Spamchat and Instaspam: The Clones!

Obviously, spam has been a problem for years, but what I’ve been noticing a lot recently are “quirks” about spam accounts on several different messaging apps and other social sites.

Let’s start with Instagram. Like any other popular app, we knew it would have spam issues eventually. The strange part is that some of these spam accounts seem to slip through the cracks – maybe because they’re created so quickly.

One group of spam accounts in particular that stood out uses Portuguese hashtags like #chuvadeseguidores, #chuvadelikes, and #seguidoresreais to attract followers. (“Chuva de seguidores” = rain of followers.) In fact, it appears to be based out of Brazil. When I checked these particular hashtags, it was obvious that all of the photos tagged with them were spam-related as well:

chuva_de_seguidores_ok5764787435

30602021_211848329401778_4003550097064329216_n

You would think most people would just ignore these, but that’s hardly the case. The accounts have hundreds, if not thousands, of likes and comments. I suspect, however, that these “followers” you gain are not real people, but more bots.

On top of that, one of the dangers may be that if you unintentionally give permissions to one of these bots to follow you, it might start “liking” things on your behalf. I’m sure that’s not what all the people liking and commenting on their photos intended.

My thought is that if you want tons of likes, you either have to buy them, or do it the hard way – make great content. Anyway, what’s the big deal with likes? (Oh, I forgot. It’s 2018.)

Give me SpamChat!

While SnapChat’s a bit different in this regard, it clearly has the same issue. Instead of accounts with photos, however, the spammers pose as “friends” or people looking for friends. Sound familiar?

snapchat_spam

I don’t use Snapchat as much as I do Instagram, but I would assume that similar rules apply. If you correspond with the bot, it will have a scripted “conversation” with you, and at some point it will redirect you to an adult dating site, or something along those lines.

To prevent this, go to your profile, and click the settings gear. Under settings, there’s an area that says “Who Can…”

snapchat_contactme

Change “Contact Me” from “Everyone” to “My Friends,” and you should stop receiving snaps from the spammers, if you have been at all.

Apparently, this is a problem on Kik as well (why am I not surprised?). In a similar manner to Snapchat, the bots will send you a message posing as a real person, and redirect you to an adult dating site. One of the catches is that these sites tend to be extraordinarily expensive, and can have multiple hidden charges – so there’s your scam.

kik_spam

On the other hand, if you want to code a Snapchat bot, that’s a different matter.

I happen to have found some GitHub repositories for both Instagram and Snapchat bots, if that interests you:

GitHub – instabot-py

GitHub – SnapchatBot

Check those out, and they may put you on the right track.

Let’s just hope the social media bots don’t destroy all humans.

sophia.gif

 

Advertisements

Have I Been Pwned (Again)?

Sigh. You would think that, with all my dark web exploring, I’d be better at being confidential. Hey, I’m working on it!

This morning, I was chatting on IRC, and a “random” person happened to pop in. He acted as if he knew me, but in a few seconds, it just turned out he was a troll (or at least I think that was his purpose).

hexchat_ubuntu

I had seen the same person on Psycho Social Network a few times, and that site has a link to this blog on the homepage. It also has a link to my Twitter account. It appears that said troll just made a connection between the various accounts, and decided to use it against me. Why? Probably because he could.

What happened then was that he left the chat and came back in, using my real name. Do I have a doppelganger or something? Finally, the mods kicked him, but I have to wonder – where else is my personal info being leaked?

As I mentioned on Beware, Maltego Will Find You!, it can be easy to connect different social media accounts and such. Maltego isn’t the only tool for this, but it’s a handy one.

hack-like-pro-use-maltego-do-network-reconnaissance.w1456

In the instance above, Maltego has collected email addresses from SANS Institute, and will also collect the nameservers and mail servers. Creepy, no?

I tried a similar search on Have I Been Pwned with an email address I came up with off the top of my head (not mine), and lo and behold, it had been pwned. Dang.

haveibeenpwned

It’s also possible to use tools like nmap for this purpose as well, but that takes more expertise – just a matter of preference. Anyhow, I somehow doubt that this troll went to all that effort – I think he just made the obvious connections between my dark web and clearnet social media accounts.

Still, it’s creepy. Maybe I ought to look into that fake identity thing, after all. It just seems like a lot of work to maintain three fake people.

HackerCombat: Secure in the Dark Web?

Before I start, I should say – I’m not writing this to make enemies in the dark web world; I just like to get proper info out there. Like when I say there’s no “Marianas Web.”

344ccaec766c2c29d15345ff5bd0f54d664865116bf1120bfb78b08cfb0248ab

That being said, one of the sites I subscribe to is Hacker Combat, and I happened to notice that they had an article today called Stay Secure While Venturing into the Dark Web. After having read lots of similar content, I tend to be skeptical of articles that give advice about “being secure in the dark web.”

I’ll give it the benefit of the doubt, though. Let’s see what they have to say:

Well, there are many users who still think that the dark web and the deep web are the same. In fact, the dark web is just a part of the deep web and comprises that part of the internet that’s “hidden” and needs to be accessed using specific software and configurations. So, you need to use Tor, Freenet, I2P or Riffle to access the dark web. It’s a well-known fact that even the Google search engine doesn’t show results of the dark web. 

This is partly true, but it’s the last sentence I take issue with. Actually, Google will show results from the dark web (Tor, at least), but it doesn’t pick up all the sites. As I’d mentioned on the post Can You Access .Onion Sites Without Tor Browser?, it is possible to reach .onion sites without using the browser. These sites use what’s called a Tor2Web proxy, which is basically a middleman connecting you to Tor.

Thus, some of these sites will show up in Google results. For instance, Psycho Social Network, which I’ve talked about a few times, will show up on a Google search, but clicking on it uses the proxy:

psycho_social_google

To put it in simple terms, it’s like asking a cab driver, “Can you take me to this onion site?” The cab driver says, “Sure!” On the other hand, you don’t know for certain if this cab driver will try to take advantage of you, just as you don’t know if a proxy is trustworthy.

Anyhow, let’s see what else the article says.

Using a VPN Service is good- Using a VPN (Virtual Private Network) service is always advisable; it adds to the anonymity factor. You should always remember to turn on the VPN before beginning to use the Tor browser or any such service; this gives you added anonymity plus security.

I also take issue with the idea that a VPN gives you added security, unless you’re the one who designed the VPN. A VPN can help you hide your Tor usage from your ISP, but then the VPN provider also has a record of the fact that you’re using Tor, and may or may not keep logs of your activity. Some claim not to keep logs (e.g. IPVanish), but if the time came where they were subpoenaed and told to give up your info, that may be a different story.

Have an up-to-date antivirus program- This is basic to security; you need to have an antivirus software even if you are not venturing into the dark web. But when you are doing it, you must have an anti-virus software. That helps add to the security.

This is true to a degree, although it depends on the kind of attack you’re trying to prevent. Some antivirus programs don’t have the capability of stopping certain types of attacks (such as ransomware). Anyhow, I suppose having one is better than not having one.

Keep your webcam covered- Webcam spying is reportedly common in the dark web. So, while you’re on the dark web, it’s always good to keep your webcam covered. You just don’t know; someone could spy on you and later subject you to extortion scams. Stay safe, cover your webcam.

This part I agree with – it is definitely possible to crack a webcam’s security, and covering it with tape is about the most basic way you can keep someone from looking at you.

laptop-1606678_960_720

The article offers more advice as well, but these were the parts that stood out to me. Whether you agree with the points they make or not, I suggest reading it anyway. If you’ve never ventured onto Tor before, it could make a good field guide.

Linux Drama is Over! (For Now.)

I’m happy to report that my “Linux drama” has ended (for the moment). See?

gnome_desktop.png

Unfortunately, this required me doing a factory reset of my machine, so I lost all my data – yeah, tease me all you want. That’s why you do backups, right? Fortunately, nothing I had was irreplaceable, with the exception of a few drafts I had written.

I did get rather frustrated with the process, but I know that that’s part of coding and using computers/smartphones in general. Can I get back to the dark web now? Sure. Let’s hope it doesn’t compromise my system.

At the moment, I’m going back to the terminal and attempting to reinstall some of the missing programs I had before. Easy, right? You would think so.

More specifically, I’m attempting to install HexChat, which is one of the IRC clients I liked, and the terminal is saying that the repository I’m trying to use doesn’t exist. I’m assuming that it’s just on a different repository, but I’m not sure which one that is. This is strange, because right before my system went down, I  was using HexChat without any problems.

Is there another client I should be using? WeeChat, perhaps? (Oh no.)

YFy0a

My friends mess with me about being technically incompetent, but usually my problem is that I overthink things and get stuck on one or two steps – I think that’s the curse of coding in general.

Anyhow, it’s good to be back! Have any requests for posts? Please share.

Linux Drama Part 2: Trolling!

I found a great quote on bash.org today that applies to my Linux dilemma:

I discovered that you’d never get an answer to a problem from Linux Gurus by asking. You have to troll in order for someone to help you with a Linux problem…Instead, I did what works. Trolling. By stating that Linux sucked because it was so hard to find a file compared to Windows, I got every self-described Linux Guru around the world coming to my aid. They gave me examples after examples of different ways to do it. All this in order to prove to everyone that Linux was better.

So OK then. Linux sucks! It’s shit! Windows was better! There, I said it. (haha.) Just kidding.

In all seriousness, as I’d mentioned on my earlier post, I attempted an update, and it seems that I really messed up my system. At present, I’m working on booting the system with GRUB, which, to be honest, is completely new to me. It’s not complicated at all, though!

IMG_20180707_080447_475 OK, maybe a little complicated. What I was attempting to do was choose the previous kernel from this menu, but then I got a message that I didn’t have permission to do that. I’m not entirely sure how to change the permissions so that I can choose it.

So, I’m asking the Linux users out there – is this the right route? I don’t want to further mess up things in the process of trying to fix them!

In the meantime, I’m writing this blog from whatever machines happen to be available (including my phone).

It’s weird – this is the kind of thing that people expect to happen when they’re on the dark web, and yet it happens to me without any “help” from the dark web. If need be, I’ll just completely reinstall everything, but it might help to know where to start!

And I used to get annoyed with this:

Blue_Screen_Of_Death_by_Xentalion

 

 

Red Triangle Wiki Deleted!

For those of you who have been following this whole “red triangle” puzzle like I have, you may be disappointed to find out that the official wiki (on wikia, at least) has been deleted for not being a valid community.

red_triangle_wiki_deleted

Not valid? Why? Were there not enough fans?

Chapter_4

I’m not sure why this is the case – perhaps the mods of that site didn’t find it to be relevant enough. However, there are some other sites with information about the puzzle (Reddit, of course!) Here’s the reddit thread (under r/ARG) for those who are interested: The Red Triangle – Cryptic deep web puzzle

Also, there are some YouTube videos about it – are you surprised? YouTube loves this kind of stuff!

Fright Knight, whose content I haven’t checked out much yet, has an in-depth video about it: The Unsolved Mystery of the Cryptic Deep Web Red Triangle Puzzle

There’s also some basic information on Steemit by (who else?) Defango, who brought attention to the whole thing in the first place: The Red Triangle Puzzle – updates.

Like Cicada 3301’s puzzles, there’s an endless amount of speculation and debate as to what these could be about. Are they a recruiting tool? Are they just for fun? Do they hint at something more sinister?

I don’t have any definitive answers about this, but since the wiki is gone, you puzzle solvers could use my blog posts as a reference, if you like! Unfortunately, I don’t have all the detailed lists of solutions that the wiki had previously.

In any case, it’s no big deal. I’m sure lots of other puzzles and mysteries will come along, but this one just happened to be one of the more intriguing ones as of late.

If you have any other mysteries to pass along, readers, feel free to share them in the comments. I like a good challenge.

 

 

 

Linux Drama: I Was Frozen Today!

Before they make memes illegal here too, I’ll post this:

i_was_frozen_today

Now that that’s out of the way – this morning, I was doing an upgrade to my Ubuntu system, and everything seemed to be going well. As a guide, I was following this article: How to Upgrade To Ubuntu 18.04 LTS Bionic Beaver

linux_upgrade

I started with the command:

$ sudo apt-install update-manager-core

Afterwards, I followed up with:

$ sudo do-release upgrade

This didn’t work, and I believe the issue was that the release wasn’t available yet. So, here’s where my big mistake happened. I attempted to force the upgrade by entering:

$ sudo do-release upgrade -d

This was where I clearly screwed up, because afterward, I was unable to get past the login screen on my system. Well, let me take that back – I could get past it, but all I would see is a blank desktop, very similar to this:

ubuntu_blank

Interestingly, some other users on Ask Ubuntu have had similar issues:

ask_ubuntu

Fortunately, another user on that same site had a good solution. He suggested opening the GRUB menu and selecting the previous kernel. This sounds like my best option. If I did actually lose all my data, thankfully there wasn’t anything irreplaceable there.

It’s funny – I have times when I can do all these advanced coding-related things, and yet something simple like this will put me out of commission.

You can’t keep a good man down, though!