Ways to Alert You of Hacker Intrusion On Your Computer - Politics Forum.org | PoFo

Wandering the information superhighway, he came upon the last refuge of civilization, PoFo, the only forum on the internet ...

Anything from household gadgets to the Large Hadron Collider (note: political science topics belong in the Environment & Science forum).

Moderator: PoFo The Lounge Mods

#15144363
You can use something called Canary Tokens on your computer. Basically, a canary token is like a Microsoft Word document you put on your computer that has as it's title "bankpassword.docx" or "passwordToPofo.docx." So, if a hacker manages to intrude and crack into your computer unknown to you, he will see this file and will be enticed to open it. Really, those files are a trap and you DO NOT WANT TO PUT YOUR REAL PASSWORDS IN SUCH A FILE. You want to trick the hacker into thinking those are real passwords.

You can put fake data in those files as well so that when a hacker opens those files, they will see what they think is real data but is in fact fake data with fake user names and passwords unknown to the hacker. Once that hacker clicks on that file and opens that file, that will generate an alert and send it directly to an email address that you should be monitoring constantly. This is what is called a Canary token and then you will know you have an intruder who has cracked and hacked his way into your computer. So, this canary token acts as a trap that sets off a tripwire that alerts you to an intrusions. Here is a good website you can use to generate a canary token: https://whiteclouddrive.com/generate

You want to sprinkle various files on your computer that look like real files in various locations that are canary tokens so that you can ensure you have good coverage on your computer in the event a hacker manages to intrude on your computer without you knowing it. Sometimes malware scanners don't always pick up on an intrusion or malware that has been installed on your computer, hence why canary tokens can be useful. Basically canary tokens act as both a trap and tripwire.
#15144440
Here is another website you can use to set up canary token tripwires on your computer for hackers who might have been able to use malware that was able to get past traditional anti-malware and next generation anti-malware scanners (malware can go undetected by both the traditional and next generation anti-malware scanners so this is another line of defense that can be used against hackers who employ such malware to evade anti-malware scanners) to intrude on your system. https://canarytokens.org/generate . You can also check out this article from infosec in regards to canary token tripwires:

Pedro Tavares of InfoSec wrote:Canary tokens, also known as honeytokens, are not new but can be useful as a source of information. They can be understood as unique identifiers that can be embedded in different places. If they are touched, an alert is triggered.

We can use canary tokens in different scenarios:

* Embedded into applications to help in reverse-engineering detection
* Detect when someone triggers the canary by activating the token (for example, via a “target file” especially dropped in a private folder. When this file is accessed by an unauthorized user, an alert is generated)

With this simple approach, it’s possible to create a track log on something. Based on the Canarytokens platform available at GitHub, we will perform four use cases below in order to demonstrate its total functionality and usability.


Pedro Tavares of InfoSec wrote:Canary tokens are a free and quick methodology to help defenders discover they’ve been breached by having attackers announce themselves.

Notice that data breaches happen from organizations to governments, and critical data can be exfiltrated without user knowledge. Keep in mind that many data breaches are identified weeks or even months after the initial violation. Preventing this problem is essential in order to keep data safe and away from criminals.

Hackers typically focus on personal data such as passwords, emails, contacts, credit cards, customer lists, strategic plans, bank account data and more.


https://resources.infosecinstitute.com/ ... ry-tokens/

The article also explains how to set up canary token tripwires on your computer.
#15144754
@SaddamHuseinovic

Are you a Linux user or Windows user? Netstat command allows you to examine your system's routing table. For example, if you are on the command prompt using Windows you can execute netstat with the -r switch by typing in "netstat -r" and the result of that command will show you your system's IPv4 and IPv6 routing table. IPv4 is the older version of Internet Protocol (the IP in IPv4 stands for Internet Protocol) which is commonly used today but companies and many organizations are slowly and gradually moving over to IPv6 because we are running out of addresses to use in IPv4. Plus, IPv6 is more secure than IPv4. IPv6 is written in base 16 hexadecimal rather than base 10 decimal. IPv4 on the other hand is written in base 10 decimal.

Internet Protocol has to do with routing packets over your network and the internet whereas TCP (Transmission Control Protocol) is a heavy weight protocol that guarantees all destination nodes receive all the packets you send that destination node. It has to engage in a three way handshake with the destination node to establish a connection with that node before sending it packets, whereas a lighter weight protocol like UDP does not. UDP is a much faster protocol for sending packets over the internet but it's not reliable as not all the packets are guaranteed to arrive like they are using the TCP protocol..

Whereas TCP is a heavy weight protocol that guarantees all the packets will arrive and if for some reason it does not receive all the packets it will ask the sending node to re-transmit the packets it did not receive. This makes the TCP protocol more reliable than UDP but slower. So bascially you are making trade offs between speed and reliability when using TCP and UDP protocols when transmitting packets over the internet. So, when you see TCP/IP what that stands for is Transmission Control Protocol/Internet Protocol. Transmission Control Protocol is used to guarantee that all packets are sent are received by the destination node and Internet Protocol is the protocol used to choose the routes for the packets to arrive at the destination node. Make sense?

You can use netstat to also check for open ports on your computer. The more open ports you have on your computer, the greater the attack surface your computer is for a hacker to attack your computer. So, you don't want to have any ports open on your computer that don't need to have open as that is making it easier for hackers to attack your computer. You only want to have ports open that you are actually using and need to have open.

Otherwise, you want to close those ports. You can have TCP ports and UDP ports open. So, if you are using command prompt on your Windows system, you can type "netstat -a -n -o" and it will tell you what processes (applications) are listening to what ports. Many of those processes are listening in on localhost which in terms of IPv4 translates to 127.0.0.1. Closing ports that you are not using lowers your attack surface for a hacker to attack you on.

You can read more about netstat here where it gives some examples using Linux: https://geek-university.com/linux/netstat-command/

Edit: I see, you are using DOS which is the command prompt. I missed that point when I read your post initially. You can also use PowerShell on Windows. PowerShell is Windows equivalent to the Linux Bash Shell and is pretty powerful.
#15147449
Politics_Observer wrote:You can use something called Canary Tokens on your computer. Basically, a canary token is like a Microsoft Word document you put on your computer that has as it's title "bankpassword.docx" or "passwordToPofo.docx." So, if a hacker manages to intrude and crack into your computer unknown to you, he will see this file and will be enticed to open it. Really, those files are a trap and you DO NOT WANT TO PUT YOUR REAL PASSWORDS IN SUCH A FILE. You want to trick the hacker into thinking those are real passwords.

You can put fake data in those files as well so that when a hacker opens those files, they will see what they think is real data but is in fact fake data with fake user names and passwords unknown to the hacker. Once that hacker clicks on that file and opens that file, that will generate an alert and send it directly to an email address that you should be monitoring constantly. This is what is called a Canary token and then you will know you have an intruder who has cracked and hacked his way into your computer. So, this canary token acts as a trap that sets off a tripwire that alerts you to an intrusions. Here is a good website you can use to generate a canary token: https://whiteclouddrive.com/generate

You want to sprinkle various files on your computer that look like real files in various locations that are canary tokens so that you can ensure you have good coverage on your computer in the event a hacker manages to intrude on your computer without you knowing it. Sometimes malware scanners don't always pick up on an intrusion or malware that has been installed on your computer, hence why canary tokens can be useful. Basically canary tokens act as both a trap and tripwire.


LOL or the document is actually a marker alerting hackers to enter at will.

Seriously dude when you put how to protect your computer the hackers know exactly how to beat you.

Try thinking
#15147645
@Brandenski

You sound like a Russian troll and who knows perhaps you are a Russian hacker yourself. Many hackers are already aware of canary tokens (honey tokens), honey pots and honey nets but fall prey to them all the time anyway regardless because they are tricked and fooled into falling prey to them. Canary tokens, honey pots and honey nets are not a secret and rely on the use of deception just like hackers use deception and trickery as part of their phishing and social engineering campaigns to break into well protected networks. You know, the old cliche, "All warfare is based upon deception." Most people in the information security profession know this. But can still fall victim to them regardless because you can't tell the difference between a real document and a fake document.

Anybody can fall victim to phishing (including you or myself) for example even if they are aware of and well schooled in the art of phishing. It's one of the reasons why I say, it's not a question if IF you get compromised but WHEN. Still, one should be on guard for phishing and vishing as well as social engineering attacks just as hackers committing a crime will have trouble being able to determine if a canary token is a real document or not after breaking into a system. The idea when it comes to defending against hacks is not just prevention, but getting good at detecting a compromise and responding immediately in the correct way and gathering digital forensic evidence to prosecute them. Defenders of networks can turn the tables on hackers through using deception themselves on hackers and making it impossible or difficult for the hackers to determine what is real or not. You reap what you sow.
#15147746
Politics_Observer wrote:@Brandenski

You sound like a Russian troll and who knows perhaps you are a Russian hacker yourself. Many hackers are already aware of canary tokens (honey tokens), honey pots and honey nets but fall prey to them all the time anyway regardless because they are tricked and fooled into falling prey to them. Canary tokens, honey pots and honey nets are not a secret and rely on the use of deception just like hackers use deception and trickery as part of their phishing and social engineering campaigns to break into well protected networks. You know, the old cliche, "All warfare is based upon deception." Most people in the information security profession know this. But can still fall victim to them regardless because you can't tell the difference between a real document and a fake document.

Anybody can fall victim to phishing (including you or myself) for example even if they are aware of and well schooled in the art of phishing. It's one of the reasons why I say, it's not a question if IF you get compromised but WHEN. Still, one should be on guard for phishing and vishing as well as social engineering attacks just as hackers committing a crime will have trouble being able to determine if a canary token is a real document or not after breaking into a system. The idea when it comes to defending against hacks is not just prevention, but getting good at detecting a compromise and responding immediately in the correct way and gathering digital forensic evidence to prosecute them. Defenders of networks can turn the tables on hackers through using deception themselves on hackers and making it impossible or difficult for the hackers to determine what is real or not. You reap what you sow.


No I just get a laugh at anti hacker bufoons telling the hackers how they will defeat them.

Try logic for a change
#15147814
@Brandenski

Brandenski wrote:No I just get a laugh at anti hacker bufoons telling the hackers how they will defeat them.

Try logic for a change


Are you sure you aren't a Russian hacker and troll with a name like Brandenski and talking about anti hacker buffoons? You sure do seem to be giving yourself away a little bit. Maybe you should try logic yourself and not give yourself away so much. ;)
#15147829
Great idea on the Canary token.

Politics_Observer wrote:Are you sure you aren't a Russian hacker and troll with a name like Brandenski and talking about anti hacker buffoons? You sure do seem to be giving yourself away a little bit. Maybe you should try logic yourself and not give yourself away so much. ;)

He's a Russian plant.

The US should be hacking the fuck out of Russia 24/7. Fuck Putin
#15147866
Politics_Observer wrote:@Brandenski



Are you sure you aren't a Russian hacker and troll with a name like Brandenski and talking about anti hacker buffoons? You sure do seem to be giving yourself away a little bit. Maybe you should try logic yourself and not give yourself away so much. ;)


Again the dumbest thing a human could do to protect their computer network is to advertise their computer security system on the internet because you have just informed all potential hackers how you intend to keep them out.

The funny thing is that you think that russia cares about you

They do not
#15147872
Politics_Observer wrote:Here is another website you can use to set up canary token tripwires on your computer for hackers who might have been able to use malware that was able to get past traditional anti-malware and next generation anti-malware scanners (malware can go undetected by both the traditional and next generation anti-malware scanners so this is another line of defense that can be used against hackers who employ such malware to evade anti-malware scanners) to intrude on your system. https://canarytokens.org/generate . You can also check out this article from infosec in regards to canary token tripwires:





https://resources.infosecinstitute.com/ ... ry-tokens/

The article also explains how to set up canary token tripwires on your computer.


LOL I bet every hacker has an automatic canary identifier so they know where not to look

Again the moment an antivirus tool is discovered, it is also obsolete

https://blog.thinkst.com/p/canarytokens ... ction.html
#15147880
Politics_Observer wrote:@Brandenski



Are you sure you aren't a Russian hacker and troll with a name like Brandenski and talking about anti hacker buffoons? You sure do seem to be giving yourself away a little bit. Maybe you should try logic yourself and not give yourself away so much. ;)


Canary tokens also called the barium meal test were state of the art at least 35 years ago, which is perhaps before many of the people reading this were born. So please do not think that this is state of the art because it is not
#15148013
@Brandenski

Doesn't have to be state of the art for it to work and I certainly wouldn't rely too much on any sort of identifier to be able to identify a canary token. Phishing is not state of the art anymore than canary tokens but it's still used today and is very effective for hackers and cyber-security professionals. Deception is as old as warfare itself since ancient times, but it still works and is still used today.

@Rancid

I think I triggered him Rancid :lol: .
Last edited by Politics_Observer on 08 Jan 2021 20:30, edited 1 time in total.
#15148018
Politics_Observer wrote:@Brandenski

Doesn't have to be state of the art for it to work and I certainly wouldn't rely too much on any sort of identifier to be able to identify a canary token. Phishing is not state of the art anymore than canary tokens but it's still used today and is very effective for hackers and cyber-security professionals. Deception is as old as warfare itself since ancient times, but it still works and is still used today.

@Rancid

I think I triggered him Rancid :lol: .


LOL why don't you also tell us about the phone modems that were state of the are once upon a time
#15148071
@Rancid

Canary tokens can be set up in such way where if anybody were to just wave their mouse pointer over them or attempt to scan them in any way they would also generate an alert to the person who is using them to protect their system. They don't have to be clicked on to generate an alert. Their are all kinds of ways to set up those tokens. They can also be used for offensive purposes too to gather intelligence on a hacking target by hackers so they work both ways.
#15148181
@Rancid

I am a total Linux Geek Rancid. Here is an excellent Linux distribution that has some serious compartmentalization and isolation through virtualization. It is one of the hardcore security OS systems. This particular Linux distribution is Qubes OS which has Whonix integrated with it. Whonix is an OS that provides serious anonymity. The Librem laptops are ideal for use with Qubes OS which you can check out those laptops here: https://puri.sm/ . You can download Qubes OS distribution here: https://www.qubes-os.org/ . You can read a further explanation of Qubes OS here: https://www.qubes-os.org/intro/ . Gotta love Linux brother!

OHHH YES! And I can't forget, then there is Astra Linux which the Russian intelligence agencies like to use when they go off hacking our computer systems here in America. Maybe our Russian comrad @Brandenski could tell us something about that. :lol: Here is where Astra Linux can be downloaded: https://astralinux.ru/en/ . I felt the need to mention Astra Linux because I feel as an American it's important to know your enemy. One of the key tenants of warfare. :lol: Know yourself and know your enemy. I wouldn't want to disappoint Brandenski by failing to mention that operating system given that the Russian intelligence services like to use it when they go off hacking into foreign governments. He might feel left out if I failed to mention it. :lol:
#15148216
Politics_Observer wrote:@Rancid

I am a total Linux Geek Rancid. Here is an excellent Linux distribution that has some serious compartmentalization and isolation through virtualization. It is one of the hardcore security OS systems. This particular Linux distribution is Qubes OS which has Whonix integrated with it. Whonix is an OS that provides serious anonymity. The Librem laptops are ideal for use with Qubes OS which you can check out those laptops here: https://puri.sm/ . You can download Qubes OS distribution here: https://www.qubes-os.org/ . You can read a further explanation of Qubes OS here: https://www.qubes-os.org/intro/ . Gotta love Linux brother!

OHHH YES! And I can't forget, then there is Astra Linux which the Russian intelligence agencies like to use when they go off hacking our computer systems here in America. Maybe our Russian comrad @Brandenski could tell us something about that. :lol: Here is where Astra Linux can be downloaded: https://astralinux.ru/en/ . I felt the need to mention Astra Linux because I feel as an American it's important to know your enemy. One of the key tenants of warfare. :lol: Know yourself and know your enemy. I wouldn't want to disappoint Brandenski by failing to mention that operating system given that the Russian intelligence services like to use it when they go off hacking into foreign governments. He might feel left out if I failed to mention it. :lol:


I played with ubuntu once, but could not get my printer to work because there I could not find a driver. So I went on the ubuntu board and ask how to get it and they told me where the list of drivers was so I checked it out again. However there was no driver so I ask again and no one could help me because there was no HP driver for my printer. Now since I was discussing this on the board everyone reading knew that ububtu did not have this driver.

Reinstalled windows after a partition magic format and downloaded the driver from HP, situation solved.

Linux is a joke

It started before the war ended. Both sides wou[…]

City design is important

Houston is god awful in terms of city design. I[…]

I got my 3rd covid shot an hour ago. Aside from […]

Denim fabric has its origins in France. Lev[…]