We all are whores in the internet's POV

AmrithshagarAmrithshagar
7 min read

Table of contents

The internet never cared about us. We are the ones solely dependent on it, surrendering the morsels of our lives to its algorithms, entrusting our secrets to its dark network, and unwittingly becoming the protagonists in a narrative we didn't quite sign up for. In the gaze of the internet, we are all, in a peculiar sense, its unwitting "whores," exchanging fragments of our existence for the convenience, connectivity, and chaos it offers.

It all started several months ago. In August 2022, my Facebook account got hacked. When I checked my mail early morning I saw a mail from Facebook mentioning that the mail address connected to my FB account had been changed. And the mail address is a weird-looking one. I immediately realised that something horrible had happened. Along with the mail the FB team had mentioned "If you didn't change the mail address as such, click this link and take immediate security action". So I went to that link and the follow-up page asked to reset my password. So I did so, and everything seemed fine as I got my password changed successfully. Then I tried to log into my account using my email ID and the new password. The login was half successful but an entire failure for me.

Screenshot of the mail I received from Facebook on the day the account got compromised.

Two-factor authentication

Before I continue with the rest of my experience, I need to explain the security layer called two-factor authentication (2FA). This security feature can now be seen in most applications like WhatsApp, Instagram, telegram, Facebook and Google accounts. It is a second layer of protection which can be added to all your accounts and applications to add extra security. It is similar to the OTP system we encounter when we register our phone number during an online purchase. Other than the usual password you use to log in 2FA will demand another key which may be a specific security code or a number generated by an authenticator app.

When we use separate authenticator apps are provided by companies like Google and Microsoft. When you log in to your accounts, these apps will generate a custom number which you should enter after your usual user-name password process.

The first attack

So coming back to my story, I didn't know about this 2FA security during that time. So when I entered my email address and the new password, the next step asked me to enter the 2FA key which I never set. Whoever cracked into my account must have found a way to set a key. So I didn't have any idea what that key was. But I was a little relieved when I saw another link below on the FB login page, that will allow me to surpass the 2FA key. So I clicked that link, and the new page had another level of security demand which I never anticipated.

To surpass the 2FA key users should turn on the camera, and show either their national identity card, passport, driver's license, birth certificate or any other ID issued by the government whatever that ensures the user's existence. The ID you show in the camera should contain your name, photo and date of birth. The system scans it, encrypts the id card data and stores it for a manual and automated checkup. Within 24 hours, the FB team will mail you whether the ID proof was accepted.

At first, when I saw this requirement I was a little shocked. Because Facebook was not well known for its data security. Bluntly exposing my identity seemed like a horrible mistake to me. Just with a simple scan my proof of living will be submitted into the dark hole of internet data. Anyhow the urge to get back my FB account crossed the limit of my ethics. So I just produced my ID card to scan. But to my disappointment for whatever reason, the system couldn't accept the ID. Within 2 hrs of submitting I received mail from the Facebook security team mentioning that the ID cannot be accepted. And obviously, there is no other way to get past this security access. So I lost my account access forever.

Interestingly, I checked my Facebook account through my friend's Facebook and nothing was ever changed and no weird posts were published. And as so far I inquired no weird messages were received by my friends from my id. So I couldn't figure out the intention of this hacking process. After this experience, I added 2FA security to all of the applications I daily use including WhatsApp, GitHub, Twitter and many more. Since my FB ID was not used maliciously, I guessed this might have been done by some lousy hacker for some weird practising and felt safe again....but not for long.

The second time

Then happened the most aghast internet experience of my life. I wish every internet user could read this to realize how careless we are around the internet.

March 31st 2023, I was accidentally checking the spam folder of my Gmail when I opened this mail.

Well to summarize this long mail it simply says, "I have hacked your PC. Below is your desktop screenshot as the proof. I have a private video of yours. Pay the ransom in bitcoins or I will leak the videos.". The climax of my cyber saga reached its peak with a chilling blackmail attempt.

The screenshot that was sent was an exact frame of my laptop screen of which I was watching a particular YouTube video which I remembered perfectly. For some reason, Gmail on my desktop didn't show that image but it was accessible via my mobile. After some time of obvious panicking and raking the internet, I came to understand a few things. This type of mail has been circulating for a while in different versions. Some may share your password as proof that you are hacked. The hackers don't have any private details of yours, if they had them really, those would have been shared with you in the first place to make their end of the bargain stronger. But the honest part is your PC or mail account has been compromised. It could have been done via some malware.

Initial steps to secure your account

Change the password of your account and avoid using easily guessable information. Use a combination of uppercase and lowercase letters, numbers, and symbols. Employ unique passwords for each account to prevent a domino effect if one is compromised.

Install reputable anti-virus software that provides real-time protection. Run full system scans to identify and eliminate potential malware. I used Malwarebytes based on what was recommended on the internet and it seemed working well. It detected certain harmful files and removed them.

Review and update your Google security settings. Enable account recovery options, such as secondary email addresses and phone numbers. Monitor connected devices and revoke access for any unrecognized or unused devices.

Enable 2FA for an additional layer of security. Use authenticator apps like Google Authenticator or Microsoft Authenticator. Avoid relying solely on SMS-based 2FA, as SIM card swapping attacks are a potential risk.

What were the mistakes I did

Firstly a very naive mistake I made was I have been using the same password for most of my accounts over the internet. When you use some poorly secured websites there is a high chance they may get hacked and your credentials get accessed by unauthorised parties. And if you are using the same password all over the internet, easily a hacker may get access to your Google or any social media account.

Clicking unauthorised links was the next one. I was once searching YouTube to get free access to certain material, and I found a YouTube video guiding it. There was a link in the description saying free download was available. I clicked, downloaded it and installed it on my PC. but it didn't work so I forgot about that afterwards. After some time when I went back to that video, I found out that video had been removed and in fact, the channel that posted it was hacked at that time! They were some general people who made some podcasts. Which means the link I clicked was planted intentionally by hackers.

End of story

And about the blackmailing, well I repeatedly received the same mail for two months continuously and then they stopped forever.

In the labyrinth of the digital realm, where convenience often meets vulnerability, my journey through online security taught me invaluable lessons. The internet is both a treasure trove and a minefield. While we navigate its vast expanses for knowledge, entertainment, and convenience, the risks are ever-present. Vigilance, diversified passwords, and a keen eye for dubious links are our armour in this digital frontier. Let these lessons guide us in fortifying our digital defences, ensuring a safer and more secure online existence. After all, in the vast web of the internet, a cautious step can make all the difference. Let these shared experiences serve as beacons, guiding all internet users towards fortified defences, mindful practices, and a resilient stance against the ever-present threats. The digital realm may be vast, but with knowledge and vigilance, we can navigate it securely. Stay secure, stay vigilant.

10
Subscribe to my newsletter

Read articles from Amrithshagar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Beginner DevelopersSecuritysecurityawarenessFacebookGoogleTwo-factor authentication (2FA) MalwareMalwareBytesMalware Attacksgmailhackinghacked accountsWeMakeDevs@WeMakeDevs @hashnode#wemakedevschallenge

Written by

Amrithshagar
Amrithshagar