me there has been access on a new device but doesn't stop it from happening.

  • It's still more work than accessing somebody's voicemail.


    There's an account recovery process. If you're lying and you're trying to take over the identify of somebody else's phone, that is possible but it's not trivial do do it without risk of them noticing.

  • Depends if you buy it as a service - if you do, zero difference.

  • A long time ago, when I was on the board of an NHS trust, we started receiving a huge number of complaints that a certain clinical service was never picking up the phone.

    Turned out that when a new VOIP system was rolled out, they had left the voicemail pins to be the same as the extension number which was the default setting by the manufacturer.

    When I investigated, it turned out that somebody had "hacked" the mailbox of the clinical service and redirected the number to a premium rate phone number with an indefinite hold message.

    Nobody realised for four months. One poor old chap got a two thousand pound phone bill as a result of being on hold for so long. The amazing thing was that his particular clinical service didn't notice or decided to pretend not to notice that the phones werent ringing.

  • One poor old chap got a two thousand pound phone bill as a result of being on hold for so long.

    Does that work? If a local/cheap/free number is dialed and then your call is forwarded, wouldn't the forwarder be paying for the premium rate service?

  • Our work insta has about 5 phones attached to it, I need to also be careful not to have the app on my phone switched to the wrong account when I post sexy shower selfies.

  • Yeah, you don't want those to go on to your own account.

  • Strictly business.

  • Ah, thanks. Still, I'm sure there are ways and means. As Neil says, if you just buy it from someone who specialises in offering the 'service', it wouldn't make much of a difference to the person commissioning it, except perhaps in price.

  • surely Instagram account hacking must be a doddle?

    Only in so much as getting access to anyone's email / facebook / twitter is doddle

    Like Dammit says, the easiest way in, providing your target is reasonably clueless, is by getting to the target to grant you access by pretending to be someone you are not. Extortion is another way in, but it's obviously 'visible' to the target.

    Some accounts are worth a lot of money. 'Cracking' an account is quite difficult.

    Unless the attacker is aware of or has found a vulnerability in the underlying software, either on the phone / app / service. Or the target has used a particularly stupid password and doesn't use 2FA or better.

  • Read an interesting article a while back about someone who 'hacked' a load of Hollywood stars' emails and photos. Turns out he wasn't a hacker at all, he just guessed one star's email and rubbish password, which gave him the address book containing of loads of other stars' email addresses, lots of which also had rubbish passwords.

  • If the target is sufficiently stupid and vain, there are various known ways of getting them to cooperate in handing over access to their instagram account, but getting continued parallel access without them realising there is something fishy needs some extra work. For example, there are fake "Boost your number of followers" apps, which might well appeal to a WAG. They usually just steal the account and add it as a follower to somebody else - delicious irony there - but the technique does involve getting people to accept that there's a new service connected to your account, so it could be altered to gain persistent access.

    Most compromised accounts (of any nature, not just Instagram) aren't targetted directly - you can't count on one person's behaviour, or their precise technical set-up. The net is cast wide and the people who swim into it are harvested. Anybody who tells you "I can crack any account on service X for you" is probably trying to defraud you. Or just indulging in the kind of dick-sizing lying that some nerds are prone to.

  • The route to Instagram account access is through the victims email account, typically - crack that, then set a forwarding rule which sends any password reset, account access alert etc etc to a different account whilst deleting the original email from the main account.

    Then send them a "suspicious login detected, please login to your account to unlock it using the following link:­m/account_unlock" message", grab their creds and login, the alert will get sent to your own account, sell the creds, bosh.

    Plus you can then mine their email account for naked pics, salacious gossip etc.

  • Or steal their phone and index finger.

  • It's harder to do that from (say) Russia, whereas phishing them is independent of proximity.

    Indeed, it's better to be in different territory as it reduces the (already tiny) risk of Police attention to effectively zero.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

In the news

Posted by Avatar for Platini @Platini