Social Hacking

Social Hacking

When talking about your crypto coins and your wallets, Social Hacking is a HUGE weakness. It is basically a statistics game. Social Hacking is the collection of data on a target in order to be able to make an educated guess on the user credentials for a system. In this case, your account login or wallet credentials.

At least 90% of Users have extremely poor and lazy security. We use email addresses for usernames, passwords which are easy to remember and we even answer those stupid account recovery questions truthfully. So a Social Hacker browses through as much of your social data as possible so to build a profile on you. For most of you, your Facebook accounts alone have the answers to your account recovery questions. Hacks cruise your comments, study your uploaded photos and more to open your life. For example, lets say you are a Bears fan for football. One of the Apple iCloud account recovery questions might be "What is your favorite sport?" or "Who is your favorite team of all time?" Don't you think that has been answered just by looking at your Facebook or Twitter attendance? What about your "Mother's maiden name?" Surely you did not friend your own mother on Facebook and then label her "Mom" so that a hacker can go to public records and get her marriage certificate?

Images that we upload may contain meta data that tells our location, phone or camera type and much more not to mention the image contents. Public records or even information that can be bought for $5 will reveal your tax data, addresses, previous addresses and more. The question about your first car.... That might only cost $5 to buy and a hacker can get your credit report and go all the way back to that loan for the car.

So you want to be anonymous? Cool. Then why are you on the PSN Network and "TrollKiller" and then using that same user handle on Gatehub? Now a hacker can identify you and link you to your wallets. Not to mention they may have your login username now.

A social hacker may go so far to acquire enough information about you to seem genuine and then contact you directly and phish information from you. It won't be one contact, it will be a storm until you finally slip up and answer at least one question.

My point is that 90% of Users have enough Social data out there for a hacker to log into any of your accounts. Even worse!!! Yahoo was hacked, credit card companies have been hacked. The hackers sell those username lists to other hackers. They take those lists and connect them to a program that might go to Gatehub or Bitstamp and test a username until it finds one with a response. Those websites respond with errors such as "Your password was incorrect" and then the hacker knows that username is in the system. Now they just need to guess the password which they may already have from the Yahoo hack, since you likely did not create a brand new password did ya.

Now, important for you is How does Blacksite Wallet protect you from these things? First, I do not allow email data or username data to link you to your accounts. Your login credentials require your account number which hopefully you protect as well as your password. I do not allow you to make up a weak easy to remember password, in fact, I generate y password for you that I know for sure will take the hacker years to guess. I force a password change on you every 90 days. So in the event that a hacker is in fact working on getting your password, it will be useless to them and force them to start over.

Login failures are recorded. I record every login to include the failure. Once the User reaches an unacceptable limit, the User's IP is blocked from visiting the website until they contact me directly. This helps to protect your account for anyone whom is trying to login with your data. It also protects your account because a Hacker will need to test the login data they have to see if it is correct. So let them try too many times and see what happens. Oh and one little funny trick it that depending on the method that you are attempting to log in, if I label you as a "Hacker" and your IP gets blocked I just want you to know that from that point on, your machine will be forwarded to all international Law enforcement agencies where I will also attach GET data to the URL of all of the info that I collect on your computer. I am sure that their own security monitoring will question why you are there and why this data is attached to their system now. :)

Loss of your security credentials such as account numbers or passwords, does nothing to your account accept that you forget. However there is NO forgot password process that is automated that will allow you back in. I personally deal with your password reset or your data and that happens after you personally contact me/us via Skype or any other video conferencing application. it is ok to forget that stuff. I know that I make it difficult but I do it to protect you from yours

facebook # twitter #
Share Post: