Delete Facebook - theft of private data and data leakage - Downloading your own facebook data - Everything a facebook user should know

You might have heard in a last few days about everyone's facebook data getting leaked to a private company. How and why are some matters we will discuss about later but the most important concern is which data is getting leaked. The answer is, your private information. Facebook spies on you in one or the other way and gets all the information from your device. Also, you can't argue about this - because it is clearly mentioned in terms and conditions when you signup for a new facebook account. And without reading, you click "Agree and Continue". But let us leave that point and focus on what is happening now and how can you get a proof of it.

Let me share my own experience when I once doubted about this but didn't had any proof. A few months ago, I visited a family function (yep... you got it right - I didn't want to visit that). There I just meet a man who was in a far relation with our family. It was definitely the first time I was that person. And I was surprised the next day to see that person in my "facebook friend suggestions list". That day, I searched all over google to get the answer of - How did this happen! I surely doubted facebook spying on us - through our locations, phone calls, and more... But didn't get a single answer on google. What everyone said was - facebook uses master algorithms to get this data. And I was like - algorithms are meant to work on data and not to steal data. But as time passed, I forgot of it.

Here are some proofs to make this article interesting:

Click to view full size images. Explore more by yourselves... Steps are mentioned below in this article.

But now, its time for everyone to know. You probably know by now, that there is a #DeleteFacebook movement sweeping the internet. After the Cambridge Analytica scandal, users across the world are terrified that Facebook has been using their accounts against them. The Cambridge Analytica scandal is all over the internet from past few days. The story is short but not sweet. Once, Facebook signed a deal with Cambridge Analytica to provide them users' information for analysis. But afterwards, they got a change of mind and asked Cambridge Analytica to stop retrieving the users' data from Facebook servers. Cambridge Analytica, on receiving this message, sent a message to Facebook that they agree to stop getting data from analysis from Facebook servers. And you know what - facebook was happy with that message. They didn't took this thing seriously, they didn't crosscheck if the message they received was just a message or the task was actually implemented. And now, after 3 years, they came to know that Cambridge Analytica didn't stop spying on users' data.

It all started when the scandal was brought to light after a whistleblower at Cambridge Analytica, a consulting firm for Trump's campaign, admitted that they had access to millions of users' Facebook data. After this, it didn't take long for users to realize that they were able to download their own "Facebook Data" in order to find out exactly what information companies like Cambridge Analytica have on users like us.

And then, users' started implementing the job to see which data was actually leaked. And the result was completely terrifying. First, let us learn how to download your facebook data in 5 simple steps:

1. Open your facebook home page. Go to settings.
2. Click your facebook "General Account" settings.
3. Click "download a copy of your facebook data".
4. Verify that you would like the data file downloaded and sent to your email. (Wait for some minutes so that the compressed file is ready)
5. Open your email and download the file.

After downloading the file and investigating exactly what information Facebook has stored on you, you may contemplate deleting your account or at least limiting your information. Users that have downloaded their own data files have found extensive information on their previous contacts, call history, private telephone numbers from their phones, dozens of companies targeting them for ads, and complete conversations from Messenger.

See the below real time examples if you don't trust The Hacker's Library:

If you never understood what "being a product on $FB " means, go to Settings -> "Download a copy of your Facebook data." and then go to Ads tab to see the list of the companies that acquired your data. Mine is so long that it couldn't fit on my 34' monitor. pic.twitter.com/dIydW9o5ND

— Łukasz Strzałkowski (@lukaszx0) March 22, 2018

Following the examples of others I recently downloaded a copy of my #FacebookData they even have record of private telephone numbers of contacts from my address book who are not on the platform! Totally reconsidering my presence there. pic.twitter.com/jt3Oiaj18D

— seawildearth (@seawildearth) March 23, 2018

Downloaded my facebook data as a ZIP file

Somehow it has my entire call history with my partner's mum pic.twitter.com/CIRUguf4vD

— Dylan McKay (@dylanmckaynz) March 21, 2018

Well, that's it. Are you going to delete your account? Or just post less information on Facebook?

Read More

Source code for massive memcached server attack leaked - Memcrashed code made public

Its the time when everyone can attack. You, me and everyone else with the code can now perform a DDoS attack using the memcached servers. In this article you will find the source codes of the massive DDoS attack performed using memcached.

First, make a note of this - 

I am not liable for any kind of misuse of this codes. You are on your own. This article is only for sharing information and its misuse is not promoted by me.

This article is linked to the previous article I wrote, so kindly read the previous article if you haven't. The whole thing is what people call Memcrashed. If you don't know what it is - its just a simple way of performing the world's largest DDoS attack. For more info, I would recommend you to read the below articles -

• Who performed the largest DDoS attack on GitHub and How?
• The Biggest DDoS attack on GitHub using Memcached Server

After reading the following articles, everything here will make sense to you. You, too, can now attempt a record-setting denial-of-service attack, as the tools used to launch the attacks were publicly posted this week.

This code were released as a proof-of-concept code making programmers aware of how this thing works. There were intotal two codes released. One was released by @037 twitter user, and the author of the other is still unknown. Code released by @037 is written in python while the other is writtern in C.

The python code scans for memcached servers using shodan search engine API. Then it starts the attack depending on the input provided by the user. It’s been just over a week since the first massive memcache-fueled denial of service attack. The code’s authors says it’s being released “to bring more attention to the flaw and force others into updating their devices.”

Akamai and Cloudflare predicted more attacks following the record-setting efforts. Cloudflare CEO Matthew Prince said he was seeing separate attacks of a similar size last week.

“Looking at shodan.io indicates there are many more than just 17,000 Memcached servers that can be used for DDoS attacks,” said Ashley Stephenson, CEO of Corero. “If the vulnerable servers on the list are utilized for attacks they can be neutralized with the kill switch by sending just 17,000 packets, one to each attacking server, neutralizing their DDoS potential until they are reloaded by the attacker which take 10,000 times longer. Corero has announced today that the ‘flush-all’ command can be used as a benign active defense ‘kill switch’ by those being attacked to suppress attacks from the compromised Memcached server.”

This vulnerability has existed since a decade and now more and more attacks of this type are possible because of the source code leak. Wasting no more time, I am providing the links to download the codes.

1. C language code 
2. Python code 

 Enjoy.. but remember - No Misuse...

Read More

The Biggest DDoS attack on Github using Memcached Servers - Survived

Brief News:- On Wednesday, at about 12:15 pm ET, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. However, the attack cannot take the server down. GitHub managed to tackle the attack and it lasted for less than 10 minutes.

Seems great, right! 1.35 terabits of traffic using botnets. What do you think about how many botnets might have been required? And it would be surprising to tell you that this is a new method which doesn't use Botnet. Rather, it uses only a single server - Memcached Server. It was the most powerful distributed denial of service attack recorded to date—and it used an increasingly popular DDoS method, no botnet required.

Before going into deep about what happened, let us understand how this attack can be done. This is something you will find in all my articles because I believe that having the knowledge of what happened doesn't help. One should also have the knowledge of how it happened. And that's the reason why I always specify the method of attack. Let us start by learning what is memcached server and how are they exploited to perform this kind of attack.

What is a Memcached Server?

Memcached Servers are used to cache small chunks of data in the memory of a server. Think of the time required to retrieve data from the database by making queries to it and then converting that data into a readable format. What if a server finds out that a piece of information stored in database is accessed frequently! The server can access that data once and then store it into the cache i.e. memory. Now, only a memory read needs to be performed to access the data.

Memcached is a distributed caching system used for this purpose. It stores the data in dictionary form using key-value pairs. And hence, speedily access to data can be done. Hence, it works to speed up servers and websites.

How can a Memcached Server be exploited to DDoS?

Memcached servers generally return a large amount of data in response to a small request. Also, it works over UDP on port 11211. These are the two things which are taken as an advantage to exploit the server.

Crooks send small byte-sized requests to Memcached servers on port 11211. Because the UDP protocol wasn't implemented correctly, instead of responding with a similar or smaller packet, Memcached servers respond with packets that are sometimes thousands of times bigger than the initial request. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn't then you have no control over it. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address. Hence, the return address field in the request packet is spoofed to the target's (victim's) address.

In the DDoS community, this type of DDoS attack is named reflective DDoS or reflection DDoS. The amount of times the response packet size is amplified is the DDoS attack's "amplification factor". By a research, it is found that the amplification factor of a memcached server can reach a massive 51,200.

Now you know how the attack is performed, let's take a look a the news...

What Happened?

GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off.

“We modeled our capacity based on fives times the biggest attack that the internet has ever seen,” Josh Shaul, vice president of web security at Akamai said hours after the GitHub attack ended. “So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope."

GitHub continued routing its traffic through Prolexic for a few hours to ensure that the situation was resolved. Akamai's Shaul says he suspects that attackers targeted GitHub simply because it is a high-profile service that would be impressive to take down. The attackers also may have been hoping to extract a ransom. "The duration of this attack was fairly short," he says. "I think it didn’t have any impact so they just said that’s not worth our time anymore."

As a result, everyone thought that memcached process should not be available for public. It should be kept private for the servers. The infrastructure community has also started attempting to address the underlying problem, by asking the owners of exposed memcached servers to take them off the internet, keeping them safely behind firewalls on internal networks. Groups like Prolexic that defend against active DDoS attacks have already added or are scrambling to add filters that immediately start blocking memcached traffic if they detect a suspicious amount of it. And if internet backbone companies can ascertain the attack command used in a memcached DDoS, they can get ahead of malicious traffic by blocking any memcached packets of that length.

This was everything you need to know about the news... Thanks.

Read More

Learn Machine Learning with Google AI - Google offers free online machine learning course for everyone

Short News:- Google is now offering everyone to learn Machine Learning for free! Yep.. at zero cost.

First of all, let me clear myself. You might be thinking - why such a post in The Hackers' Library! There's no hacking in here! Yep.. you are absolutely right. But this post is here due to a single reason. I always thought of creating a Master Hacking Bot. We all know the power of AI. Just think of what can a bot do if it is taught to HACK!!! Along with ML capabilities, the power of this bot can be infinite. I don't know if it is possible or not. But the truth is - no one charges you for dreaming big...

So, now let's start the discussion. There is really no good material available on net for learning AI. If it is, I doubt it is free. But no worries now, Google brings you a way to learn AI and ML for free. Not only it gives you tutorials, but it also gives you practice by providing you with examples and exercises. It introduces you to the world of AI.

"AI can solve complex problems and has the potential to transform entire industries, which means it's crucial that AI reflect a diverse range of human perspectives and needs. That's why part of Google AI's mission is to help anyone interested in machine learning succeed – from researchers, to developers and companies, to students," said Google Technical Program Manager Zuri Kemp on the company's official blog.

She also introduced the new Learn with Google AI website which provides ways for users to learn about core machine learning concepts, develop and hone their skills in the subject, as well as apply the technology to real-world problems.

This website is created for a wide range of users. Everyone from deep learning experts needing advanced tutorials and materials on TensorFlow, to newbies who just want to take their first steps with AI. That means, from students to experts, everyone can use this website, learn from the provided courses and expand their knowledge upto the top level.

Learn with Google AI also offers a free online course (actually its first course) called Machine Learning Crash Course (MLCC) which provides exercises, interactive visualisation, and instructional videos for anyone to learn and practise machine learning concepts.

So far, more than 18,000 Googlers have enrolled in MLCC, applying lessons from the course to enhance camera calibration for Daydream devices, build virtual reality for Google Earth, and improve streaming quality at YouTube. And this great achievement inspired Google to make it available for everyone. (Yep.. Google too needs inspiration - everyone does...)

This course is estimated about 15 hours and it is designed for newcomers with a zero knowledge of Machine Learning. There are some prerequisites of this course which are stated below:-

1. Knowledge of algebra - Yep...Mathematics including algebra and statistics is must and most important for ML.
2. Programming in Python - This is because the examples provided in the course are coded in python. It is not necessary but compared to other languages, Python is best for AI.

"There’s more to come from Learn with Google AI, including additional courses and documentation. We're excited to help everyone learn more about AI," said Kemp.

Read More