VIDEO
HIGHLIGHT
Log InSign up
ETINIS HAKERIS: Duomenys VAGIAMI per 15 MIN! Kaip NULAUŽIA E-mail, Wifi ir VISA korteles | TG105
SummaryTranscriptChat

ETINIS HAKERIS: Duomenys VAGIAMI per 15 MIN! Kaip NULAUŽIA E-mail, Wifi ir VISA korteles | TG105

The Dangers of Online Security and Ethical Hacking

Introduction to Ethical Hacking

  • Discussion on the importance of using a PIN code for phone security instead of relying on other methods.
  • Warning against sharing sensitive information, emphasizing that illegal activities can lead to exposure of personal data.
  • Introduction of an ethical hacker who operates with permission, highlighting the need for consent in hacking practices.

Comparing Threats: Street Criminals vs. Internet Scammers

  • A conversation about the increased danger posed by internet scammers compared to traditional street criminals.
  • Reference to a recent news story about an elderly person scammed out of €200,000 by online fraudsters.
  • Personal feelings of safety while walking at night in Lithuania contrasted with the unpredictability of online threats.

Data Leakage and Its Implications

  • Inquiry into how personal data is leaked and used by malicious actors.
  • Example given about receiving phishing emails based on leaked domain expiration dates, illustrating how easily hackers can gather information.

Recent Data Breaches

  • Mention of a significant breach involving 2.5 billion Gmail user accounts, raising concerns over data security.
  • Explanation of how hackers exploit vulnerabilities in systems like Salesforce to extract sensitive information without passwords.

The Market for Stolen Data

  • Discussion on whether stolen data is used directly by hackers or sold on underground markets for others to exploit.
  • Description of forums where both ethical and unethical hackers congregate to buy and sell stolen data, showcasing the scale and organization within cybercrime.

Recognizing Signs of Compromised Data

  • Advice on what individuals should do if they start receiving suspicious emails or notices indicating potential data breaches.

Understanding Data Breaches and Email Security

Importance of Checking for Data Leaks

  • A website called "Have I Been Pwned" allows users to check if their email has been compromised, showing a list of sites where data breaches have occurred.
  • Users can see the timeline of breaches from as far back as 2017, highlighting the importance of monitoring personal data security.

Recognizing Phishing Attempts

  • Phishers often create similar domain names by altering one letter to impersonate legitimate senders, making it crucial to verify the sender's address.
  • Fake emails may contain links or PDFs that can compromise your computer; downloading a malicious PDF could grant attackers full access to your system.

Identifying Malicious Links

  • Attackers can create fake payment portals that look identical to legitimate services like Hostinger, tricking users into entering sensitive information.
  • Stolen data is often sold online, with criminals creating physical cards using this information for fraudulent activities.

Recommendations for Online Safety

  • It’s advisable to use a separate email account solely for online registrations and transactions to minimize risk exposure.
  • Utilizing email masking services can help protect your real email address while still allowing you to receive communications securely.

The Reality of Identity Theft

  • Discusses how identity theft occurs without the victim's presence or consent, such as taking out loans in someone else's name using stolen personal information.
  • Highlights the ease with which fraudsters can forge identification documents if they possess key personal details like ID numbers and addresses.

Understanding Fraudulent Activities

  • Explains how individuals might be scammed through online interactions without ever meeting in person, emphasizing the need for vigilance in digital communications.

Online Scams and Personal Security

The Dangers of Trusting Strangers Online

  • A person shares their experience of being scammed after providing personal information to someone they met online, highlighting the ease with which trust can be misplaced.
  • They received a letter from the bank about an unpaid loan, indicating that the scammer had used their details for financial fraud.
  • The speaker emphasizes the importance of skepticism when interacting with people online, advising against trusting anyone without verification.

Real-Life Threats and Blackmail

  • Discussion on receiving threatening emails claiming to have sensitive footage, illustrating how scammers use fear tactics to extort money.
  • The individual recounts a specific threat involving personal videos and demands for Bitcoin payment, raising concerns about privacy and security.
  • They reflect on how these threats often include real personal information (like old passwords), making them more convincing.

Emotional Impact of Cyber Threats

  • The emotional toll of such scams is discussed, particularly how they can instill fear by suggesting physical surveillance or stalking.
  • Mention of data leaks and how they are often attempts to intimidate victims into compliance with demands.

Data Storage and Privacy Concerns

  • The conversation shifts to where sensitive data is stored (e.g., iCloud, Google Drive), emphasizing that access to this data is crucial for scammers.
  • Doubts are raised about whether scammers actually possess incriminating material or if it's merely a bluff designed to scare individuals into paying.

Preventative Measures Against Scams

  • Recommendations are made regarding camera privacy measures following high-profile incidents involving webcam hacking.
  • Encouragement for viewers to join discussions around these topics and share experiences as a form of community support against cyber threats.

Discussion on Privacy and Data Protection

Standard Practices in Programming

  • The speaker discusses standard practices among programmers regarding user consent, emphasizing that users often agree to terms without fully understanding them.
  • A guide has been created to help iOS users protect their privacy by minimizing microphone tracking and other data collection.

Sharing Resources for Privacy

  • A PDF guide will be shared under the video description, allowing users to adjust their settings for better privacy.
  • The speaker notes that after disabling ads on their phone, they no longer receive targeted advertisements, which also improves battery life.

User Awareness of Settings

  • There is a call for audience engagement about how many have checked their phone settings to understand what information is being tracked.
  • The speaker highlights the importance of digital hygiene and encourages listeners to regularly review app permissions and settings.

Handling Personal Information Online

  • A discussion arises about when it is appropriate to use real personal information online versus when it’s acceptable to provide false details.
  • Real data should only be used in official instances like government documents; otherwise, pseudonyms can be employed for online purchases.

Experimenting with Fake Information

  • The speaker shares an experiment where they used fake names and numbers while ordering from various online stores but faced issues with delivery notifications due to mismatched contact information.

Data Masking Techniques

  • Introduction of "phone masking" and "email masking" services that allow users to provide temporary contact details while keeping their actual information private.

Reflection on Data Leakage

  • The conversation shifts towards concerns about previously shared personal data leading to potential leaks or misuse.
  • An example is given where the speaker's email was found linked with multiple breaches, indicating widespread exposure of personal data.

Conclusion on Digital Safety Practices

  • The discussion concludes with a reflection on the importance of being cautious with personal information online, highlighting the risks associated with sharing real details indiscriminately.

Discussion on Data Breaches and Cybersecurity

Overview of Data Breaches

  • The conversation begins with a mention of 23 billion data records being compromised, indicating that personal information, including physical addresses and keys, may be at risk.
  • There is an emphasis on the ability to request data deletion from platforms, highlighting the role of applications in managing personal data privacy.

Challenges in Data Security

  • Acknowledgment that once data is online, it can be difficult to completely erase it from all platforms; hacking methods have evolved significantly over time.
  • Ethical hackers utilize existing software tools for penetration testing rather than creating their own, focusing on identifying vulnerabilities within systems.

Ransomware Tactics

  • Hackers often exploit system vulnerabilities to gain administrative access or extract sensitive database information. They may demand ransom payments (e.g., Bitcoin) to prevent data leaks.
  • Paying a ransom does not guarantee that stolen data will remain private; there are no assurances regarding the hacker's integrity.

Common Scams and Phishing Attempts

  • The discussion shifts towards everyday scams, particularly fake SMS messages containing links related to package deliveries.
  • It becomes increasingly challenging for individuals to distinguish between legitimate and fraudulent messages due to shortened URLs used by both scammers and legitimate companies.

Identifying Phishing Links

  • Users are advised to scrutinize URLs carefully; many phishing attempts use deceptive domain names that mimic real companies.
  • Clicking on suspicious links may not immediately cause harm but could lead to requests for personal information later on.

User Awareness and Prevention Strategies

  • Individuals should avoid entering sensitive information unless they are certain about the legitimacy of a website or service.
  • Critical thinking is essential when dealing with unexpected communications; users should question why they need to provide additional details after making a purchase.

Behavioral Patterns Leading to Scams

  • Many people lack critical thinking skills necessary for evaluating potential scams. This includes recognizing red flags in unsolicited communications.
  • A desire for quick financial gains often leads individuals into traps set by scammers who promise unrealistic returns or benefits.

The Risks of Cryptocurrency Investments

Introduction to a Deceptive Platform

  • A new platform created by the founder of Telegram claims to calculate optimal cryptocurrency prices in milliseconds, promising users effortless profit.
  • A user filled out a form and received a call from a Lithuanian-speaking representative who assessed her understanding of cryptocurrencies and investment intentions.

Pressure Tactics Employed by Brokers

  • The broker applied pressure, highlighting successful clients and urging the user to invest significantly, leading her to deposit around €200,000.
  • After several months, the user believed she had earned nearly half a million euros but faced withdrawal restrictions requiring payment of 20% on earnings.

Psychological Manipulation and Losses

  • The brokers continued to pressure her for more funds under threat that her investments would be lost if she did not comply with their demands.
  • The user expressed distress over losing access to her funds, realizing recovery was nearly impossible due to the nature of cryptocurrency transactions.

Protecting Vulnerable Individuals from Scams

  • Discussion on how older individuals may be less familiar with technology and thus more susceptible to scams; emphasis on educating them about potential risks.
  • Importance of communication between younger generations and their elderly relatives regarding online safety practices.

Strategies for Educating Older Generations

  • Advising against clicking links or opening attachments from unknown sources; banks will not request authentication via phone or email.
  • Encouraging family discussions about suspicious emails or offers, fostering an environment where older individuals feel comfortable seeking advice before acting.

Final Thoughts on Safety Measures

  • Strong recommendation against allowing elderly family members to open any unsolicited documents or links; caution advised even with seemingly legitimate communications.
  • Highlighting common tactics used in phishing attempts related to financial institutions; awareness is key in preventing fraud.

Cybersecurity Insights and Hacking Techniques

Understanding Hacking Tools and Their Usage

  • The discussion begins with the mention of a device costing around €200, which requires reprogramming to be effectively utilized. It highlights that simply purchasing the device does not grant hacking capabilities without proper modifications.
  • A revelation about having access to all card details is shared, emphasizing the ease of guessing remaining balances and expiration dates. This showcases a potential vulnerability in personal finance security.
  • The conversation shifts to public spaces like Metro stations in the UK, where people often carry wallets in back pockets, making them susceptible to scanning devices that can read card information from a distance.

Legal Implications of Hacking

  • The speaker acknowledges that certain actions discussed are illegal and should not be attempted. This serves as a cautionary note regarding ethical boundaries in cybersecurity practices.
  • The use of smartwatches and mobile phones for payments (e.g., Apple Pay) is mentioned, indicating that these devices can also be exploited similarly to traditional cards if not secured properly.

Demonstrating Vulnerabilities

  • An example is provided where multiple cards can be scanned simultaneously without needing manual activation, illustrating how easily sensitive information can be accessed if precautions are not taken.
  • There’s an emphasis on the importance of safeguarding primary cards; leaving devices unattended could lead to significant risks if they fall into the wrong hands.

Data Exposure Risks

  • A platform is introduced that reveals exposed data records including passwords and addresses. This highlights how easily accessible personal information can become through data breaches.
  • Continuous scanning for leaked data is discussed, stressing that prolonged exposure increases the likelihood of discovering more vulnerabilities over time.

Password Security Challenges

  • The conversation transitions into password security, discussing how long passwords (over 30 characters with various symbols) are perceived as secure but still face risks if systems storing them are compromised.
  • Two main methods for obtaining passwords are outlined: unencrypted input during system entry or weak encryption methods like MD5 which are outdated and easily cracked by modern standards.

Strategies for Stronger Password Management

  • It’s noted that while complex passwords take longer to crack depending on their strength and system used for decryption, simpler passwords can be compromised within hours or even minutes.
  • A question arises about managing multiple unique passwords effectively. Suggestions include using password managers or mnemonic techniques to remember different credentials securely while minimizing risk exposure.

Password Management and Biometric Security

Concerns About Password Managers

  • The speaker expresses skepticism about password managers, citing an example of a breach where all passwords were stolen.
  • They compare modern password management to the old practice of using physical keys for different locks, suggesting that vulnerabilities exist in both systems.

The Role of Physical Keys and Biometrics

  • Introduction of a physical key that uses USB-C and biometric authentication (fingerprint recognition) to secure sensitive accounts like Google and Facebook.
  • Discussion on the decline of traditional passwords, with emphasis on two-factor authentication methods such as receiving codes via email or SMS.

Limitations of Two-Factor Authentication

  • The speaker questions the security of SMS-based two-factor authentication, noting that if an account is compromised, these methods can be bypassed.
  • They highlight the potential risks associated with biometric data being spoofed through deepfake technology.

Biometric Security Insights

  • Personal anecdote about successfully unlocking a parent’s phone due to facial similarities raises questions about biometric reliability.
  • Discussion on how facial recognition works, including challenges posed by accessories like sunglasses.

Data Storage and Security Measures

  • Clarification that biometric data (fingerprints and facial recognition data) is stored locally on devices rather than in the cloud, enhancing security.
  • Assurance that resetting a device erases biometric data from its chip, making it difficult for hackers to retrieve any remnants.

New Technologies in Authentication

  • Introduction of a new type of key priced around $150 that allows access across various platforms when connected via USB-C.
  • Emphasis on having backup keys for security purposes; losing one could result in complete lockout from accounts.

Understanding AirTags and Location Tracking

  • Explanation of how AirTags work by utilizing nearby iPhones for location tracking without compromising personal device security.

Gift of Security: A Unique Wallet

Introduction to the Gift

  • The speaker mentions bringing a gift, which is a unique wallet designed for security.
  • The wallet can hold a phone, bank cards, and keys while blocking all signals to prevent tracking.

Functionality of the Wallet

  • It effectively disables Bluetooth, microphones, and cameras when items are placed inside it.
  • This feature is particularly useful in crowded places or during travel to enhance personal security.

Safety Concerns in Lithuania

  • Discussion on safety in Lithuania regarding digital threats like key fob scanning and card skimming.
  • Despite being ranked relatively safe globally, there are still concerns about technological vulnerabilities.

Risks of Public Wi-Fi

Dangers of Free Wi-Fi Connections

  • The conversation shifts to the risks associated with connecting to free Wi-Fi networks in public spaces like cafes and airports.
  • Users often prefer free Wi-Fi over mobile data due to cost but expose themselves to significant risks.

Types of Attacks on Public Networks

  • One method involves creating fake Wi-Fi networks that capture user data such as emails and passwords.
  • Another risk includes "man-in-the-middle" attacks where attackers intercept communications by masquerading as legitimate sites.

Vulnerabilities in Devices

  • Older devices may be susceptible to attacks that disable their functionalities through overwhelming network traffic.
  • There’s a discussion about the ease of hacking into various devices connected via insecure networks.

Understanding WiFi Security Vulnerabilities

The Process of Hacking WiFi Networks

  • It is suggested that within a couple of hours, one could potentially hack into a WiFi network using a non-powerful computer while ordering coffee.
  • Most routers have standard login credentials (e.g., admin/admin), which can be exploited to gain control over the network.
  • Once connected to the router, all traffic from users on that WiFi can be monitored and collected for data analysis or marketing purposes.

Data Collection and Marketing Implications

  • By analyzing user behavior on the network, targeted advertisements can be sent based on their interests, particularly in specific regions like Vilnius.
  • There is potential for significant data collection if one has enough time and knowledge to cover multiple cafes without being detected.

Risks and Precautions

  • While it’s possible to collect data undetected for years, there are risks involved in hacking into an admin panel; however, methods exist to erase logs and avoid detection.
  • Using free public WiFi poses risks; employing a VPN is recommended as it encrypts data and protects against unauthorized access.

Identifying Unsafe WiFi Networks

  • Users should be cautious when connecting to networks that require personal information for access; this may indicate malicious intent.
  • If prompted for unnecessary details (like email addresses), it's advisable to use random or masked emails to protect personal information.

Demonstration of Hacking Techniques

  • A demonstration involves creating a fake WiFi portal (referred to as "evil portal") that mimics legitimate networks, allowing hackers to capture user credentials.
  • The process includes selecting templates that resemble real services (like airlines), making it easier for unsuspecting users to connect.

Capturing User Data

  • After connecting through the fake portal, any entered credentials can be captured by the hacker. This method allows extensive data collection from unsuspecting users.
  • The equipment used in these demonstrations is relatively simple yet effective at amplifying signals and capturing sensitive information without needing complex devices.

Discussion on Vehicle Security and Authentication Technologies

Key Concepts in Vehicle Security

  • The speaker discusses the ability to unlock a car from a distance using a device that can read the car's key fob signal, but notes that starting the vehicle is not possible with this method.
  • A safer alternative for unlocking cars is mentioned, where vehicles automatically unlock as the owner approaches, eliminating the risk of signal interception.
  • Newer vehicles, like those from Toyota, utilize changing codes for their keyless entry systems, making unauthorized access more difficult but still feasible.

Vulnerabilities in Current Technologies

  • The conversation shifts to SIM card security; an example is given where someone could impersonate another person to obtain a duplicate SIM card by providing personal information.
  • The risks associated with phone number spoofing are highlighted. It’s explained how individuals can use apps to make calls appear as if they are coming from someone else's number.

Trust and Safety Concerns

  • The discussion emphasizes a general lack of trust in technology today. There’s an assertion that one cannot be completely safe at any moment due to various vulnerabilities present in everyday technology.
  • The speaker expresses concern about safety even within one's home and compares Lithuania's cybersecurity status favorably against other countries.

Messaging Apps and Their Security Features

  • A transition occurs towards discussing messaging applications like WhatsApp and Messenger. Questions arise regarding how secure conversations are on these platforms.
  • It is noted that while popular messaging services have encryption features, users must actively enable them in settings for maximum security.

Evaluating Different Messaging Platforms

  • Telegram is discussed as potentially less secure than WhatsApp despite its claims of privacy. Concerns are raised about whether companies like Meta (Facebook) truly protect user data or retain it for their own purposes.
  • Signal emerges as a recommended platform for secure communication due to its strong privacy measures. Other alternatives such as Wire and Molly are also mentioned as reliable options.

This structured summary captures essential discussions around vehicle security technologies, vulnerabilities related to authentication methods, trust issues with current technologies, and evaluations of messaging app security features.

Concerns About Data Privacy in Messaging Apps

The Risks of Using Messaging Applications

  • Discussion on the dangers of using messaging apps, highlighting concerns about data privacy and control over personal information.
  • Mention of sharing sensitive information, such as bank account details, through these platforms, raising alarms about potential data breaches.
  • Acknowledgment that while hacking WhatsApp is challenging, the risk remains if it were to be compromised.

Language and AI Limitations

  • Reference to a conversation with an AI specialist discussing the lack of data for the Lithuanian language and its impact on AI development.
  • Inquiry into whether voice messages in Lithuanian are stored or analyzed by apps, questioning their security compared to traditional phone calls.

Security Measures and Anonymity

  • Explanation that service providers retain records of calls made through regular phones, indicating a lack of complete anonymity even when using traditional methods.
  • Discussion on legal implications regarding access to call records by authorities during investigations.

Strategies for Enhanced Privacy

  • Suggestion that complete invisibility online is unattainable but minimizing visibility is possible through specific practices.
  • Example shared about a client who anonymized their communication by using a separate phone and app for secure interactions.

Artificial Intelligence and Data Sensitivity

  • Brief mention of how many people use AI tools for work-related tasks involving sensitive personal data like medical records.
  • Warning against uploading sensitive information to platforms like ChatGPT due to potential data leaks or misuse.

Real-Life Implications of Data Sharing

  • Illustration of how sharing API keys inadvertently can lead to significant financial damage due to unauthorized access facilitated by AI systems.
  • Example where a programmer tested an Amazon Web Services feature using ChatGPT, resulting in unintended consequences from shared sensitive information.

Understanding Data Privacy and Online Safety

The Risks of Sharing Personal Information

  • Discusses the potential dangers of sharing sensitive information online, such as personal names and details that can be easily queried.
  • Highlights how AI models learn from publicly available data, including social media and search engines, which can lead to privacy concerns.
  • Mentions a case where Samsung restricted employee access to AI tools due to code leaks, emphasizing the risks associated with using AI technologies.

Safeguarding Personal Data

  • Advises users to adjust settings in AI applications to prevent their data from being used for training models, enhancing personal security.
  • Suggests minimizing online presence by avoiding the use of real names or identifiable information when possible.

Managing Digital Footprints

  • Explores strategies for maintaining anonymity online by using pseudonyms instead of real names in digital interactions.
  • Raises questions about the difficulty of erasing one's digital past and mentions services that help individuals remove their information from search results.

The Process of Data Removal

  • Describes how companies specialize in removing personal data from search engine results but emphasizes that this process is not fully automated.
  • Notes that while there are services available for data removal, they require human intervention and may take time to complete.

Final Thoughts on Online Safety

  • Concludes with a reminder for individuals to be cautious about sharing personal information online and encourages proactive measures for safety.
Video description

Ar žinai, kur atsiduria tavo el. paštas ir kodėl po to plūsta netikros SMS iš „kurjerių“ ar „banko“? Etinis hakeris Deividas Ambrazevičius paprastai paaiškina, kaip nuteka duomenys, kur juos perka sukčiai ir kaip atpažinti apgavystes. Studijoje parodome, kuo pavojingi kavinės Wi-Fi, kaip atskirti phishing puslapį ir kodėl FIDO raktai saugesni už SMS kodus. Aptariame ir AI grėsmes: deepfake skambučius „iš vaiko“ ir ką daryti tokiais atvejais. Pabaigoje – 3 veiksmai, kuriuos gali padaryti šiandien, kad būtum saugesnis internete. Šis kanalas skirtas asmeninei pramogai ir patirčių dalinimuisi, o ne profesionaliam transliavimui. Šis kanalas nėra susijęs su jokia žiniasklaidos organizacija ir neveikia kaip užsakomoji audiovizualinė žiniasklaidos paslauga. Turinys įkeliamas atsitiktinai, be išankstinio plano ar redakcinės kontrolės, ir skirtas tik asmeninei pramogai bei bendruomenės kūrimui. Kanalas veikia pagal Youtube platformos taisykles ir sąlygas, o ne kaip atskira žiniasklaidos paslauga. 👉 Laidos svečias: Deividas Ambrazevičius - kibernetinio saugumo specialistas, etinis hakeris, programuotojas. 👉 Laidos vedėjas: Artur Lebedenko - “Tapk Geresniu” Youtube tinklalaidės kūrėjas, “Motyvuoti atletai” projekto mitybos, sporto specialistas ir įkūrėjas, “Record in Vilnius” video studijos įkūrėjas, Delfi Plius tekstų autorius, ISM lektorius. 👉 Rėmėjai: Longevix - www.manovaistine.lt (-40% | Kodas: TAPKGERESNIU) Nauja Oda - www.naujaoda.lt www.recordinvilnius.lt www.motyvuoti.lt PDF: https://ambrazevicius.com/Standartine_iOS_telefono_apsauga_LT.pdf 👉 Laidos be reklamų: https://www.youtube.com/channel/UC18wxTZHiS7W6lIDTU6A0tQ/join 👉 Prenumeruoti kanalą: https://bit.ly/sekti 00:00 Pradžia 00:50 Internetinių apgavysčių augimas 02:41 Duomenų nutekėjimo priežastys 05:13 Phishing ir duomenų prekyba 09:21 Asmeninės informacijos apsauga 10:53 LONGEVIX reklama 11:47 Apsauga internete 14:49 Reagavimas į atakas 17:40 Duomenų sekimo realybė 27:54 Etinio įsilaužimo pamokos 29:32 Kasdienės apgavystės internete 32:16 Greito pelno apgavystės 39:40 Kortelių ir kripto apgavystės 46:04 Slaptažodžių ir autentifikacijos saugumas 50:47 Biometrikos ir raktų apsauga 58:18 Wi-Fi tinklų rizikos 59:06 Viešo Wi-Fi pavojai 01:00:46 Wi-Fi įsilaužimų metodai 01:05:56 Praktinis įsilaužimo pavyzdys 01:10:47 SIM apsauga telefone 01:13:17 Privatumas susirašinėjant 01:20:29 AI ir duomenų privatumas 01:25:34 Skaitmeninio pėdsako trynimas 01:27:00 Pabaiga