1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

The White Hat Hacking Prevention Guide How to protect yourself! [V 1.0]

Discussion in 'SteamRep Guides' started by Dellis, Aug 18, 2015.

  1. Dellis

    Dellis New User

    Messages:
    4
    Steam:
    STEAM_0:0:50534933
    The White Hat Hacking Prevention Guide How to protect yourself!


    I will be constantly updating this with new requested topics and helping anyone in the comments!

    Not sure what something means? Definitions at the bottom of the page o_O

    Quick Info About Me (Intro):


    Just in-case you believe me to be one of those 'script kiddies' who no nothing about prevention of any sort of hacking or general safety while using your PC, here's a quick few things about me ;) Note: This is my first guide since previous people I have helped asked me where I can look all this up in one place and I really could not tell them a good place for them to look!

    • Been in multiple bug testing / crash coursing many anti-virus and anti phishing web based add-ons.
    • Studying every colour of the rainbow of online hacking; anything from E-whoring to RAT'ing for over 2 years (all for white-hat purposes obviously).
    • Have successfully provided support to many people on-line with retrieving stolen CS:GO items, reclaiming accounts and helping them remove RATs.
    • Been a middle-man on WOW and Guild Wars 2 and helped 20+ transactions in total
    This guide will be in sections for a variety of topics so feel free to scroll through to the topic which you need to know most about there will be an index here:

    1. Hijack prevention! (Phishing and RATs)
    2. How to stop getting trade or middleman scammed!
    3. <request a topic in the comments>
    4. <request a topic in the comments>

    How to stop getting hijacked on steam:

    Firstly I'll explain how most people get access to your steam account or any accounts in general that you may hold value you to.

    The main way you would get hijacked is through Phishing links or a RAT. Phishing is done though someone cloning a website, so someone has re-made the steam login page which looks identical to the normal page so you would not know any different. This is an example oh a phisher.

    [​IMG]

    Phishers will attempt to make the link look like a screenshot link (like gyazo or light shot etc.) or make it look like official steam or website link as shown above, which as first glance seems legit; when you look closer you see all they have done is slightly change the name of "steam community" to "sleamcornnunity" which if you were feeling abit sleepy or not paying attention you would click it.

    [​IMG]

    The link would take you to something like this asking you to sign in which seems legit enough until you look at the URL bar in which they have "communuty" instead of "community". Upon signing in the hacker will see someone has signed in on his domain then copy and paste your username and password then login himself!

    To prevent this you must make sure on your Steam Guard is turned on and if you feel like someone has already have access to your account then "Deauthorize all other devices"

    [​IMG]

    Also to prevent this further turn on confirmation of trades so if they do gain access to your account they will not be able to trade the contents of your inventory without your email confirmation. This is under "profile settings" then "privacy settings" as shown below.

    [​IMG]

    Always make sure to be careful on accounts with very low steam level or profiles on private! To check suspicious link use https://www.virustotal.com/ and click on URL then paste in the link to see how legit it is!

    ◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊
    Now the second way of Hijacking your account is through a RAT. A RAT (short for Remote Access Trojan or Remote Administration Tool) can run harmful code on your PC or someone may zombie your PC turning it into a Bitcoin mine but even more worryingly it can key-log you and also see all your saved cookies and passwords. Fortunately this is harder to set-up and most anti-virus' can detect this. (for you more knowledgeable ones this can also depend on how advanced or new their crypt-er is) I personally use Avast anti-virus for my protection otherwise I suggest Kasper sky as a good paid alternative.

    IMPORTANT: If you think you may have a RAT (this goes to you guys who pirate games and download movies off the internet or trust youtube description downloads) then download https://www.malwarebytes.org/ however if your PC is still not running right or you believe there is a updated RAT on your PC which your anti virus can not pick up or malwarebytes can not either then download http://www.surfright.nl/en THIS ONE MAY DELETE MODS OR ADD-ONS TO GAMES, however this will almost certainly remove it.

    They can get a RAT on your PC either hidden in a download or through a JAVA drive by, I will explain how to defend from both (if you want to check now for a RAT then download malwarebytes from the link above).

    The main way to stop a RAT from entering your pc is to watch what you download, the main ways ways people trick you into downloading or the most places you'll find these download links:

    • "coin" generators, any program which claims to generate some sort of in-game currency or steam game keys is 100% fake and is a RAT.
    • YouTube descriptions, accounts with low subs or 1 or two videos are ones to avoid sincee they will offer a download to something free or tell you how to get minecraft for free or something like that, Don't trust the link it will most likely download a RAT or virus.
    • Just generally avoid downloads which seem to good to be true, because they usually are.
    • Also remember websites with things like download counts or likes can be FAKED so never trust a download link off a bit of html code showing downloads since it will most likely faked.
    Now Java a Java Drive By first started becoming big in Runescape where people used to make fake Runescape pages which a pop up would come up showing "run program" which normally would run the Java plugin but in a hackers case would inject your PC with a RAT. Now again using the virus total link scanner (https://www.virustotal.com/)
    you can check a suspicious website asking you to do this!

    I'm going to be brutality honest about RATs. If you get one and it's an active one they will most likely gain access to your email and other passwords however if in a worst case scenario where a lot of money was stolen through you from your PayPal the police can trace back the IP quite easily even if they are using No-IP or something like that and recover your money one way or another which is why most RATs only zombie your PC and mine bitcoins. In some cases steam support will back track trades and get your items back if you provide enough evidence and the inventory is high enough value to be worth their time (harsh I know).

    This completes the guide to prevent Hijackers!


    How to stop getting trade or middleman scammed:

    Mostly with this is abit of common sense and don't trust players online, however for arguments sake of scammers getting smarter I will go into depth of what to look out for and useful tools!

    When trading you will come across people trying to low ball you and trade you rubbish for something good in your inventory. Mostly they will do this for trading you lots and lots of skins to make it look like they are giving you more when actually your item/s are worth more! A good way to check this is http://csgobackpack.net/ to calculate inventory values or use http://csgo.steamanalyst.com/ to look up individual skins obviously this is for CSGO only so with other games I strongly suggest using the community market to work out prices and inventory values, it worth your time!

    Now a big time thing now is middlemen scams where you will have to have your wits about you to prevent getting scammed. I will explain how middlemen work quickly for those who don't know:

    Skin selling Sam wanting to sell his AWP asiimov for some real cash so he finds Skin Buyer Bob who offers to buy it for $50, so then to sell it he then contacts middleman miles. Sam then sends miles the skin which then when confirmed bob will send sam the cash which upon sam confirming he has received it, miles will then trade the skin to bob. everyone is happy! but not always....

    Flaws in this include:

    • Fake middlemen impersonating a SteamREP middle man or not found using SteamREP
    • Using paypal the buyer then charging back the money
    Ways around this are checking steam profiles and comparing to the ones linked on SteamREP and using alternatives from paypal, I suggest bitcoin if possible.

    In all middleman transactions ALWAYS record so if it comes to it steam support may be able to get your items back and the paypal case operator may take this as valid evidence to stop the chargeback. Good and easy to use recording programs are here:
    http://www.fraps.com/ or https://obsproject.com/, personally I use OBS since there are many online tutorials and is a better piece in software in total.


    Adding more topics soon! feedback in the comments would be great :)

    Definitions:
    • white hat hacking: someone who learns different aspects of hacking for good purposes like creating anti virus' or to protect themselves from it.
    • middleman: someone helps create transactions between two parties so there is no foul play
    • Phishing: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.
    • "Script kiddie": normally found lurking on cs:go competitive originating from silver 3 who downloads hacks and claims to be a master hacking from running a .exe file. Can also be found shouting at you after you killing them claiming to "DDOS" or to "Hack you" In a very high pitched voice.
    Last edited by a moderator: Aug 19, 2015
    TFD_Industries™ likes this.
  2. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    A lot of the RAT attacks are often by a fake "newer" all "new" "beta" of something. The ones I've seen so far:

    - Fake Mumble beta server that needs a RAT fake Mumble Beta client.
    - Teamspeak server which has a alert send to the person connecting to the teamspeak server with teamspeak, with the message: server requires a missing codec click "link to RAT" to update teamspeak
    - Fake anti-cheat tool needed to connect to their CS:GO match server....

    All of those had fake websites around it, but with the real name of it but the last part of the url different. Like instead of the mumble.org a mumble dot cc or w/e.
    Dellis likes this.
  3. Dellis

    Dellis New User

    Messages:
    4
    Steam:
    STEAM_0:0:50534933
    Yes I recently got sent a ts3 IP to go 'talk' about a trade. Thanks for the reminder I'll be sure to update that tomorrow since that is becoming more common. The problem is there are so many ways to trick someone into a Java Drive By or downloading some sort of ZIP file then unpacking it; ultimately it all comes down to your wits and some good common sense when spotting these things, however some people are too quick to sell Items or trade Items so they can easily miss small tell tale signs or something dodgy.
  4. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    Also don't forget the .scr files people think its scr for "screen", but its for SCReensaver, a executable. If its a image you browser can't show, you shouldn't download it.
  5. prodigyaustralia

    prodigyaustralia New User

    Messages:
    120
    Steam:
    STEAM_0:0:52814116
    You probably should change this to "Black Hat Hacking" as White hat hackers are something different. They usually hack for good.
  6. Dellis

    Dellis New User

    Messages:
    4
    Steam:
    STEAM_0:0:50534933
    I see what you mean my intended meaning on the title was supposed to mean in a fuller term 'a white hat hackers guide to protect yourself' but thanks anyway :)
  7. prodigyaustralia

    prodigyaustralia New User

    Messages:
    120
    Steam:
    STEAM_0:0:52814116
    Yeah but white hat hackers are good hackers.

    Black hat hackers are people who steal, who break into computers who break into accounts
  8. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    Depends who you are talking about... If he means with the "white hat hacking prevention guide" the person (OP) giving people information...

    I generally simplify it more: don't click anything anybody links you. And that includes popups, and with question boxes with "OK" and "Cancel" choose "CANCEL". Shoot first, ask questions later....
    SIVARTZ likes this.
  9. Dellis

    Dellis New User

    Messages:
    4
    Steam:
    STEAM_0:0:50534933
    Basically the is the moral of the message I'm trying to get across on that part, however some people want to be able to know how to spot these things and learn what to do in these scenarios in detail. The guide in itself is to (attempts to) explain what the hack is, how to spot it / detect it, how to prevent it and what to do if you are already infected. This is something which is not widely available on the internet apart from if you head onto something like hack forums or something like that but for someone new to a lot of this it would be like going to the lions den (I exaggerate, I know).
  10. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
  11. prodigyaustralia

    prodigyaustralia New User

    Messages:
    120
    Steam:
    STEAM_0:0:52814116
    For a person claiming to have somewhat of an IT background and well knowledge about hacking would know the difference between white and black hat hacking. Let me define something here:

    A BLACK HAT HACKER: is someone that is looking to steal information that is of value, items or money.

    A WHITE HAT HACKER: is someone that broke into a computer or network, won't go much further than that, but they'll report the security flaws back to the owners/admins etc.

    Naming this guide "The White hat hacking prevention guide" is a bad name. Think of it like this, a whit hat hacker is still a hacker but they are more than likely helpful and are usually good. A black hat hacker is someone who is bad who is out to do no good.

    You talk about other things in this guide like phishing and middleman scamming. The name doesn't really suit it.

    Honestly you're doing a good job on advising the community about hacking scams and phishing scams but honestly man try to stick to one topic not unless you're making a whole guide about scamming otherwise you're going to confuse the s✿✿✿ out of your audience.
  12. Clive

    Clive SteamRep Admin

    Messages:
    6,571
    SteamRep Admin:
    STEAM_0:0:43668349
    Not trying to derail this guide further, but what you just said isn't even right. Your definition of a "white hat hacker" is closer to what a grey hat hacker is. A grey hat hacker is someone who hacks illegally and finds security breaches, but does not steal the organization's data or exploit the breaches. A white hat hacker is someone who is given permission by the organization/entity, and is often hired by said organization/entity, to attempt to hack the organization to find security flaws and privately disclose them to the company to avoid black hat hackers from exploiting them. (while this is just an example, its the first that comes to my mind, and also the example in the link below).

    If you want a reference, here ya go: http://www.howtogeek.com/157460/hacker-hat-colors-explained-black-hats-white-hats-and-gray-hats/

    I can see where the name can sound a little weird, but I see what the OP was doing with it and don't see a problem with it imo.
    SilentReaper(SR) and Salmon like this.
  13. prodigyaustralia

    prodigyaustralia New User

    Messages:
    120
    Steam:
    STEAM_0:0:52814116
    That is true, but some people are not familar with that and most sources only list black and white hats. I can also list numerous sources too that define it different but I'm not here to are about some so, so trival. none the less it wasn't my point. Just saying maybe it should be a bit more simple so he doesn't confuse the reader, ontop of that he's got a hacking prevention guide but he talks about how to not get scammed by the "Middleman scam" like its not related to his thread topic. All in all it IS all helpful information but I'm trying to help him keep it simple, stay on topic and make it easier for the community to understand.