What's new

Kidnapping a rtd military personnel with a hacker's help

.
Mega_Man said:
Both. Are you running a marriage bureau ?


Nah not unless you tip the media working against their political agenda.
Click to expand...
there you go then brother......media trail is one thing and holding people accountable for what they did is another....whatever the case thanks for your service to the public.....
 
.
balixd said:
there you go then brother......media trail is one thing and holding people accountable for what they did is another....whatever the case thanks for your service to the public.....
Click to expand...
Those times were messed up for karachi. Vigilante justice was required but anyway I've done to collect or delete information only nothing else. Media can be manipulated easily and it was the only weapon I had before rangers started their operation against those political feudal. I was the shadow nobody knew who I was everybody knows a different no. And name.
Now I think interior Sindh would use some help but it's more complicated and less depending on tech is a drag for me to work there.
 
.
Orca said:
Excellent, covers everything and in a precise manner, also if you using license windows still there is a chance via browser so as must have tools install Disconnect, Popup Blocker, Adblock plus extension and most importantly spend 10 - 12 dollar per year for a licensed antivirus, in this regard i recommend kaspersky internet security
Click to expand...
No such thing as a totally secure PC , completely holey.
 
. . .
Mega_Man said:
Pirated OS always have backdoors. And Trojans written in it's system core programming so it can't be detected by it's own or any other antivirus.
Click to expand...
I have seen folks make these bootable USB sticks, write protected one to boot. They have these linux installation with a antivirus scanner. So you boot a suspected system with it. The stick detects all the OS installations, downloads latest virus/malware definitions and runs a scan. If there is anything lurking in OS installation, it gets detected. Pretty nifty tool.

Mega_Man said:
The site address written in ad was indeed official.
But his entire home network was compromised days ago and router or his pc was scripted to redirect the address of the official website to their fake website.
Click to expand...
These days from what I have seen, there is an initiative called SSL everywhere. All the websites are now using SSL, which makes faking a site much much much harder. To top it all, a number of sites now use SSL-pinning. Which means, even if you produce a valid SSL certificate, say by a compromised CA key, the browser will detect it.

Even if you compromise router, it will be hard to bypass SSL-pinning.
 
. .
Mega_Man said:
"This article is based on fictional scenario any relation with the reality would be coincidental"
"It is only to highlight security flaws in cheap home and office PCs and wifi routers"

Please always update your wifi routers firmwares don't use any custom firmware in order to boost signal that's a scam to grab your personal info boost signal with external antennas allowed by PTA always use updated OS. If you don't buy official product install Linux it's free and open source more reliable than pirated copy.
Get your PCs hardware checked and installed by professionals who you trust, don't buy easy to install routers and use protonmail instead of Gmail Yahoo or outlook. Take it from a former WHH. It would be alot better if military itself is providing IT support to residential areas of all the rtd officers.

Scenario:
A rtd military officer an enemy will prefer to target someone in charge like major colonel or why not a brigadier.
Age between 50-70 who can read emails and send one. Prefer someone else to write it for him.

He's on pension but looking for opportunities
One day he gets a very specific advertisement regarding job opening for rtd military personnel at UN in that ad official website address is linked he clicked it and it led to official UN website(made up)
He applied there and surprisingly he gets an answer.
However The UN HR would like to meet him(to make it more believable) and they asked him to travel to UAE.
He went there beautiful office all neat and tidy like it was freshly painted (because it was)
He was interviewed and selected for security chief but for another south Asian country which borders are coincidentally adjacent to his origin country's enemy.
He fly back to his own country show the fake appointment letters to his all rtd group. Everyone's happy for him and are also considering to get job in foreign countries.
Now he packed and went to that appointed country to serve UN. when he reached the airport there was UN staff there to pick him up. And later he was chloroformed and transported to enemy country. Which is now keeping him as a leverage to free their agent who was captured during providing arms and support to terrorists in his origin country.

How it's related to hacker?
The site address written in ad was indeed official.
But his entire home network was compromised days ago and router or his pc was scripted to redirect the address of the official website to their fake website.

How redirecting works
Imagine you type www.netflix.com
You'll get www.netflix.com/pk
Because the server was tasked to redirect you according to your regional IP address

A script or a virus can take control of your PC everytime you tried to visit some websites it will take you to another
Sometimes it happens when you download some adwares or enable pop-ups
And router can be programmed to blocked and redirect websites.
Like PTA is blocking all the lewd material you'll get a customize error that it's not available in your country.
Hacker's normally use this to get credit card details or passwords of other Ids.

A website can be set up by couple of programmers and site grabbing tools to make it look like exactly the official one.
Not to mention entire network of his was compromised if any single PC or mobile and router was hacked.
Pirated OS always have backdoors. And Trojans written in it's system core programming so it can't be detected by it's own or any other antivirus.
We hackers need more than single PC and IP of different countries to operate discreetly. So we distribute pirated copies of softwares on pirate Bay like website local dealers write it on CDs/dvds and sell it to normal people and by that we have created a botnet not only we have access to every PC which is using that pirated software their personal files and passwords but we can also attack someone from their PC and IP address. And it won't be notice Botnets are also required in denial of service attacks to shutdown websites or hack one.
If your PC is acting slower than normal always call an IT professionals.

For all rtd folks:
Please attend conference regarding fifth generation and cyber warfare I know they're booring than what you have experienced in your time. You folks were great and many salutes to your services.
But please listen to the new guys it might save lives and your country will never have to consider making any deal with the terrorists in order to retrieve you.
Peace out.
Click to expand...

The only problem is this is not fiction, this has happened to two officers from PA! Both were recruitment honeypots! Proton mail is good ( I use protonmail) , not as good as Lava Mail but it offers end-to-end encryption with a public key, that said there is no protection from an outside agency obtaining the public key.

A simple alternative would be to to run GPG with Mozilla's Thunderbird and the Enigmail plugin. If anyone on PDF is concerned or would like to learn more about cyber security CISCO offer a 15 hour free online course:

https://www.netacad.com/en/web/self-enroll/course-725477

Regards,

RR
 
.
BringHarmony said:
I have seen folks make these bootable USB sticks, write protected one to boot. They have these linux installation with a antivirus scanner. So you boot a suspected system with it. The stick detects all the OS installations, downloads latest virus/malware definitions and runs a scan. If there is anything lurking in OS installation, it gets detected. Pretty nifty tool.


These days from what I have seen, there is an initiative called SSL everywhere. All the websites are now using SSL, which makes faking a site much much much harder. To top it all, a number of sites now use SSL-pinning. Which means, even if you produce a valid SSL certificate, say by a compromised CA key, the browser will detect it.

Even if you compromise router, it will be hard to bypass SSL-pinning.
Click to expand...


Cracking ssl certificate can also be done via shake hands evil twin can do that. This type of hacking requires multiple security exploits as people are saying it's highly likely the case with real life events then it's already been compromised. Even MAC emulation can be done to match the targeted PCs.

Bootable Linux with antivirus or bootable antivirus requires beginner level experience of network administrator. There's a reason they target the normal email reader and job opportunistic officer. This all requires time and patience.
This is why I suggested if military itself provides PC solutions to rtd army personnel it would reduce the risk of being hacked.
Those routers in security check ins are exploitable. Someone can get in print themselves a residential card and easily pass security.
I personally asked for a thread where I can provide exploits for routers and firmwares but nobody respond. It can increase our penetration testing and relying on cheap solutions will also end.
 
.
Mega_Man said:
Cracking ssl certificate can also be done via shake hands evil twin can do that. This type of hacking requires multiple security exploits as people are saying it's highly likely the case with real life events then it's already been compromised. Even MAC emulation can be done to match the targeted PCs.

Bootable Linux with antivirus or bootable antivirus requires beginner level experience of network administrator. There's a reason they target the normal email reader and job opportunistic officer. This all requires time and patience.
This is why I suggested if military itself provides PC solutions to rtd army personnel it would reduce the risk of being hacked.
Those routers in security check ins are exploitable. Someone can get in print themselves a residential card and easily pass security.
I personally asked for a thread where I can provide exploits for routers and firmwares but nobody respond. It can increase our penetration testing and relying on cheap solutions will also end.
Click to expand...
Sure you should do this. If the case is people will misuse it then internet is already full of these. Its good for awarness purpose. Tag me once u do it.
 
.
Our armed forces should have at least basics training about the threats related to new technologies.
 
. .
RescueRanger said:
Serving members do, it's the retired ones that are a loose end! Literally!
Click to expand...

Retired members should be under same strict regulation as active members for 5 or 10 years After this period their knowledge would be less sensitive.

Retiring ok but not without strict regulations and controls due to their sensitive positions.
 
.

Similar threads

ghazi52
Three security personnel martyred in Khyber attack
Replies
1
Views
334
ghazi52
ghazi52
Cash GK
Strategic Attacks on Pakistan’s Lifelines: A Nation’s Pain and Path to Recovery
Replies
1
Views
408
El Sidd
El Sidd
ghazi52
Even after a year in jail, Imran Khan still dominates Pakistan's politics
Replies
0
Views
1K
ghazi52
ghazi52
ghazi52
Ex-wife of boxer Muhammad Ali in Afghanistan to build sports stadium: Taliban govt.
Replies
0
Views
260
ghazi52
ghazi52
ghazi52
A year after SC annulled military courts, civilians await justice
Replies
1
Views
402
Shahzad Riaz
Shahzad Riaz

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Military Forum Latest Posts

Country Latest Posts

Back
Top Bottom