How I hacked accounts without actually hacking
Note: This is a conceptual story made to spread awareness. This event never happened in actual life.
I always loved movies/series, which involved hacking. That black screen with moving green text and numbers always excited me to learn hacking. However, when I grew up, I realized that hacking wasn’t what I saw in the movies/series. Hacking wasn’t as easy as depicted in the movies. After little research on hacking, I discovered that hacking can be done in two ways.
- Trick the Machine.
- Trick the Human.
And, if we compare both of them. Tricking a human is comparatively easy, as a human isn’t programmed like a computer, which only recognizes what it is programmed to.
In this Story, I will reveal how I fetched a lot of credentials without actually hacking.
This Story is about my Life at university.
My university had open WiFi placed almost everywhere on the campus, but to access WiFi, Faculty and Students were provided with unique login details which were authenticated using the firewall on the network, and to use the university WiFi, log in details were must.
As I was provided with a Student login account, there were many restrictions. The speed limit was decreased after a limit, more than 2 devices at the same time could not be connected on a student account.
On the other hand, faculty had no speed restriction, and up to 10 devices could be connected simultaneously on faculty accounts.
As soon as I got to know about it, I wanted a Faculty account rather than a student. However, that wasn’t possible according to the university norms.
I wanted a faculty account seriously, and I got an idea, and I went to the Library, where I turned on every computer to find saved passwords on different Browsers. Fortunately, after checking about 20 computers, I found out a couple of login details that I wanted, and along with it, I got login details of other websites as well.
Luckily, few worked, and the rest of the passwords were obsolete.
After getting successful in obtaining a faculty account, I wanted to do something Bigger. This time, I desired to obtain the credential of
everyone at the university.
Again, I got an Idea. I observed that browser history is logged, and the typed searches are registered. I asked myself what can I do, where each character pressed on the keyboard be secretly saved.
After searching on the Internet, I discovered a new term, “Keylogger.”
Keylogger is a computer program that records every keystroke made by a user. It is used for monitoring purposes, and it is highly used for malicious intent as well.
As Chrome was the most preferred browser by a considerable number of consumers, I decided to install a Keylogger extension in the Chrome browser. After installing the extension, I hid it in the browser by selecting the option “Hide in Chrome Menu.”
It was the game of Patience, I went to the Library to check the computers after two days, and I found a lot of login details that worked.
After getting the data this time, I wanted not just keys pressed in the browser but the entire computer. So I installed a keylogger on the whole computer, and now, every key that was pressed was being logged.
I again went to check the computers after two days, and this time, I found more data than I previously encountered. Data included chats, sent emails, and last but not least, log in details.
After a few days, I could not visit the Library due to the heavy workload, but I was curious to discover new data logged. So this time, I thought, how can I get the data remotely. After trying multiple unsuccessful methods, I found a Keylogger that had the feature to send logs via email.
After successfully setting up the new keylogger on multiple computers, I was able to get login details remotely with no effort.
After several days, I realized that my acts are highly unethical, and I could get into a lot of trouble. So, I stopped doing it and removed keyloggers from every computer, and deleted the collected data. Luckily, I logged in to verify the credentials and didn’t go inside any account, and neither checked their activity.
And this is “How I hacked accounts without actually hacking.”
I discourage everyone who wants to install a keylogger to fetch sensitive information, as it is illegal and unethical, and I am not responsible for any loss or legal hearing.
I want to suggest two measures using which you can protect yourself from getting hacked.
- Don’t use the same password everywhere. Because if your password got revealed, you wouldn’t get hacked at one place but many.
- Don’t enter or receive any sensitive information on public computers.
With this act, I was amazed that Human negligence could cost a lot.
