Watch this hacker break into a company
Вставка
- Опубліковано 31 тра 2016
- Social engineers, or people hackers, specialize in getting you to share information you shouldn't -- like personal details that could lead to a password being stolen. Laurie Segall reports.
Spoiler Alert: The company was Yahoo
home depot and target on episode 2 and 3
or microsoft....
Microsoft tech support is like 90% Indian
Yeah the fake tech support William
It could be any company, really.
A cyber security guy gave a lecture in my class once and he said "The most difficult part of cyber security is the people". "You can rewrite code, you can isolate networks, but people like to be helpful and that is all it takes for a hacker to get in"
This is true. People believe that most people are not very trusting of others but in fact, studies have shown that people are much more trusting of strangers than we'd assume.
One of the studies I remember they called a bunch of random people, told them to flip a coin, and if it was heads, they win money. If it was tails, they didn't win.
It was split evenly 50/50 on who reported heads and tails, meaning people weren't lying to say they got heads just to win the fake prize. They actually believed the caller and flipped a coin. Pretty interesting.
This sort of psychology can be quite fascinating, especially since we don't know exactly how or why it all works the way it does.
A quote that I remember is "if there is a conflict between security and usability, usability always wins".
An example for this is that if employees are required to use long and complicated passwords, they will start writing them down on a piece of paper on their workplace.
I also know a company where there was a requirement to use second factor authentication to access certain data, and the session regularly expired while looking through the data. Only took 1 day until someone wrote a "stay alive" script that prevented the expiry.
If you restrict the user rights on computers too much (e.g. keep them from installing software they actually need), employees will start working on their private PCs and transfer data.
If employees are required to change their passwords regularly, they will only change a minor detail about it (e.g. change a digit at the end of it)
I think this goes in a similar direction - you can totally make an IT system quite secure, but you really need to be careful how it impacts usability. This, combined with, as you said, general helpfulness and trust in other people's good intentions will always be a weakness.
Imo, if social engineering is done well (involving publicly available information about a company or private data that makes things seem plausible, almost everyone will fall for it. I include myself here btw. If someone really did his research on me and crafts an email with believable content from a person or company I interact with, without any obvious red flags, it is quite likely that I will click a link or open an email attachment...
Yes sir 😺
"Oh btw, Ken was fired"
@matthewmorrison3703 Nigga I don't even remember what this video is about
When used for crime, these kinds of people are called manipulators and sociopaths. This guy was smart enough to make a good living off of being conniving and convincing. Pretty cool dude.
Ya alot of the top hackers change sides after they are caught by fbi and are asked for a good plea deal or no jail at all if they would instead use their knowledge and help the government
It's just fun
That's not sociopathy, Sociopathy is someone who doesn't have the ability to form their own emotions, and can't really comprehend why emotions are important, and they can become great a miming emotions, so yes sociopaths are great manipulators, but there's a whole bunch of impulse stuff that comes along with it.
@@callofdutyblackops9 agreed, and I'll add to grace that Being used for crime or not it's still manipulation.
What a crockof shit he's stealing
i wish i had this lads social skills
Rhandy it's not even social skills, it's just lying. You have the skills to do this haha
Everything is easy, if you know what you're doing
just stick to the script and its easy as hell
I recommend you to watch some defcon presentations on social engineering. It's really easy to convince people to give you the information. You have to understand that all he does was asking a guy to search a web-site. What they didn't tell you that somebody had to find that exploit, wrote a code/script... Not to mention they need to mess around his/theirs system and dig deep for flaws.
guys, I think he was being sarcastic
I need to hack into my customer's brains
I think that's impossible
use a hatchet.
njice nice meme nice nice meme nice meme
Yes, learn your marketing.
its not impossible, its possible. We have something called a brain inplant where a chip gets inplanted in your brain, after thats done you can hack it. They inplant these chips into paralyzed people in some countrys like America so they can gain control of parts of their body. So with a chip inplanted in your brain hackers can manipulate the signals and make harm. This tech is many years old so google it if you dont believe me.
You can do same thing with cookroaches and other insects aswell, Google cyber cookroach, inplant a chip into his antennas and you can control the cookroach like a robot.
The most ironic sentence that came out of his mouth “I really suck with computers man” 😂😂😭
i know for real
I find it very hard to believe that this script could, with a *single* input from a person, grant any useful access to anything, let alone enough to 'bring down the company'. This is hyperbolic to say the least.
I've worked in Operations and tech support, I would never go to a page one of my clients told me to go to, I would vet it on a virtual machine....for THIS very reason.
I know right, this is news doing scare bs once again. Just clicking a link doesn’t give them access to your whole computer. Otherwise it be completely unsafe to surf the web, since clicking links is the entire process of surfing the web. These scam sites are always trying to get you to run executables. Why the heck would they bother if just clicking the link for the executable download was enough?
Watch this hacker break into a company > Watch this random guy make a phone call and install remote desktop.
lol yeah that is what I thought too
I like to think he had Social Engineering Toolkit on Kali on that laptop installing his own propagating java backdoor.
Hardly a random guy.
Adam Webster well, he did write it.
never heard about privilege escalation? if he hacks a pc inside a company, he can access to the whole
2:18
"We gotta grow up a bit"
*sees spider-man blanket and mannequin in background"
ok
The day an Age where being a gee is still "Childish "
Extritio I thought this same exact thing and scrolled down to see someone else did too lol
It's not childish to be a fan of something
lmfaaooooo
That joke was actually a lil more funny because it's comin' from a weeb, haha.
My grandfather possessed exemplary hacking skills. He killed my grandmother with an axe in 1982.
Plot twist : The company was Twitter
"What do you think of when I say the word hacker?"
um
*inspect element*
Yeah keep *inspecting robux in roblox dude*
+MrLeviNielsen
lmao😂😂😂
but that's true
@@Dark_Rizz Moron you can't hack robux by messing with inspect element. The currency is stored on secured roblox servers. I already tried with picto and failed.
@@blakebarbee7224 that was a joke don't take it too serious you'll get heart attack LOL
For each thing he hacked he lost a single hair
LMFAO
Priceless
🤣😂😂😂😂
Hahah
Hahahaha
I'm guessing the real problem here is not that Ken from support visited a website, it's that the remote desktop software on his computer wasn't configured to ask for authentication. All the website did was provide his computer's local IP address and then the hacker used that to connect to his computer. He could have easily done this completely without Ken from support's assistance by simply scanning the local network for computers that respond on whatever port they are using for RDP. That whole call to Ken from support was nothing but added dramatic effect.
What if he wasnt given the local ip of the company?
I dont think he was on the local network. I believe he was doing an external pentest. In which case he migh have had an injection based attack already discovered and preconfigured but it required user interaction(the click)
@@annaparker8234 I think this video give the wrong portrayal. I'm in tech so I know what you are talking about, which is totally logical, but this video definitely made it look like the user interaction was all it took to completely own them.
@@kylemossi agreed, thats why the media and our friends have the wrong impression that it takes 5 minutes for us to bypass any protection.
There are several levels of hack.
He hacked his browser this way and that is all you need bro...
i need hackers worldwide m4n4n@hotmail.com
So CNN learned clickbait...
Kyle Choi how was this Click Bait??
ikenna unamadu title watch this hacker break into a company instead he just calls a bussiness man and let him go through a computer..
Marcus 5_887_4 lol so the computer broke in the company?
Boy does this comment age well
"we gotta grow up a bit" *he says sitting in front of a giant spiderman"
ya
dafuq is wrong with that?
And here is another guy who thinks that growing up means giving up Anime & Cartoons.😂😂
lmao
We got lots of famous people who are fans of marvel. What’s wrong with that
not gonna lie. The interviewer got a little bit wet when he told her he successfully hacked the entire company.
“Hello world”
I’m in boys
Print:(“hello, world”)
@@iiReTr0Z python :)
@@iiReTr0Z actually print("hello, world") :)
I think of the Hacker known as 4chan.
He's the 400 pound man in the basement, right?
Yeah, his real name is Chuck, and it's his mother's basement.
Spooky euH
Uh 4chan is a chat service.. not a hackers name.
Broken Logic whoosh...
That guy he hacked was genuinely nice
me: going on the website and clicking here
my brain: i hope its the wrong website
for anyone wondering, he used metasploitable to create a reverse shell onto his computer
*metasploit not metasploitable
@@steez4778 the vm image is called metasploitable...
@@revivalamt6991 metasploitable is a machine meant to be created to practice exploitation and pentesting, on the other hand metasploit is the one handles the exploits
@@steez4778 yeah man i got confused
Having tried all hack tools on UA-cam,I must say @andrewhack4 on Instagram is the only working one.
"There are very, very bad people, which means it falls to the good people to try to fight it. We have so much potential to shape our culture, our values, our safety - if not us, then who?"
Exactly the confirmation I needed to hear to clear up my own dilemma, and feelings of responsibility for others in my situation. I was unsure whether to pursue fighting a seemingly small issue, or concede to someone who is blatantly abusing their power and position because it would be much easier to just give in and a LOT less stressful. But, this guy just gave me more motivation to keep me going. And he is right.
wth?
@@AlexYazanGames nevermind, they won. I lost. But I gave them hell in the meantime. Evil does win sometimes.
@@puchu_5001 nevermind. It's in the past. Evil neighbors and evil HOA in my old neighborhood in Florida. They attacked a single mom (and others before me too), vandalized my property, and I had to cash in what little retirement I had worth thousands of dollars in order to hire lawyers to fight them. My own lawyers scammed me too. I only lived in my house for 4 years. That was enough for me. You can't win against an evil HOA. Don't bother fighting them. There is no law that will protect you against them. 4 years of hell and that was the last straw. I moved to Alaska. No more HOA ever again.
@@puchu_5001 she's in Alaska so she was probably in the midst of fighting with a bear; the bear obviously won, took her phone, then made this comment while pretending to be her. It's a very tragic story, and we watched it play out.
@@5kr3aminMunk33 That’s very tragic. I feel very sad that Shannon died. 😔
Takes more than 2 minutes to reach a human voice when calling tech support...
not when you work in the company
No company I've ever worked for has had automated tech support. Every time I've called it's been a human straight away.
Our internal "customers" were supposed to open problem tickets for help, not call someone in IT. Yea, that rarely worked -- especially for managers and higher. 🤣🤣🤣
The most vulnerable part of any network is the people.
"we should all grow up..." Says the guy with all the spiderman stuff in his living room loool
Tequila Tyrant spider man isn’t just for kids, how could u think that? That is so stereotypical 😹😹😹
It's just a joke bro.
i was just about to say that🤣🤣🤣
That's not a social problem it's an un-patched-browser problem..
He could just as easily asked the operator to try an download a program to see if it works on his computer instead of leading him to a phishing website.
Chuck Norris If it was that easy cybercrime statistics would be exponential.. Software bugs that can be leveraged are world-class-hard which is why bounties are so high and so sporadically claimed.. Social-engineering is very hit and miss that's why in the rare instances it works it usually doesn't get the attacker that far in to infrastrucure before getting response.
The headlines you see every month or two are like one out of tens of thousands for that months. At the very least.
nigga browser exploitation is trivial. just because people aren't partcipating in pwn2own or whatever fucking competition doesn't mean there aren't hundreds of fucking exploits being vantaged in the wild.
computer security is a fucking joke. a 120k line program isn't ever going to be secure unless the entire fucking world audits it and every modification made is signed off on by every1
yeah that's why world class hackers are digging in to nvidia driver code looking for sandbox escapes.. Stuff people pay bounties on is way bigger than 120k lines..
TJ DEV as far i i understood the support guy opened a file... that he downloaded from that website... So i guess it wasn't the browser's fault...
***Clicks link***
Hacker: LMAO JUST HACKED YOU NOOB
BOI DONT TRUST THE LINK I GOT RATTED!!!!!!
lol you cant do that thats impossbile is this like some windows 7?
untrip trip you’re brain dead. You’d need a JavaScript RCE exploit (all of them are patched) so it’s impossible
leaking RC4 isnt hard lol no where near it
go to d99q.cn if you want to get hacked lol
Edit: actually don't go
A hacker doesn't want to be known ever until death
What program did he use to create the link to gain access to the guys computer?
"Can you go to www.survey-pro.com"
*i go to it*
"Now we have full access to his computer."
shit
ticK Nearly clicked the link myself!
I clicked it took me to a Telus survey
that's bullshit, browser always prompts you if you are giving any sort of permission. On the other hand if the link downloaded the file, he would have to open it/run it. So I am really not sure how they have done it. Probably was oversimplified in this video
I truly believe that hackers will actually become our only protection in the future since the world evolves more around technology now
I've always told the men I've had relationships with, the moment you are unfaithful is the moment you end our relationship. If I've ever felt so disconnected from my partner that I have felt myself drawn even into a hypothetical affair in my mind, I end the relationship. I've been in many abusive relationships (that I ultimately ended) but never once have I been unfaithful. Why? Because no failing relationship is worth sacrificing my morals and integrity for. No matter how it unfolds with a partner, there should be a base level of respect and empathy towards them as a human being. A failed relationship will not pollute your mind and foster insecurities anywhere near as much as being on the receiving end of adultery. I dind't know what was happening all along for years that she's been cheating until I met explore.hacker thanks guys..
I heard an interesting thought experiment recently. If we were to live thousands of years, most of us would eventually become polyamorous. Because, you're bound to eventually meet/know more than one person who you love. And, it's essentially impossible for one person to meet all of your needs indefinitely. I think consensual non-monogamy is underrated.
That's unrealistic. If that IT guy simply visited the site without downloading anything and the companies corporate IT is even slightly up to date, there's no way he gained access to the computer just by opening a website...
Either they're making up a story or the IT guy had automatic downloads enabled in his browser which resulted in him catching a drive by download. However no one working in IT should have automatic downloads enables anyway...
Yeah
Ahhh yes because hackers aren't masterminds. You have no clue what you're talking about. It definitely IS possible, and it's not about having "automatic downloads" enabled.
It isn’t possible to get your computer hacked by opening a website
Unless there’s a vulnerability but Microsoft would fix it fast
I agree with this comment, unless that IT guy has a fully disabled firewall and has all the network ports in his pc fully open and unsecured, there is no way just entering a website would get you hacked.
In my case, with great power comes great electric bills. fml.
.
my electricity bills are only 15$ per month
but good one😂😂😂
@@nightviper7354 old is no bill
🤣🤣🤣👍
A known hacker is a failed hacker.
Sayyam Jain how?
Sayyam Jain not necessarily... it really depends on if your a white hat or black hat hacker
You probably don't know what hacking is, there is 3 types of hackers, black hat hackers which as you said if they are know they are a failure, there is the grey hat they are neutral they hack but they do not steal any money they just do it for fun then there is the white hat like this guy, he helps companies to protect against black hat hackers
not necessarely
if I'm gonna be a black hat hacker, (there's 20% chance that I'll be one) and I'm known as for example: *3xploit* (my alias), that doesn't mean that I've failed
as long as I am free and anonymous (my real identity isn't known), I'm successful hacker
your on the FBI hit-list
How did he make the website? What did he use?
That was insane!
I see a lot of off comments here, this man is bringing awareness, and considering just how many people and companies are affected every day, I support this work, and will now invite him to appear as a speaker at out awareness summit, well done.
His mom sounds like she was a super hero.
Great moral values.
Why is a senior technology correspondent surprised by this?
that second guy is such a sweet guy! Your mother is very proud of you, man!
all he did was RAT the dude xD
lmao
and got paid.
with a link to a website? I didn't know you can do that so easily. unless the IT guy clicked on a prompt triggering some js code.
I do cyber security for the USAF lol
Pikachu Fizz So true
Damm.. thats some good social skills.... if you came here from the havard course , hit the like button.
My moms ex bf does the exact same thing these guys do. He protects major businesses from attacks/cyber security. And it was scary when I heard the stuff he was able to hack and do if he wanted to and do it easy. Ppl have no clue
social engineering (people) are easy to manipulate, this is why you need to have IT meetings and educate users on all these items.
The second guy has a very thoughtful perspective on life. I think that is honorable. And well...we can be happy a big amounth of "hackers" are white hats. Makes life for the bad guys all the more difficult :-)
i wish had this social skills
Social skills? That spiderman house will scare anybody off.
Says Vadim
I'd love to know how clicking a 'here' hyperlink gives somebody full access to another persons computer. This is over simplifying it to the extreme.
i know right. complete bs. missing 1/2 the story
@cat and lasagna the guy made a rat and that is what was installed on the victims computer the victim never executed the file so how does that work??? It doesn’t so yeah
Actually it’s simple. The Browser Exploit Framework (BeEF) does exactly this, as well as other tools in Kali Linux.
"If not us, then who?" Dude.
Did anyone try out the link in the beginning?
This dude has a strong Dax Shepard voice and I love it
I really like the Josh Corman guy. All that Spider-Man stuff. He seems genuinely nice
This dude in his Spider-Man room says we have to grow up
So we are gonna ignore the boys or scammers reposting their comments?
i need hackers worldwide m4n4n@hotmail.com
I find it funny how a guy called David Kennedy ends up on the line with a guy called "Ken"
Just for demonstration...
Barbie wasn't there.
A majority of Instagram accounts are hackable with instahaxor. There is no need to throw away your time with complex methods such as phishing.
ha we have been using these techniques since AOL. This is not "Hacking" this is "social engineering" most social engineers suck with real hacking skills, and real hackers suck at social engineering.
asmcriminaL
Social engineering is not separate from hacking.
It's a different branch, sure, but social engineering is still technically hacking.
Thanks
That Spider-Man guy was high on himself
"Just by clicking that link hes given David full access to his computer"
Yes and
lol i went on the link and it opened 3 "node.js" files runing silently on my pc xD
This man is so good at acting tho...
Its actually sad that people think this is real hacking. Try hacking without interacting with the user you’re trying to hack..
Basically the boss paid the hacker guy who swindled him over the phone because he wasnt any good at knowing potential mailware would be by clicking "ok" on the site. So the Boss pays the people hacker (conman) and instantly fires that guy who let them in. Corporate bs, fsociety.
If he could get on his computer he could release every credit card or bank acc thats linked to the company so yeah, fire him
Companies will train employees, not fire them.
Zach I agree, I don't think he would get fired.
Intel Elite, most companies are wise and don't store that kind of information in plain text on an on-site database. Not encrypting banking information is suicide...
No command prompt? This guy's a noob
1. It's called jokes
No Inspect Element too? what a noob jk dont take this seriously
Apparently the stereotypical hackers use MacBooks with Kali Linux, that is so based. It's a literal Hackintosh, that is the opposite of the definition of Hackintosh, ironically enough.
Every phone that's a real shame
Watch this hacker break into my heart
This isn't an ordinary hack, by some random person. So it's more LIKELY to succeed. So let's see the mistakes. (our company practices) 1> Having an internal company number means nothing, we ask whose calling and verify that person. 2> If that person has a COMPANY asset. we would log onto that machine only 3> Generally we would not CLICK on any links, before doing so, we would CHECK the link by hovering over it 4> EVEN if we did, we have secure software/AV etc, which WILL and has detected rootkits, trojans etc, so if my machine was infected, IT security would get an alarm and lock us out, and/or our own machine software would do the same. 5> Permissions on the machine would pop up asking for a piece of software to be installed. 6> remoting into another machine we are the other machine, anything I click on, will install on that machine not mine, mine is behind a firewall............ basically a BS article, not realistic, of course companies get hacked, but this example is totally not real world, as a front line IT tech, we generally know everyone we work with and get a feeling for when something is wrong, of course things happen, but this particular example is non-sense. WELL it's American, what else do you expect... You guy's better wake up on your own government messing with you they are the real hackers... PEACE
well, not all companies have AVs
some are just too stupid
and maybe we could use something like powersploit, to avpid AV?
and as security developes, so does exploits
just make an invisible 0-day exploit, and u're good to go
no AV alarms
Mate, im a bit late here but i know companies today who's ''databases'' are still run on fucking excel spreadsheets. Don't come all high and proud about your startup having good security practices. This is miles more common than you think.
@@stillmillionair A bit late? Its been 4 years my guy
Whitehat hackers>Blackhat hackers
Dude I thought I was going crazy I used a public libraries computer area to print resumes. I won't give locations but I'm pretty sure he was working for a company I had a interview with the day of. First encounter with a legit team of hackers. I hope they were only doing good. Video put me at ease
"Some creepy dude in a basement?"
*Shows a guy with a fedora. Lel
"what do you think when i say the word hacker? some creepy dude in a basement?" wtf no xD
2:17 "We've got to grow up a bit" meanwhile behind him is a full-size spiderman toy
388 Note he might have a child that likes spiderman
1:49 "to show you this demo, WE'VE AGREED to not use the company's name" this is how you know that neither the journalist nor the company are based within the EU, where GDPR is in place.
Good for you?
Might not even mean that- I doubt it does. It’s just text.
I just watched 3 minutes of explaining the word pentest. It's not that interesting.
damn phrazzal tropix here
A true captain America!
He is reliable
No, not just by visiting a site.
This dude is talking about growing up but he still got a life size statue of spiderman
ain't nothing wrong with that.
hey, he bought that statue, that`s what adults do, buy shit with your own money.
Yeah, and you have a picture of Aleks as your profile pic. You also have a username Gravity Sandwich. Also, you failed to punctuate your sentence. Did you fail the fifth grade?
Ever read spiderman? It's not aimed towards children.
too many manchildren here, defending the grown adult with spiderman merch
@@ClockworkRBLX Who cares about Spider-Man merch lol
Hey guys what's up its Scarce here and today we got a lot of news now this ones from David Kennedy you all know who David Kennedy is, a huge channel with 6 subs well he actually managed to hack into a company thats right this guy actually hacked into a company through IT support. That's all guys thanks for watching peace.
Lmao
Lea.... The world is talking about hacking.... Here I don't even know how to on and off the computer 😂😂
The government and government officials are the biggest hackers. That is why we need such people (hackers) to be able to defend ourselves against those who are trying to control us. Beautiful video. I wish a lot of success in my career.
0:34
"set system"
Unknown command: set.
"set system"
Unknown command:set.
yeah, hacker
Simple typo. He meant to type getsystem.
so what bro ,maybe he is nervous i would if i'm sitting with that sexy lady ;)
i don't see how someone would get remote access to someone elses pc just by entering a site and running some javascript unless its some kind of zero day exploit.
Well rip Ken
This happens to roblox all the time and the company does nothing about it.
Now +900k know how to hack into the pentagon
i am doing a degree in Cyber security and my god this shit is tuff! !!
What do I think when I hear hacker?
2 Words
"Enhance Image"
thanks
Hasnt Devid Kennedy written the SEToolkit?
I7itI3ull T.O he has
then why doesn't he know how to use it?
He does, better than we do, including you
Guy Facks f
0:24 "can I jus just get your credit card number" ffs lmao
Informative Video
Ha "I'm not good at computers." 😂😂😂
Cool Videos its a fact doe all he did was make him install a keylogger
"That was easy" lmao
So what was the IT guy supposed to do?
This is why I click ZERO links