Tag Archives: Hacker

Mexico Did It Photo : Can It Infect Your Phone With Virus?!

Can the “Mexico Did It” photo infect your phone with a virus in just 5 seconds?!

Take a look at the viral claim, and find out what the facts really are!

Updated @ 2023-09-13 : Revised for a new wave
Originally posted @ 2022-11-07

Claim : “Mexico Did It” Photo Will Infect Your Phone With A Virus!

The warning about the “Mexico Did It” photo or image that will infect your phone with a virus keeps going… viral on WhatsApp and social media.

There are two versions so far – in English, and in Spanish.

FYI: They are going to publish an image that shows how Covid 19 is cured in Mexico and it is called “Mexico did it”, do not open it because it enters the phone in 5 seconds and it cannot be stopped in any way. It’s a virus. Pass it on to your friends and family. Now they also said it on CNN and BBC. DO NOT OPEN IT

Pass it on

Van a publicar una imagen que muestra como el Covid 19 se cura en Mexico y se llama “Mexico lo hizo” no lo abran porque entra al telefono en 5 segundos y no se puede frenar de ninguna forma. Es un virus. Pasenlo a sus familiares y amigos. Ahora lo dijeron tambien en CNN y BBC

Truth : There Is No “Mexico Did It” Photo / Virus!

This is just another example of FAKE NEWS circulating on WhatsApp and social media like Facebook and Twitter, and here are the reasons why…

Fact #1 : This Viral Message Has Been Circulating Since 2021

The viral message about the “Mexico Did It” photo or virus has been circulating on Facebook, WhatsApp and Twitter since April 2021.

Fact #2 : This Is A Modified Version Of “Argentina Is Doing It”

This viral message is actually a modified version of an earlier fake message, which claims that a video on WhatsApp called “Argentina is doing it” will hack your phone in 10 seconds.

It just replaces Argentina with Mexico, a video with a photo, and changes it from a 10-second hack into a 5-second virus attack.

Those two fake news are, in turn, probably based on the even older fake claim that hackers are using greeting photos and videos to hack your phone.

Fact #3 : There Is No “Mexico Did It” Photo / Virus

There is no such thing as a “Mexico Did It” image or photo. Neither is there a virus called “Mexico Did It“.

There is also no known virus that can infect your phone with a virus simply using a photo or image.

Fact #4 : CNN + BBC Never Reported On Such A virus

It’s been over 2.5 years since this fake story first appeared on Facebook, Twitter and WhatsApp, but neither CNN nor BBC has ever reported on a “Mexico Did It” virus.

Fact #5 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Fact #6 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #7 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 5 seconds, as the hoax message claims.

Generally, malware won’t wait a few seconds before it infects your devices. Waiting will only increase the risk of detection.

Unless the malware creator designed it to only infect your phone when you are sleeping (like the early hours of the morning), it pays to execute immediately.

Now that you know the facts, please SHARE this article with your family and friends, and SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

Leave a reply

Can the Seismic Wave Card containing photos of the recent earthquake at Morocco hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Morocco Earthquake Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent earthquake at Morocco has gone viral on WhatsApp:

They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don’t open it and see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Share the information with your family and friends.
DO NOT OPEN IT. They also said it on TV

他们将在WhatsApp上上传一些摩洛哥地震的照片。该文件称为地震波CARD，不要打开或看到它，它会在10秒内破解您的手机，并且无法以任何方式停止。与您的家人和朋友分享信息。
不要打开它。他们还在电视上说过

Truth : There Is No Morocco Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every earthquake that comes along, like these examples show:

They are going to upload some photos of the Cariaco earthquake on Whatsapp. The file is called Waves Seismic CARD, do not open or see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. DO NOT OPEN IT. They also said it on TV.

They are going to upload some photos of the Calvario earthquake on WhatsApp. The file is called CARD Seismic Waves. Do not open them or see them, they hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. Don’t open it. They also said it on TV.

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

The scam message known as Seismic Waves Card is notorious for its disruptive behavior while surfing the web. Generally, scams like this, and other like Mintnav and Lookaside fbsbx, are crafted to meddle with your browser’s settings, replacing homepages and default search engines to promote affiliated sites and generate advertising revenue.

This transgression doesn’t end here; they siphon sensitive data and create vulnerabilities in your system’s security framework, providing a gateway for more perilous threats, such as malware and phishing schemes, to invade.

The protracted presence of Seismic Waves Card in your system exponentially escalates the risk of serious compromises, emphasizing the dire necessity for its immediate removal. Recognizing the malicious potential of such unwanted apps is essential in maintaining a secure and safe digital environment. Stay vigilant and prioritize your cybersecurity.

There is no evidence that a malware or browser hijacker called Seismic Waves Card exists. The article itself does not offer any evidence to prove its existence. In fact, the article and its guide on how to “remove” the malware appears to be generic, and may possibly be AI-generated.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Lil Tay + Jason Tian Just Die Suddenly?!

Leave a reply

Did Lil Tay and her older brother, Jason Tian, just die suddenly?!

Take a look at the viral claims, and find out what the facts really are!

Claim : Lil Tay + Jason Tian Just Died Suddenly!

Some websites and YouTube channels have recently claimed that social media influencer and rapper Lil Tay, and her older brother, Jason Tian, just died suddenly under mysterious / unknown circumstances.

Outlook India : 14-Year-Old Rapper Lil Tay Dies Along With Elder Brother Jason Tian

FreshersLive : Jason Tian Obituary, Who Was Lil Tay’s Brother Jason Tian? What Happened to Jason Tian? How Did Jason Tian Die?

News.com.au : Teen rapper Lil Tay and her brother both dead

Celebritysss : Lil Tay and Her Brother Jason Tian Are Survived By Their Parents After Their Deaths | Lil Tay

Some people have also gone full frenzy about the sudden death of Lil Tay and Jason Tian on social media:

Mario Nawfal : 🚨BREAKING: RAPPER LIL TAY REPORTED DEAD

Online influencer and rapper Lil Tay has passed away at the age of 14, five years after she rose to online fame.

The news of her ‘sudden and tragic’ demise was confirmed by an unnamed family member in a statement shared on Lil Tay’s Instagram account today.

The statement also revealed that her 21-year-old brother, Jason Tian, had also passed away.

Matt Wallace : 🚨 BREAKING NEWS: Viral Internet Sensation Lil Tay dead at only 14 years old! They have not released the cause of death yet… but I can almost guarantee it involves hardcore smuggled drugs. Extremely sad that so many kids keep dying and politicians CONTINUE TO DO NOTHING ⚠️

Sulaiman Ahmed : Teenage Influencer Lil Tay Found Dead

Online influencer and rapper Lil Tay, known for her controversial rise to fame, has tragically passed away at 14 years old.

The news was confirmed by a family member on her Instagram account, along with the unfortunate passing of her 21-year-old brother.

Show less

Truth : Lil Tay + Jason Tian Did NOT Die Suddenly!

This is yet another example of celebrity FAKE NEWS circulating on social media, and here are the reasons why…

Fact #1 : Lil Tay Death Claim Based On Single Instagram Post

All these claims that Lil Tay and her older brother, Jason Tian, died suddenly are based on a single post on her Instagram account, which was shared on Wednesday, August 9, 2023:

It is with a heavy heart that we share the devastating news of our beloved Claire’s sudden and tragic passing. We have no words to express the unbearable loss and indescribable pain. This outcome was entirely unexpected, and has left us all in shock. Her brother’s passing adds an even more unimaginable depth to our grief.

During this time of immense sorrow, we kindly ask for privacy as we grieve this overwhelming loss, as the circumstances surrounding Claire and her brother’s passing are still under investigation.

Claire will forever remain in our hearts, her absence leaving an irreplaceable void that will be felt by all who knew and loved her.

It did not help that when news agencies tried to confirm her death, her father – Christopher “Chris” Hope refused to confirm either way:

Yeah, you have the right person, but I don’t have any comment right now. I’m not able to give you any comment right now. I’m sorry — I can’t.

But the Los Angeles Police Department stated that it had no record of Claire Hope or Jason Tian dying in LA (where they live):

We have no information on either of these two individuals Claire Hope or Jason Tian being killed or dying in Los Angeles.

If the LA county medical examiners has nothing on either of them either, that would lead me to believe they are not, in fact, dead, or that it did not occur in LA.

Fact #2 : Lil Tay + Jason Tian Are Still Alive!

On Thursday, August 10, 2023, Lil Tay issued a statement to say that she is still alive – a day after the death announcement on her Instagram account went viral.

I want to make it clear that my brother and I are safe and alive, but I’m completely heartbroken, and struggling to even find the right words to say.

It’s been a very traumatizing 24 hours. All day yesterday, I was bombarded with endless heartbreaking and tearful phone calls from loved ones all while trying to sort out this mess.

Fact #3 : Lil Tay’s Instagram Account Was Hacked!

Lil Tay explained that her Instagram account was “compromised by a third party” and used to “spread jarring misinformation and rumors” about her. She thanked Meta for letting her gain access to her Instagram account again.

She did not explain why it took her more than 24 hours to confirm that she was still alive and well. But a Meta spokesperson confirmed that they helped her recover her Instagram account.

Fact #4 : Lil Tay No Longer Goes By Claire Hope

Lil Tay was born as Claire Hope to Angela Tian and Christopher J. Hope on July 29, 2007. She was also known as Claire Eileen Qi Hope.

However, Lil Tay revealed that she no longer goes by her birth name – Claire Hope, which was what the fake death announcement used.

Instead, Lil Tay appears to have dropped the surname of her estranged father, and now goes by the legal name, Tay Tian.

Fact #5 : Lil Tay Is Accused Of Orchestrating Death Hoax

Lil Tay’s former manager – Harry Tsang, who was her last known public representative at the height of her fame in 2018, cast doubts over her statements.

Harry Tsang accused Lil Tay of lying about her Instagram account being hacked, and alleged that she orchestrated the fake statement about her death.

Upon learning about Lil Tay’s assertion of her well-being, I find relief in the fact that she is safe. However, I believe the reported hacking incident may not have occurred.

He pointed out two points of doubt over the validity of Lil Tay’s claims of being hacked:

My rationale for this perspective is twofold: firstly, the restoration of a compromised account on platforms like Meta/Instagram typically does not necessitate a 24-hour timeframe.

Secondly, the actions of Lil Tay’s brother, renowned for his propensity for extreme measures, lead me to hypothesize an alternative motive behind this occurrence.

Harry Tsang then suggested that Lil Tay and/or Jason Tian might have orchestrated this death hoax to rekindle her fame:

Simultaneously, if the underlying motive is indeed to rekindle Lil Tay’s prominence within the public sphere, I contend that such actions demonstrate a certain degree of irresponsibility.

It’s essential to consider the potential repercussions of employing such tactics, particularly given their potential impact on the perceptions and sentiments of the broader audience.

Fact #6 : This Is Just Fake Celebrity News

This is yet another example of fake celebrity news created to generate page views and money through advertising, just like these examples:

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Celebrity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Gigabyte motherboards shipped with firmware backdoor!

Leave a reply

Millions of Gigabyte motherboards and laptops shipped with a built-in backdoor in its UEFI firmware!

Here is what you need to know about this cybersecurity danger, and what you can do about it!

Gigabyte Motherboards Shipped With Firmware Backdoor!

On 31 May 2023, researchers at the cybersecurity firm Eclypsium revealed that 271 Gigabyte motherboard models have been compromised with UEFI firmware with a built-in backdoor!

Eclypsium’s heuristic detection methods recently began flagging suspicious backdoor-like behaviour in Gigabyte motherboards. When its researchers looked into it, they found that Gigabyte motherboard firmware was executing a Windows native executable during the system start up process. This executable then insecurely downloads and executes additional payloads.

From their analysis, the executable appears to be a legitimate Gigabyte module called WpbtDxe.efi:

it checks to see if the “APP Center Download & Install” feature is enabled
it downloads executable payloads from Gigabyte servers
it has a Gigabyte cryptographic signature

They also found that the downloaded payloads have Gigabyte cryptographic signatures too, which suggest that this firmware backdoor was implemented by Gigabyte itself.

However, Eclypsium researchers discovered that the Gigabyte implementation had a number of problems, which would make it easy for threat actors to abuse the firmware backdoor:

one of its payload download locations lacks SSL (using plain HTTP, instead of the more secure HTTPS), allowing for Machine-in-the-middle (MITM) attacks
remote server certificate validation was not implemented correctly even when the other two HTTPS download locations were used, which allows for MITM attacks
one of its payload download locations is a local network-attacked storage device (NAS), which could allow a threat actor to spoof the location of the NAS to install their own malware
the Gigabyte firmware itself does not verify any cryptographic signatures, or validates the downloaded executables.

In short – millions of Gigabyte motherboards have a cybersecurity vulnerability, due to their firmware which includes an insecure / vulnerable OEM backdoor. As John Loucaides from Eclypsium put it:

If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the Internet and running it without you being involved, and hasn’t done any of this securely.

The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.

Note : This vulnerability affects all computers using Gigabyte motherboards, including laptops.

Gigabyte Rolls Out New Firmware To Mitigate Backdoor!

After the news blew up inconveniently during Computex 2023, Gigabyte quickly rolled out new beta firmware upgrades for its AMD and Intel motherboards.

According to Gigabyte, the new beta firmware upgrades have “improved security mechanisms” that will “detect and prevent malicious activities during the boot process“. It also appeared to have implemented other changes:

enhanced the signature verification process for fils downloaded from its remote servers
conduct more thorough checks of file integrity to prevent the introduction of malicious code
enabled standard cryptographic verification of remote server certificates

The new firmware has just been released for AMD 600-series motherboards, as well as Intel 500- and 400-series motherboards, but will eventually be introduced for older motherboards. The new firmware will have the description, “Addresses Download Assistant Vulnerabilities Reported by Eclypsium Research“.

As Gigabyte does not intend to remove the backdoor feature, you might want to consider Eclypsium’s advice on how best to reduce the risk of malicious actors taking advantage:

Scan and monitor systems and firmware updates in order to detect affected Gigabyte systems and the backdoor-like tools embedded in firmware. Update systems to the latest validated firmware and software in order to address security issues like this one.
Inspect and disable the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems and set a BIOS password to deter malicious changes.
Administrators can also block the following URLs:
– http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
– https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
– https://software-nas/Swhttp/LiveUpdate4

For starters, you should definitely download and update your Gigabyte motherboard or laptop with the improved firmware. Then disable APP Center Download & Install in the BIOS.

Let’s hope Gigabyte will be able to quickly issue new and improved firmware to mitigate, if not remove, the backdoor vulnerability for the affected 271 motherboard models, and its future motherboards and laptops. Even so, many users might not be aware of this vulnerability or these updates.

It seems likely that threat actors will have access to this backdoor vulnerability in many Gigabyte motherboards and laptops for years to come. Even Eclypsium’s Loucaides believes so:

I still think this will end up being a fairly pervasive problem on Gigabyte boards for years to come.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Computer | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

TNG RFID Bar Code Scanning Scam Debunked!

Leave a reply

Will your phone get hacked if you scan the TNG RFID bar code?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Scanning TNG RFID Bar Code Can Hack Your Phone!

This warning about an RFID bar code scam has gone viral on WhatsApp, and social media, claiming that scammers are sending people RFID stickers, and asking them to scan the bar code.

Allegedly, scanning the RFID bar code will cause your phone to be hacked by these scammers!

They send the RFID to you. When you scan the bar code they hack your hp
It’s a scam

他们将 RFID 发送给您。当您扫描条形码时，他们会入侵您
这是一个骗局

Mereka menghantar RFID kepada anda. Apabila anda mengimbas kod bar mereka menggodam anda
Ia satu penipuan ☠️👻💩😱😰

Truth : Scanning TNG RFID Bar Code Will NOT Hack Your Phone!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : There Is No TNG RFID Bar Code Scanning Scam

First of all – let me just say that there is no such thing as a TNG RFID bar code scanning scam. No one can hack your phone just because you scan an RFID bar code.

The bar code is nothing more than a series of numbers, which you can readily see printed under the bar code. These numbers cannot possibly hack your phone / smartphone.

Fact #2 : TNG Bar Code Is Used To Register RFID Sticker

The bar code visible in the clear window of the TNG RFID self-fitment kit is merely the serial number for the RFID sticker (also known as an RFID tag).

This serial number is used to register the RFID sticker, by scanning scan the bar code using the TNG eWallet mobile app.

All it does is link the RFID sticker to your TNG eWallet account, so that all toll charges are automatically deducted from that account.

Fact #3 : There Are Easier + Cheaper Ways To Hack Your Phone

Truth be told – there are far easier and cheaper ways to hack your phone, than send you a free RFID sticker and ask you to scan the bar code.

These scammers will have to put in considerable expense and technical expertise into hacking the TNG eWallet app, and inserting their malware that the fake RFID number would trigger.

But why bother? If they can hack the TNG eWallet, they don’t even need to send you any fake RFID bar code to scan!

Making fake RFID stickers (tags) that look like genuine TNG RFID self-fitment kits costs money. Sending these fake kits also put them at risk, because deliveries can be traced.

There are many other ways to compromise your smartphone. There is simply no reason why scammers to waste time and money on such a convoluted scheme.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can hackers use Good Morning greetings to hack you?!

Leave a reply

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?!

Find out what is happening, and what the FACTS really are!

Updated @ 2023-04-21 : Updated with a new 2023 version of the hoax
Originally posted @ 2022-11-01

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, keeps going viral on social media and WhatsApp.

It’s a long message, so just skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.
Warning from Olga Nikolaevnas lawyer:

ATTENTION! For those who like to send Good Morning pictures! Good day! Good evening! Do not send these “good” messages.

Today, Shanghai China International News sent SOS to all subscribers (this is the third reminder) that experts recommend: please do not send good morning, good night, pictures and videos,.

Reports show that hackers in China designed the images, the video is so beautiful to hide the phishing codes inside them, when everyone sends these messages, the hackers use your devices to steal personal information, such as bank card information and data to crack the phone.

It has been reported that more than 500,000 victims of fraud have already been deceived.

If you want to greet others, write your own message to protect yourself and your family and friends.

Important! Delete all greeting messages and pictures that you have on your phone for your own safety. If someone sent you such a picture, immediately remove it from the device. Malicious code takes time to deploy, so if you act immediately, no harm will be done.

Tell all your friends about this to prevent hacking.

Greet others by writing your own words, and send only images you create. The material you create yourself is completely safe.‼️‼️ ️‼️

Please understand me correctly! All have credit cards attached to their phone. Everyone has a lot of contacts in their phones. You will create a threat not only to yourself, but to all the contacts that you have on your phones, your friends and acquaintances. ‼️ ️‼️ ️‼️

Take this very carefully! This is a harsh reality‼️ ️‼️ ️‼️

ATTENTION !!!
Urgent information !!!

Some people have already restricted..!

Show less

Truth : Good Morning Greetings Not Being Used To Hack You!

Many of us get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News – does not exist!

Fact #2 : Good Morning Greetings Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Good Morning Messages

There has been no known fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MSI Hit By $4 Million Ransomware Attack + Data Theft!

Leave a reply

MSI just got hit by a massive ransomware attack, but even worse – it lost a ton of critical data to the hackers!

MSI Hit By Ransomware Attack + Data Theft!

On 7 April 2023, MSI (Micro-Star International) was hit by a ransomware attack, in which the hackers allegedly exfiltrated 1.5 terabytes of source codes, BIOS firmware, private keys and other data from its servers.

In its terse regulatory filing with the Taiwan Stock Exchange (TWSE), MSI admitted that it was hacked, but did not detail the circumstances or nature of the attack.

After detecting some information systems being attacked by hackers,MSI’s IT department has initiated information security defense mechanism and recovery procedures. The Company also has been reported the anomaly to the relevant government authorities.

MSI claimed that the attack had “[no] significant impact our business in terms of financial and operational currently“, but said that it was “enhancing the information security control measures of its network and infrastructure to ensure data security.”

In a public statement, MSI also urged users to only obtain firmware / BIOS updates from its official website, and refrain from using other sources.

Hackers Demand $4 Million From MSI To Not Release Stolen Data

The MSI ransomware attack and data theft appear to be committed by the Money Message ransomware gang.

While MSI has apparently restored files encrypted by Money Message’s ransomware, the gang now has access to about 1.5 terabytes of critical MSI data.

According to BleepingComputer, chats between Money Message and an MSI representative show the gang demanding a ransom payment of $4 million. Otherwise, Money Message will release the stolen files.

To show that they did indeed steal those MSI files, Money Message posted screenshots of what they describe was MSI’s Enterprise Resource Planning (ERP) databases and files containing software source code, private keys, and BIOS firmware.

If Money Message releases MSI confidential data, it may not just be embarrassing for the Taiwanese company, it could allow other threat actors to use the source code and private keys to create malware targeting their customers.

In light of that, MSI users should only download and install software or BIOS firmware from the official MSI website.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Approve New Participant block WhatsApp hackers?!

Leave a reply

Can the new Approve New Participant feature in WhatsApp block hackers?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Turn On WhatsApp Approve New Participant To Block Hackers!

WhatsApp started introducing a new feature called Approve New Participant, on 11 March 2023.

This new feature was only available to WhatsApp Group administrators, and went pretty much unnoticed by most WhatsApp users, until this claim went viral on WhatsApp and social media platforms:

CYBER SECURITY ALERT
Announcement

Let’s look sharp all admins*
WhatsApp has added a new security feature to prevent hackers from joining Groups.
I Hope Admins will take advantage of this feature.

*Admins* should go to group settings and
‘TURN ON’ Approve New Participant.

This will prevent unauthorized access for hackers.

WHATSAPP ADMINS ALERT!!!

That WhatsApp cybersecurity alert was unsigned, so we have no idea who created it. But once it went viral, WhatsApp users started asking their group administrator to turn it on to block hackers.

But does the new Approve New Participant feature really block hackers from attacking WhatsApp groups?

Truth : WhatsApp Approve New Participant Does Not Block Hackers!

This is yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms like Facebook and Twitter, and here are the reasons why…

Fact #1 : Approve New Participant Is Not A Cybersecurity Feature

First, let me just point out that Approve New Participant is not a cybersecurity feature. WhatsApp introduced the this feature to help group administrators “grow, moderate, and protect their groups“.

The Approve New Participants setting empowers admins to help grow, moderate, and protect their groups. Turning on the setting in Group Settings requires the admin to review every request to join the group before a participant is allowed to join. This feature enhances privacy and security for all participants in the group.

This feature is designed to protect private groups by preventing people from simply joining them using an invite link.

This is a major security concern for private groups, as it exposes the group chats to people who may not be authorised to view them. However, this is not a concern for open groups, as they are open to one and all.

Fact #2 : Approve New Participant Cannot Block Hackers

When a group turns on Approve New Participant, admin approval is required to join a group. People who attempt to join the group will see a Request to join button, with the message “An admin must approve your request”.

After clicking on Request to join, those who wish to join the group are allowed to share their Reason for the request, or Cancel Request.

Once the group administrators get the request, they can either approve or reject the request. Group administrators can also start a chat with the person to request more information.

All that is great for vetting people who want to join an exclusive WhatsApp group, but this new feature does not block hackers, as the group administrator will not know who is, or is not a hacker. It’s not like those WhatsApp accounts have a “hacker” or “not a hacker” label!

Hackers can use social engineering techniques to trick the group administrators into approving their requests, or they can simply use phishing attacks to take over the WhatsApp accounts of existing group participants!

Fact #3 : Approve New Participant Is Disabled By Default

Cybersecurity features that are designed to block hackers will always be enabled by default – why would they be optional?

Yet, the new Approve New Participant feature is OPTIONAL in WhatsApp, and is DISABLED by default. That is because this is not a cybersecurity feature designed to block hackers.

Many WhatsApp groups are open for anyone to join, and turning on Approve New Participant would be pointless as group administrators would not know the identity of the people joining their groups.

This is why it is up to the WhatsApp group administrators to determine if it is suitable for them to use the new Approve New Participant feature, or not.

Private groups will want to turn this on, to vet people who request to join. But open groups will want this feature disabled, or their administrators will be overwhelmed with joining requests.

Fact #4 : Group Participants Can Always Be Removed

Here’s another reason why blocking new participants joining automatically does not block hackers – group participants can always be removed.

Let’s say a hacker, or an unauthorised person, gains access to your WhatsApp group. It doesn’t mean he/she can stay in your group forever. Any group administrator can remove that person.

This new feature only helps group administrators pre-vet people who want to join their group, instead of kicking them out after they have already joined.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Watch Out For Telegram Phishing Attack!

Leave a reply

Watch out for the phishing attack that will allow scammers to take over your Telegram account!

Scam Alert : Watch Out For Telegram Phishing Attack!

Scammers are now targeting Telegram users with a phishing attack that is designed to trick them into giving up their accounts! The Telegram phishing attack works like this:

Step 1 : The scammer gains control of your friend’s Telegram account, and sends this message to you:

Dear Telegram users. The system detects that this account is abnormal and has potential security risks.

To ensure that you can log in to your account normally, you need to invite friends for auxiliary verification

The risk control account has not been verified. The system will cancel the account after 24 hours!

Personal Information Authentication：[link removed]

Step 2 : The scammer, masquerading as your friend, asks you to help him/her verify his/her Telegram account by clicking on the link.

There are security risks in my account, and I need friends to help me verify it. Please click on the official link to help me verify it and follow the prompts. thank you

Step 3 : If you click on the [removed] link to help your friend, you will be taken to a website that looks like an official Telegram website. DO NOT DO THIS.

Step 4 : You will be asked to log into your Telegram account on the fake website. DO NOT DO THIS.

Step 5 : The fake Telegram website will ask you to key in your Login code, or take and upload a screenshot of your Telegram. DO NOT DO THIS.

Step 6 : If you continue, the scammer will be able to take over your Telegram account, and use it to scam your friends by asking them for money, etc.

The scammer will also have access to your Telegram chats, and all associated media including photos and videos, which could potentially be leaked or used to extort you or other people.

How To Protect Against Telegram Phishing Attack

A phishing (pronounced as fishing) attack is a social engineering attack, that uses your trust for an institution (like a bank), authority (Telegram), or someone you know, to give up your login details.

Here are some ways you can protect yourself against any phishing attack on Telegram, or other platforms.

Verify Identity Before Trusting

Many people fall for phishing attacks because it is human nature to trust your friends and to help them. However, on instant messaging apps, you don’t actually know if it’s really your friend on the other end!

So if a friend messages you on Telegram, WhatsApp, Facebook, Twitter, Instagram, etc to ask for help, ALWAYS verify their identity before proceeding.

If possible, call or message your friend on the phone, or via a different platform (use WhatsApp if the request came on Telegram, for example).

But if you are unable to call your friend, try asking the other person something that only your real friend would know:

Do NOT ask questions like “Are you really Sarah??“
Do NOT ask questions that can be answered by reading previous chat messages.
Ask something that only you and your friend would know, like “Hey Sarah, what was that restaurant we went to last week?“
Ask a fake question that your friend would readily know is not true, like “Hey Sarah, are you coming over tonight?“

If the other person cannot answer or gives you the wrong answer, he/she is not your friend, and that account has likely been taken over by a scammer.

Recommended : How To Block Facebook Ads + Pay Scammers!

Look At The Link

Whenever you see a link being shared, always check if it leads to a legitimate website, or attempts to masquerade as a real website, by substituting characters in the link.

This Telegram phishing attack, for example, uses a link to telegram.0rg.ee. The real Telegram domain name is telegram.org. This is called domain spoofing.

If you see an attempt to impersonate a legitimate website by using a similar-looking domain name, do NOT click on it.

Never Login Via A Link

It is common for people to share links on Telegram, and in Telegram groups. Heck, we share links to our article in the Tech ARP Telegram group!

Clicking on links in Telegram, WhatsApp, emails, etc. is not dangerous, because most lead to legitimate websites that do NOT require you to log in.

What is dangerous is logging into any website through a link. I cannot hammer this enough – NEVER LOG INTO ANY WEBSITE through a link!

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

Turn On Two-Step Verification

All banking platforms, and many mobile apps now offer two-step verification to prevent scammers from taking over user accounts. However, this is often an optional feature that you must manually enable.

Telegram has a two-step verification feature, which prevents scammers and hackers from hijacking your account by requiring a secret password that only you will know.

Please follow our guide on how to turn on Two-Step Verification in Telegram.

Just make sure you do NOT give that password out to anyone, or key it into any website!

Warn Your Family + Friends!

It is important to publicise phishing attacks, whenever they happen. If people are alerted, they are less likely to fall for such attacks.

However, scammers and hackers can quickly change the way their phishing attack works, so it is important that people understand how phishing attacks work in general.

You can help prevent phishing attacks by sharing this articles, and other cybersecurity warnings, with your family and friends.

Please help us FIGHT SCAMMERS by sharing this cybersecurity article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Pinduoduo App Contains Persistent Spy Malware!

Leave a reply

One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!

Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!

Pinduoduo : What Is It?

Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.

Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.

Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.

In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.

The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.

Pinduoduo App Contains Persistent Spy Malware!

Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.

Alert First Raised By Chinese Cybersecurity Company

I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.

Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.

Sophisticated Malware

Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.

The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.

Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:

We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.

Dedicated Hacking Team To Look For Vulnerabilities

Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.

To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.

By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.

Pinduoduo App Gained More Access Than Allowed

Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.

Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.

The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.

Pinduoduo App Has Access To User Data Without Consent

Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.

The app was also able to change system settings, and access user social media accounts and chats.

Pinduoduo App Also Snooped On Other Apps

The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.

Pinduoduo App Able To Secretly Receive Updates

Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.

Pinduoduo App Programmers Attempted To Obscure Malicious Code

Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.

Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.

Pinduoduo Targeted Android Devices

According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.

He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.

I’ve never seen anything like this before. It’s like, super expansive.

Pinduoduo Removed Exploit + Canned Hacking Team

After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.

The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.

Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.

In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Mobile | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Block Facebook Ads + Pay Scammers!

Leave a reply

Many Facebook users are getting hit by the Facebook Ads and Facebook Pay scams! Here is how you can prevent it from happening to you!

Facebook Ads + Pay Scam Hits Many Bank Customers!

Many bank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved. Some have also stated that their credit or debit cards were used to purchase goods and services using Facebook Pay.

Stephanie Wong : I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately. They helped me to cancel the card but then the thing happened again this morning.

@ruffleseed : I heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS. @MyMaybank has yet to answer us re: this intrusion.

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Translation : [My] Ambank credit card got hit many times. Alhamdulillah, after calling Ambank, they asked me to fill out a dispute form, then when I checked the next bill cycle [the charges] was removed. Tired of this scammer.

[/su_note]

How To Block Facebook Ads + Pay Scammers!

Here are some ways to prevent getting hit by the Facebook Ads scam, whether you are a bank customer in Malaysia or other countries.

Do NOT Use Debit Cards

First, you should NEVER use a debit card if you can help it. You should certainly not use a debit card online, or register it on any online or mobile payment platform, whether it’s for Apple Pay, Google Pay, or Facebook Pay.

It doesn’t matter if Bill Gates or Elon Musk or BTS endorses debit cards. DO NOT USE DEBIT CARDS!

You should certainly never use your debit card to fund Facebook advertisements. Always use a credit card, which offers you some protection against such fraudulent transactions.

Disable Your ATM Card’s Debit Card Function

Even if you have never requested for a debit card, you likely already own one – your ATM card likely doubles as a debit card! Banks have been forcing customers to take on debit cards, often by making ATM cards double as debit cards.

If possible, ask your bank to disable debit card function in your ATM card. But it is likely that they will refuse to do so – they make money from debit card transactions after all!

If your bank refuses to disable the debit card function in your ATM card, you can ask them to set the limit to ZERO. That will effectively block scammers from accessing your bank account!

Monitor Your Credit Card Transactions

Using a credit card to purchase products and services on online and mobile payment platforms offers you some protection against fraud, but you must always monitor the transactions and report any fraudulent transactions right away.

Depending on the country and card network, you usually have about 60 days to dispute credit card charges. So don’t wait. Report them as soon as you spot them! This will reduce the loss and reports you make, and speeds up the refund process.

Remove Your Credit Cards ASAP

If you register your credit cards for use with Facebook Ads or Facebook Pay, try to REMOVE them as soon as you are done.

Do NOT leave them registered to your Facebook Ads or Facebook Pay account, as a scammer or hacker who gains access to your Facebook account can make fraudulent purchases or run fraudulent advertisements using those credit cards without additional verification.

That appears to be the modus operandi of the Facebook Ads scam that has affected so many Maybank customers in recent weeks.

But if you have never registered your credit or debit cards with Facebook, or removed them after using, even if scammers hacked into your Facebook account or gained access through phishing attacks, they won’t be able to use your credit or debit cards!

Enable PIN For Facebook Pay

If you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

To prevent that, you should enable PIN confirmation for Facebook Pay:

Go to Settings in the Facebook website (not app).
Go to Account Settings, and select Orders and payments.
In the Orders and payments page, select Settings.
In the Security section, select Require PIN Confirmation.
You will be asked to enter a 4-digit number as your PIN.
Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Turn On Two-Factor Authentication

To make it harder for scammers / hackers to gain access to your Facebook account, turn on two-factor authentication:

Go to your Security and Login Settings.
Scroll down to Use two-factor authentication and click Edit.
Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:

Tapping your security key on a compatible device.
Login codes from a third party authentication app.
Text message (SMS) codes from your mobile phone.

Once you’ve turned on two-factor authentication, you can get 10 recovery login codes to use when you’re unable to use your phone.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Maybank FB Ads Scam : How To Recover Your Money?!

Leave a reply

If you are one of the many Maybank (MBB) customers who got hit by the Facebook Ads scam, here is how you can recover your money!

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseed : I heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Maybank FB Ads Scam : How To Recover Money?!

Generally, you should NEVER use a debit card because it does not offer the protection a credit card does – money is withdrawn directly from your bank account, and the bank is not legally obliged to refund any money lost through scams.

However, Hafizah Ayko who was once a victim shared her experience on how she managed to recover money, even though the scammers used her debit card to run those fake Facebook advertisements.

To help you recover any money you may have lost to Facebook Ads scammers, I translated and “improved” her instructions for you:

Disable Your Debit / Credit Card

First, you need to quickly disable your debit or credit card. You can call up the bank, or in Maybank’s case:

Step 1 : Log into your Maybank2U account.

Step 2 : Go to Cards, and select Manage My Debit Card.

Step 3 : Select Debit Card – Replace, Renew, Activate & Block.

Step 4 : Select Block Debit Card. You will need to get a replacement card from any Maybank branch later.

If you feel that the above steps are too complicated, an alternative method would be to immediately transfer your money to another bank account, if you have one.

But please DO NOT transfer your money to another person’s account. Only transfer your money to another bank account that you own.

NEVER EVER transfer your money to a third party, especially they claim to be police officers or bank officers trying to help you. That is a scam!

Police departments and banks do NOT have special bank accounts to hold and protect your money during scams. And legitimate police and bank officers are NOT authorised to receive money, and will NEVER ask you to transfer money to their bank accounts.

Disable Facebook Ads

Next, you need to immediately disable all advertisements that the scammer has set up using your Facebook account. The longer they continue to run, the more you are being charged for them!

Step 1 : Go to your Facebook account, and select See all.

Step 2 : Select Ads Manager.

Step 3 : You should see a bunch of fraudulent advertisements running. Turn all of them off.

Ask Facebook For Refund

After turning off the fraudulent advertisements, you need to report them, and ask Facebook for a refund.

Step 1 : Go to Ad account settings, and select Report a problem at the lower right corner.

Step 2 : Select Ad Policy or Fraud. Then select Fraudulent Activity.

Step 3 : Explain your situation the best you can, and upload any screenshots you have, and send the report.

After that, Facebook should respond that they would issue a refund for the fraudulent transactions in 3-5 business days!

Alternatively, you can submit report unauthorised or unknown charges to Facebook using this online form.

Ask Your Bank For A Refund

You should also report the fraudulent transactions to your bank and request for a refund. This works for credit cards, but you should nevertheless give it a try even if the scammers hit your debit card.

Step 1 : Download the Maybank Dispute Form.

Step 2 : Print or directly fill in the information into the PDF form.

Step 3 : Email the form to disputemgmt@maybank.com.my, together with any relevant screenshots, within 20 days from the closing date of the billing period.

Again, banks are not obliged to refund fraudulent charges to debit cards, as the money is withdrawn directly from your bank account. But there is no harm trying.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Facebook Ads Scam Hits Many Maybank Customers!

Leave a reply

Many Maybank (MBB) customers are getting hit by the Facebook Ads scam!

Find out what’s going on, and what you can do to avoid this Facebook Ads scam!

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseed : I heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Fahim Fahmi : Begitu saja duit kena curi 😢

Translation : That’s how [my] money got stolen 😢

Danish Ihsan : Aku dah kena jugak, satu hari 2 transaction.. nasib sedaq awai, habis rm800.. kalau tak lagi banyak.. maybank dah tak selamat, tadi kat bank pun ada akak kena jugak transfer to others acc beribu2 jugak lah,. Solusi, jangan guna maybank buat masa sekarang..

Translation : I got with with 2 transactions in one day.. luckily, I realised early, but lost rm800.. if not it would have been more.. maybank is not safe, just now at the bank a lady transferred thousands [of ringgit] to other people’s account. Solution, don’t use Maybank for now..

Analysis : Facebook Ads Scam May Not Be Related To Maybank

Many of those customers are angry with Maybank over these fraudulent charges to their debit cards, which meant the money was directly withdrawn from their bank accounts.

However, on closer analysis, the scammers may not necessarily be taking advantage of leaked Maybank debit card information, or hacked Maybank itself…

Fact #1 : Other Bank Customers Are Affected Too

While most recent Facebook Ads scam cases appear to be affecting Maybank customers, other bank customers are reporting that they took were charged for those fraudulent advertisements.

@eeshepeeka : nohh laki cek pun kena last week tp kat CIMB. ada few transaction for 2 days nasib dia tolak sikit2. sekali deduct RM12+ sehari 3x ja. deduction description pun sama sebiji cam dlm gambaq tu. haiyaa

Translation : Well, my husband also got [scammed] last week but at CIMB. there were a few transactions for 2 days, but luckily [the scammer] deducted only small amounts. each time deducting RM12+ a day for 3 times. The deduction description is the same as the one in the picture. haiyaa

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Fact #2 : Most Of Them Ran Facebook Ads In The Past

In addition to analysing their stories, I also spoke to someone who knows several Maybank customers who got hit by the scam. From what I can ascertain, most of them ran Facebook Ads in the past.

Stephanie Wong : 3.) Did not run any ads recently, but few years ago

@wnn_tasha : I last pakai FB ad guna akaun ni tahun 2018. Silap tak remove payment method tu.

Translation : I last used FB ad using this account in 2018. My mistake for not removing the payment method.

They said that they paid for Facebook page a few years ago to boost their audience.

That said, at least two Maybank customers said that they have never registered any debit or credit card with Facebook:

Fahim Fahmi : Tak pernah ada link kad dengan FB atau social media yang lain

Translation : [I] never linked [any] card with FB or other social media

@ruffleseed : I have never set up payment methods on Facebook nor have I ever used Facebook ads.

Fact #3 : Scammer Likely Got Access To Those Facebook Accounts

What is interesting is that most of those who were affected by this Facebook Ads scam reported that their Facebook accounts were used to create and run those ads.

If their debit or credit cards were merely stolen, the scammers could have created a new Facebook account to use those stolen cards to run Facebook ads.

Fortunately, one of the victims “caught” the scammer logging into her account from the United States. This clearly shows that the Facebook Ads scam requires the scammer to gain access to their Facebook accounts.

It is likely that the scammers gained access to their victims’ Facebook accounts using phishing attacks, and simply used the debit or credit cards that those victims earlier registered with Facebook to run advertisements in the past.

Fact #4 : Facebook Auto-Fill Is Not The Problem

After these cases went viral, people blamed the Auto-Fill feature in Facebook, and shared videos and photos on how to disable it.

The truth is – this Facebook Ads scam very likely has nothing to do with Auto-Fill, which is a feature used in many other services and platforms.

Auto-Fill only makes it easier to fill in your debit or credit card details. It does not bypass any verification that is required to make a payment.

Fact #5 : You Can Recover Your Money!

Now, this is important – you need to move fast to cut your losses, and recover the money. You can also improve your Facebook account security to prevent it from happening again.

For more details, please read our guide – Maybank FB Ads Scam : How To Recover Money?!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Must You Disable Facebook Auto-Fill To Block Scams?!

Leave a reply

Must you immediately disable Auto-Fill in Facebook to block scams?!

Here is what you need to know about Facebook Auto-Fill, and getting scammed on Facebook!

Claim : Facebook Auto-Fill Opens You To Scams!

People are sharing warnings about Facebook Auto-Fill, together with instructions on how to disable it to block Facebook Ads scams.

Guys check ur Facebook
And make sure these are OFF
this week a lot of MBB customers kena scam

1. Please check your bank account.
2. Please disable ‘auto-fill’ option in Facebook…

Truth : Facebook Auto-Fill Does Not Open You To Scams

There appears to be a spate of scams involving Facebook Ads and Maybank users, but it does not appear to be related to the Facebook Auto-Fill feature, and here are the reasons why…

Fact #1 : Facebook Introduced Auto-Fill In 2013

Facebook started introducing Auto-Fill sometime in September 2013, and gradually rolled it out globally over the years, so this is not a new feature.

Fact #2 : Many App Use Auto-Fill

Facebook isn’t the only app or platform to use Auto-Fill. Many services and platforms use Auto-Fill to make it easier to fill up forms and make payments.

The Auto-Fill feature is used in most, if not all, e-commerce / online shopping / online payment platforms, to expedite payments. The idea is that if they make it easier it is for you to pay, you will tend to buy more!

Many apps and services also use Auto-Fill to help you fill onerous forms with common details like your full name, email address, address and telephone number.

Fact #3 : Facebook Does Not Automatically Have Your Details

Facebook enables Auto-Fill by default for forms and payment, but that does not mean it has access to your debit or credit cards, or even your personal details. You need to manually key in your Contact Info and/or Payment Info for Facebook Auto-Fill to work.

If you have never given Facebook your credit card details, there is no way for its Auto-Fill to automatically fill in the credit card details for any transaction. Even if a scammer gains access to your Facebook account, he/she cannot use Auto-Fill because you never keyed in your debit or credit card details in the first place!

I did a quick check on two cases involving Maybank that came up recently (first example) (second example), and noticed that both parties who reported that they got fraudulently charged for Facebook Ads never registered their credit card with Facebook at all!

So whatever may be going on, it does not appear to be a Facebook Auto-Fill issue. But just in case you are worried, here are the latest steps on how to disable Auto-Fill on the Facebook mobile app.

Tap on your icon at the upper right corner of the Facebook app to access the Menu.
Scroll down the Menu until you see the Settings & privacy group.
Tap on Settings.
Scroll down the Settings & privacy page, and tap on Browser.
Scroll down the Browser settings page to the Auto-fill section.
You can tap on the Contact info and Payment info to check what information you shared with Facebook.
To disable Auto-fill for contact information, unselect Auto-fill contact forms.
To disable Auto-fill for payment, unselect Auto-fill payment forms.

Fact #4 : Auto-Fill Cannot Bypass TAC Verification

Even if you registered your credit card details with Facebook, and then use Auto-Fill to make a purchase, you will still need to authenticate that purchase.

Of course, it is possible to conduct a SIM swap attack, but that’s a different story altogether…

Fact #5 : Existing Facebook Ads Account Is A Risk

Those who have earlier registered a Facebook Ads account and ran advertisements may be at risk, because their credit cards would already be linked to their Facebook Ads account.

A scammer who gains access to their account (usually through phishing attacks) can easily create and run advertisements using their existing Facebook Ads account using the credit cards that have already been registered and approved earlier.

To minimise your risk, never ever use a debit card! Always use a CREDIT CARD, and always keep an eye on the transactions. Report to the bank once you see a fraudulent transaction.

But this has nothing to do with the Facebook Auto-Fill feature, and is not a concern if you never pre-approved your debit or credit cards with a Facebook Ads account.

Fact #5 : Existing Facebook Pay Account Is A Risk

Similarly, if you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

Again, you should NEVER use a debit card with Facebook Pay. Use a credit card, and always keep an eye on the transactions, and report to the bank once you see something fishy.

On top of that, you should enable PIN confirmation for Facebook Pay:

Go to Settings in the Facebook website (not app).
Go to Account Settings, and select Orders and payments.
In the Orders and payments page, select Settings.
In the Security section, select Require PIN Confirmation.
You will be asked to enter a 4-digit number as your PIN.
Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can SIM Swap empty bank accounts without warning?!

Leave a reply

Can a SIM swap attack empty your bank accounts without warning?!

Take a look at the viral warning, and find out what the facts really are!

Updated @ 2023-03-03 : Added some additional details
Originally posted @ 2022-01-16

Claim : SIM Swap Attack Can Empty Bank Accounts Without Warning!

This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.

The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.

Your BANK Account could be Emptied without an Alert!

Dear All, Please let’s be very careful.. There is a new HIGH TECH FRAUD in town called the SIM SWAP FRAUD, and hundreds of persons are already VICTIMS.

How does it work?
1 A new fraud called SIM SWAP has started. Your phone network will momentarily go blind / zero (No Signal / Zero Bars) and after a while a call will come through.

2 The Person on the other end of the call will tell you that he is calling from (your cell phone company) depending on your network and that there is a problem in your mobile network.

3 He will instruct you to Please press 1 on your phone to get the network back.

– Please at this stage don’t Press anything, Just cut or END the call.

If you press 1, the network will appear suddenly and almost immediately go blind again (Zero Bars) and by that action, your phone is #HACKED.

Within a second they will empty your bank account, and you won’t receive any alert.

What you will experience.
It will appear as though your line is without Network, meanwhile your SIM has been SWAPPED.
The danger here is that, you will not get any alert of any transactions, so please those of us doing USSD Banking and Mobile Banking BEWARE. Let’s be very careful.

Please, forward to your contacts, loved ones and friends. The fraud is increasing day by day.

Received from a #CybersecurityGroup

Don’t forget to share this post…… I repeat don’t forget to share this post. Many people’s Account as been emptied!

Please encourage more people to learn from this episode

Show less

Truth : SIM Swap Attack Are Real, But Don’t Work Like That

The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral message claims.

Here is what you need to know about the viral message, and SIM swap attacks.

Fact #1 : SIM Swap Attacks Are Not New

SIM swap attacks are really not that new. Scammers have been using SIM swap attacks since 2015, if not earlier.

Fact #2 : Viral Message Is Mostly False

The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.

In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.

Fact #3 : Straits Times Article Was Not About SIM Swap

The fake news creator added a link to a Straits Time article, to mislead you.

That’s because the article isn’t about a SIM swap attack, but a phishing attack, where the victim received an SMS with a link that took him to a fake website that “looked exactly like the OCBC login page“.

The victim then keyed in his bank login details, thus handing over control of his bank account to the scammers. He also ignored automated messages warning him that his “account was being setup on another phone“.

It had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.

Fact #4 : SIM Swap Attack Generally Does Not Require Any Action

In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.

All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.

Fact #5 : SIM Swap Attack May Require Action In Some Cases

The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.

In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :

The scammer will call the victim, claiming to be from their mobile service provider.
The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
The mobile service provider will automatically send an SMS to confirm the swap.
Once the victim confirms the swap, his/her SIM card will stop working.
The scammer now has access to the victim’s mobile number.

Fact #6 : SIM Swap Attack Does Not Hack Your Phone

The SIM swap attack does not involve any hacking of your phone.

You only lose access to your mobile number. Your phone is not hacked.

Fact #7 : SIM Swap Attack Does Not Empty Bank Accounts

Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.

This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.

However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.

That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.

Fact #8 : SIM Swap Attack Can Be Used To Cheat Friends Too!

Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.

With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).

Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.

The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).

Now that you know the facts behind the SIM swap attack or scam, please SHARE this article with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Leaked Data Show Pfizer Vaccine Would Kill?!

Leave a reply

Did leaked data show that Pfizer knew that its COVID-19 vaccine would kill people who took it?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Leaked Data Show Pfizer Knew Vaccine Would Kill!

People have been sharing a photo of The Irish Light newspaper, which claims that leaked data showed that Pfizer knew that its COVID-19 vaccine would kill people who took it!

It’s a long article, so feel free to skip to the next section for the facts!

Pfizer knew their vaccine would kill

Leaked data shows shocking number of fatalities and side effects now officially associated with covid shots

THE documents were leaked due to a cyber attack on the European Medicines Agency (EMA) website. More than 40 megabytes of classified information from the agency’s revlew were published on the dark web. and several Journalists including the BMJ were sent coples of the leak by anonvmous senders.

The documents have proved to be shocking due to the sheer amount of side ellects that are now ollicially associaled with the ‘vaccine*. Most alarmingly, there were at least 1,223 deaths reported in the first 28 days following the shot.

The U.S. Food and Drug Administration (FDA) had previously agreed to withhold the documents and their shocking revelations from the public for 75 years.

The HSE, moda and the government continually state that the vaccines are ‘safe and effective’ and those that had renorted vaccine-related injuries were oflen accused of making false correlations or imagining their symptoms.

However, the Pfizer documents paint a very different picture. They list thousands of side effeets that occurred at an alarming rate which were as a direct result of taking the experimental genetac injection.

These side effects included noat-fatal conditions such as eccema, blisters, asthma. low sperm counts and fertility problems.

Other more serious side ellects included, but were not limited to: auto-immine disorders; blindness: diabetes: berpes: heart problems such as myocardite; divroid disorders: neurological condations such as multiple sclerosis; sexures; epilepsy; narcolepsy and Guillain-Bame Syndrome. Also, inllammatory bowel disease, relapsing diseases, dcalness and even tongue biting.

While it has been approved for use in pregnant women, it is also known to cause pregnancy complications, including many spontaneous abortions.

One of the many issues it causes is anaphylactoid syndrome of pregnancy or ASP for short. ASP is a fatal discase for mothers and is among the leading causes of maternal mortality.

Symploms include anciety, confusion. shortness of breath, severe bleeding and death. Therefore, there is a high risk for pregnant women taking the covid “vaccine’.

The Pfizer document also list various blood disorders, Crohn’s disease, and liver failure as side effects. Blood clotting was another issue reported from the ‘vaccine’ trials.

One of the most telling side effects of this covid-19 injection is… covid-19. Proponents often argue that despite the possible side effects associated with some of the covid shots, they at least prevent people from dying from covid-19.

The problem is that the ‘vaccine’ actually causes people to develop the disease. In other words, it is contributing to the mumber of cases. It also lists covid-19 associated pneumonia as a side effect.

Some may argue that all of these side ellects are only associated with the Pfizer shot.

However, death and serious injuries have been present and publicly acknowledged with all of die manubcturers’ shots.

Research developed by Edinburgh University showed that almost 350 Brits have been struck down with a separate rare clotting disorder afler getting the AstraZeneca vaccine.

These blood clots cause minor bruising around the body and can leave some with a purple-dotted rash.

The Moderna vaccine has been assoctaled with heart problems such as mvocarditis and pericarditis. The list of adverse reactions also includes inflammation, fainting and breathing difficulties.

Data from the UK Health Security Agency (UKHSA) listed on page 2 has also revealed that both covid-19 deaths and cases were worse in vaccinated people, particularly those over the age of 18

The data in the table is clear: the chances of developing covid-19 increases significantly following subsequent ‘booster jabs.

This is broadly in line with the information contained in the Mizer document, which stated that vaccine side effects cause covid-19 and respiratory illnesses.

Coupled with the fact that ONS data recently revealed that covid deaths were much lwer than previously thought, the risks of taking the vaccine seem to greatly outweigh the risks of not doing so.

Show less

Truth : Leaked Data Did Not Show Pfizer Vaccine Is Dangerous!

This is yet another example of FAKE NEWS created and propagated by anti-vaccination activists, and here are the reasons why!

Fact #1 : The Irish Light Is An Anti-Vaccination Newspaper

While many anti-vaccination activists are promoting the article as coming from an Irish newspaper, The Irish Light is a self-printed newspaper that was launched in August 2021 by two former journalists turned COVID conspiracy theorists – Gemma O’Doherty and John Waters.

Gemma O’Doherty previously worked for the Irish Independent newspaper, while John Waters used to work for The Irish Times.

Unlike regular newspapers which delivers news content, The Irish Light focuses on questioning the effectiveness of vaccines, the COVID pandemic, and other far-right ideas.

Fact #2 : EMA Cyberattack Occurred In January 2021

The Irish Light published their article called “Pfizer knew their vaccine would kill” in April 2022, as part of their 10th issue.

However, the cyber attack on the European Medicines Agency (EMA) it referred to occurred more than a year ago – in January 2021.

Fact #3 : EMA-Pfizer Data Was Leaked To Journalists + Dark Web

More than 40 MB of data was stolen in the EMA cyberattack and released on the dark web, and leaked to several journalists, including from The BMJ and academics worldwide.

The leaked data consisted of confidential documents on the Pfizer BNT162b2 vaccine candidate (later known as the Pfizer-BioNTech COMIRNATY COVID-19 vaccine), which included “internal / confidential email correspondence from November, relating to evaluation processes for COVID-19 vaccines“.

Fact #4 : Leaked Documents Was About Quality Of Early Vaccine Batches

The BMJ reviewed the leaked documents, and found that they showed that regulators at the EMA had concerns about the quality of some early commercial batches of the Pfizer-BioNTech COVID-19 vaccine.

An email dated 23 November 2020 showed that a high-ranking EMA official complained that Pfizer was not producing its COVID-19 vaccines to the expected specifications.

Specifically, the level of intact mRNA dropped from about 78% in the clinical batches to 55% in the proposed commercial batches. Nothing in the leaked documents referred to safety issues, or side effects.

Fact #5 : Leaked EMA-Pfizer Data Was Tampered Before Release

On 15 January 2021, the European Medicines Agency (EMA) announced that their investigation showed that some of the leaked data was tampered by the hackers before being released.

Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.

The BMJ was criticised for reviewing the leaked documents without first verifying their authenticity and accuracy.

EMA states that the information was partially doctored, and that the perpetrators selected and aggregated data from different users and added additional headings.

It is unclear to us why a respected journal chose to present unverifiable information, in the process damaging an institution that has worked for 25 years in a transparent and successful manner.

Fact #6 : Leaked Documents Showed EMA Regulation At Work

While anti-vaccination activists framed the leak as evidence of collusion between EMA and Pfizer, they actually show that EMA regulators were doing their jobs.

EMA did not cover up the quality issue, but filed two “major objections” with Pfizer, together with a host of other questions it wanted Pfizer to address.

On 25 November 2020, one of the leaked emails showed that Pfizer had already brought up the level of mRNA in their COVID-19 vaccine lots.

The latest lots indicate that % intact RNA are back at around 70-75%, which leaves us cautiously optimistic that additional data could address the issue.

Ultimately, the EMA authorised the vaccine on 21 December 2020, nothing that “the quality of this medicinal product, submitted in the emergency context of the current (covid-19) pandemic, is considered to be sufficiently consistent and acceptable.”

Fact #7 : FDA Never Agreed To Withhold Pfizer Documents For 75 Years

The claim that the US FDA earlier agreed to withhold documents on the Pfizer vaccine for 75 years was debunked months earlier – in December 2021.

The US FDA never asked or agreed to withhold Pfizer COVID-19 vaccine documents for 75 years. That was merely the “interpretation” of Aaron Siri – the lawyer for PHMPT (Public Health and Medical Professionals for Transparency) – the group requesting the data that the FDA used to licence the Pfizer COVID-19 vaccine.

Fact #8 : Pfizer Documents Did Not Reveal Thousands Of Side Effects

The claim that the Pfizer COVID-19 vaccine documents revealed that it had thousands of side effects was debunked in March 2022.

The Pfizer document was publicly released on 17 November 2021, but it took antivaxxers more than 3 months to “discover” the list of 1,291 adverse events of special interest (AESI).

However, the AESI list was not a list of vaccine side effects. It was a list of “adverse events” that must be reported for further investigation.

It was also a generic list, which includes irrelevant adverse events like manufacturing and lab test issues, and even product availability and supply issues, as well as other diseases like MERS and chickenpox.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Don’t forget to protect yourself, and your family, by vaccinating against COVID-19!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Health | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Will Your Phone Get Hacked While You Vote In GE15?!

Leave a reply

Will your phone get hacked while you are voting in GE15?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Your Phone Will Get Hacked While You Vote In GE15!

This warning has gone viral on WhatsApp and social media, claiming that your phone will get hacked while you are voting in GE15!

The post is long, so feel free to skip to the next section for the facts!

For first time voters, it might be tempting to bring your phone along with you to document and record your experience voting for the first time.

However, the Election Commission (EC) has announced that the use of mobile phones inside polling stations will not be allowed.

As such, you may use your phone to kill time while standing in line, but you’d have to surrender your phone once you collect your ballot paper.

But, according to a Malaysian self-taught ethical hacker, this might not be the wisest move.

In a Twitter post that has gone viral, Twitter user @BeardtimusPrime shared that leaving your phone unattended and in the hands of volunteers at polling stations raises many security bells.

In a response to an infographic about the on-the-day process, he said that you should never leave your smartphone unattended and if you had to, you should at least put security tape over the USB/Lightning port before handing it over.

How could that be possible?

In an interview with WORLD OF BUZZ, the Twitter user explained that the issue lies in the fact that you’d be handing over your phone to volunteers, with close to zero vetting and background checks.

“Physically handing over your device is the worst thing to do when it comes to security. It’s similar to sharing passwords.”

He then explained that there are various ways hackers could access your data with your device in their hands and that simply turning off a smartphone doesn’t truly turn it off unless you were to take the battery out which requires special tools.

“Malware injection is still possible as the device will be in a ‘soft-off’ state,” he explained.

He then shared an explainer video on how hackers could easily access your data simply by plugging in what appears to be a standard cable which would allow them to remotely control and access your phone.

The video showed how people who have managed to access your phone would be able to read your messages, send messages from your phone and other worrisome things.

If you’d like to find out more on how exactly this can happen, checkout the video below (tap link to view video).

We hope that this will serve as a reminder to never leave your phone unattended. Are you still planning to bring your phone to the voting stations?

Show less

Truth : Your Phone Won’t Get Hacked While You Vote In GE15!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : Phones Are Left On KTM Table In Individual Boxes

First, let us establish some basic facts about how phones are “surrendered” before voting in GE15:

Each polling station (Saluran) will have two voting booths, allowing two voters to mark their ballots at the same time.
The KTM (Ketua Tempat Mengundi – Head of Polling Station) will have two cardboard boxes – one for each phone.
On the way to the voting booth, each voter will place his/her phone into one of the two cardboard boxes on the KTM’s table.
After casting the ballots, the voter will retrieve his/her phone from the cardboard box.

The polling clerks and the head of the polling station (KTM) will NOT touch any phone. Voters must place and retrieve their phones by themselves.

Fact #2 : There Are Many Witnesses In Each Polling Station

Each polling station has at least one police officer, three polling clerks and a KTM (Head of the Polling Station), as well as two or more observers.

That’s seven or more people arranged along three sides of the room, which means the phones placed on the KTM’s table are visible to all of them. Any attempt by anyone but the voters to handle the phones would be instantly noticed.

Fact #3 : KTM Is Usually A Teacher Working In That School

In Malaysian elections, schools are generally used as voting centres, with classrooms converted into polling stations.

Usually, the Malaysia Election Commission (SPR) appoints teachers of the same school as the KTM – head of each polling station.

While this does not mean some of these teachers are not secretly awesome hackers in their spare time, it means that your phones are generally being watched by teachers.

If you can trust school teachers with your kids, you can certainly trust them to WATCH OVER your precious phone.

Fact #4 : Marking Your Ballots Take Less Than A Minute

The only time your phone is out of your view is when you are marking your ballots in the voting booth.

How long do you reckon it takes to mark X on one or two ballots, and fold them? Maybe 10 seconds? 20 seconds if you are slow. No matter what – your mobile phone will only be out of sight for less than a minute.

Do you actually believe any hacker would have the time to hook up your phone to any cable, never mind hack it, in less than one minute?

Fact #5 : Juice Jacking Requires Cable To Be Plugged Into Phone

What this “ethical hacker” is referring to is called juice jacking. Juice jacking requires a cable to be plugged into your phone. It cannot happen wirelessly, because it relies on USB vulnerabilities.

As noted in Fact #1, you will place your phone into a large cardboard box. You will be able to see that there are no cables present.

While you are marking your vote, the box containing your phone will be fully visible to at least six other people in the room, if you discount the “nefarious KTM who is secretly an evil hacker”.

Even a “nefarious KTM who is secretly an evil hacker” will have trouble taking your phone out of the box, without any of the other people in the room noticing, never mind actually plugging in a cable.

That’s why the real risk of juice jacking isn’t that 20-30 seconds you spend voting in GE15, but when you plug your phone into a free USB power socket.

If you are paranoid, just cover your phone’s USB or Lightning port with tape, before you place it in the designated box.

Fact #6 : Juice Jacking Vulnerabilities Have Been Mitigated

As ethical hackers reveal security risks like juice jacking, Google and Apple have taken measures to mitigate the risks.

Both Android and iOS, for example, no longer allow the phone to be mounted as a drive when plugged in over USB. You will get a prompt asking you to confirm the step, which is not possible for the hacker to do without first unlocking the phone.

There have also been many Android and iOS security updates that patch vulnerabilities that could potentially lead to juice jacking attacks. That’s why it’s so important to keep your phone operating system updated.

Please WATCH OUT about such FAKE NEWS on WhatsApp and social media.

Remember – democracy does not guarantee us a good government. Democracy only guarantees us the right to vote out a bad government!

Happy voting on 19 November 2022!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Mobile | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Binance Smart Chain Halts After $100M Crypto Theft!

Leave a reply

Binance just shut down its blockchain, after getting hacked and losing over $100 million in crypto coins!

The shutdown prevented an even bigger loss of $566 million, but it defeated a key purpose of the blockchain – decentralisation.

Binance Smart Chain Halts After $100M Crypto Theft!

On Thursday, 6 October 2022, Binance Smart Chain was hit by a hacker who targeted 2 million Binance coins (BNB) worth $566 million.

The attack appeared to have started at around 2:30 PM EST, with the attacker’s wallet receiving two transactions of 1 million BNB coins.

Soon after that, the hacker tried to liquidate the BNB coins into other assets, by using a variety of liquidity pools.

Binance acknowledged the security incident several hours later, at 6:19 PM, and halted the BNB Smart Chain.

AT 7:51 PM EST, Binance CEO Changpeng “CZ” Zhao confirmed that an exploit was used in the BSC Token Hub to transfer the BNB coins to the attacker, and that they asked all validators to temporarily suspend the Binance Smart Chain. He also claimed that the funds are safe.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

Binance Smart Chain Almost Lost $566 Million!

The majority of the 2 million BNB coins worth $566 million remained on the BNB Smart Chain, and was made inaccessible to the hacker, after BSC was shut down.

This is rather ironic since blockchains like BSC are supposed to be decentralised, and not meant to be so easily turned off – a fact BNB Chain acknowledged.

Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading. It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss.

Even so, a BNB Chain spokesperson later confirmed that about $100 to $110 million in funds were taken off the Binance Smart Chain, and CZ said that the impact was about a quarter of the last BNB burn.

Of the funds taken off-chain, BNB Chain was able to freeze about $7 million with help from their partners in the cryptocurrency community.

So far, about $2 billion has been lost in crypto hacks in 2022, with cross-chain bridges used to transfer tokens across blockchains a popular target.

BNB Chain said that it would introduce a new on-chain governance mechanism to fight and defend against future possible attacks.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Money | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Turn On Two-Step Verification In Telegram!

Leave a reply

Find out WHY you should turn on two-step verification in Telegram, and HOW to do that!

Why You Should Turn On Two-Step Verification In Telegram?

Two-Step Verification is a feature that protects your Telegram account from being hijacked by hackers and scammers.

It blocks illegal takeover of Telegram accounts, by requiring a secret password that only you know. And it lets you recover your account via email.

This prevents hackers or scammers from taking over your Telegram account, even if you accidentally share with them the login code.

How To Turn On Two-Step Verification In Telegram!

In this guide, I will share with you how to turn on two-step verification in Telegram.

Step 1 : Open Telegram.

Step 2 : Go to Options > Settings > Privacy and Security.

Step 3 : Tap on the Two-Step Verification option.

Step 4 : In the Two-Step Verification screen, tap on the Set Password option.

Step 5 : Key in your preferred password, which can be any combination of capital or small letters and numbers.

Step 6 : You will need to key the same password again, to confirm it.

Step 7 : Next, you can create a hint to remind you of your password. This is optional, and you can skip it if you prefer.

But if you key one in, the hint will be displayed whenever you are asked to key in the password in the future.

Step 8 : After that, you will have the option of adding a Recovery Email address, just in case your account is hijacked.

This is optional as well, but I highly recommend you add a recovery email, which is simply the email address you use.

Step 9 : If you entered a Recovery Email address, Telegram will now send you an email with a 6-digit code to verify that email address.

Step 10 : Look for the Telegram verification code email, and key in the 6-digit verification code.

That’s it! You’re done! From now on, you will be required to key in the password whenever you log into a new device.

This will prevent hackers / scammers from taking over your account, even if you accidentally give them the Login code you receive by SMS.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Beware Of Telegram Screenshot Hack + Scam!

Leave a reply

Watch out for the Telegram screenshot hack and scam! Find out how the Telegram screenshot hack and scam works, and what you can do!

Telegram Screenshot Hack : New Twist To Old Trick

My friend just got hit by the Telegram screenshot hack, and the hacker is now trying to scam everyone on his contact list!

The Telegram screenshot hack is a new twist to an old trick, and here is how they do it…

Step 1 : Identify A Suitable Target

After obtaining a legitimate Telegram account through phishing or other means, the hacker reads through the messages to identify a suitable target – usually a close friend whom you often chat with, and trust.

For the purpose of our example, the hacker stole your friend’s Telegram account and has identified you as a suitable target.

Step 2 : Attempt To Login From Another Device

The hacker installs Telegram in another device and attempts to log into your account. He only needs the your phone number to do that.

The login attempt triggers Telegram to send a Login code to the your registered devices to authenticate the login. Usually, that’s the Telegram app in your smartphone.

Step 3 : Ask For A Screenshot Of Telegram

Traditionally, this is when the hacker will use your friend’s Telegram account to message you and ask for that Login code. However, asking for the Login code may trigger suspicion, so hackers have now come up with a new twist.

Instead of asking you for the Login code, the hacker will use your friend’s Telegram account to ask you to take a screenshot of your Telegram app and send it to him.

What harm is there? After all, many of us take screenshots and share them with family, friends and even on social media!

The problem is – the screenshot will accidentally reveal your Telegram Login code! Take a look at the actual screenshot my friend sent – it clearly shows the Telegram Login code!

Step 4 : Terminate All Other Sessions

The hacker will immediately use the Login code to log into your Telegram account on his device.

Then he will terminate all other sessions from that Telegram account, which means you get logged out from your Telegram app on your own smartphone!

Step 5 : Change Password

To prevent you from logging back in, and terminating his Telegram session, he will change the password.

Step 6 : Scam Your Friends

Now that the hacker gained control of your Telegram account and locked you out of it, he is free to scam your friends.

In this case, my friend’s contacts all started getting pleas to borrow money for some kind of emergency. The hacker will, of course, promise to pay you back quickly.

Your unsuspecting friends may not realise that this is not you that they are talking to, and may end up sending the hacker money.

In this case though, my friend managed to quickly alert us via WhatsApp that his Telegram account was hacked, so we didn’t tall for the scam.

One of his friends toyed with the scammer, and obtained the bank details. That is obviously not my friend’s name or account number!

Telegram Screenshot Hack : How To Prevent It?

Now that you know how the Telegram screenshot hack works, you can pretty much figure out how to prevent it.

Here is my quick summary for those who didn’t go through the whole process above :

Do NOT send anyone your Telegram Login code. Not even anyone claiming to be working for Telegram.
Do NOT send anyone a screenshot of your Telegram app. Even if it’s not a scam, it reveals portions of your chats!
Turn on Two-Step Verification in Telegram. This lets you recover your account, even if you accidentally let someone take over your account.

Telegram Screenshot Hack : How To Recover Your Account?

If you failed to turn on two-step verification, there is still a way to recover your Telegram account after it is stolen by a hacker.

For these steps to work though, you need to have access to your phone number. You must also do this quickly, as the hacker will be alerted to your attempt.

Step 1 : Open Telegram.

Step 2 : Log into your Telegram account using your phone number.

Step 3 : You will be asked if you have the correct number. Click Yes.

Step 4 : Telegram will send a 5-digit code to all your devices with Telegram installed. You won’t receive it since the hacker has already terminated all other sessions.

Step 5 : Click on the option just above the keypad – “Send the code as an SMS“.

Step 6 : You will now receive an SMS with the 5-digit code. Key it in, and you will now have access to your Telegram account.

Step 7 : Go to Options > Settings > Privacy and Security.

Step 8 : Scroll down and tap on Devices.

Step 9 : Tap on the option – Terminate All Other Session – to boot out the hacker.

Bonus Step : Turn on Two-Step Verification to prevent this from happening again!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Greeting Photos + Videos Hack Your Phone?!

Leave a reply

Can hackers use greeting photos and videos to hack your phone, and steal your data?

Take a look at the viral claim, and find out what the FACTS really are!

Claim : Greeting Photos + Videos Can Hack Your Phone!

People keep sharing this warning about greeting photos and videos, which claims that they can hack your phone and steal your data.

It’s a long message, so just skip to the next section for the facts!

Hello Family and friends,

Starting tomorrow, Please do not send network pictures. Look at the following article to understand. I’m going to stop too.

Please delete all photos and videos of Good morning, Evening and other greetings and religious messages as soon as possible. Read the following article carefully and you will understand why.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.

Warning from Olga Nikolaevnas lawyer:

Attention! For those who like to send Good morning! It’s a beautiful day! Good evening!
picture. Please do not send these good messages.

Today, Shanghai China International News sent out SOS to all subscribers and experts – advise: Do not send pictures and videos of good morning, good night, etc.

The report shows that hackers who designed these images, and these images and videos are beautiful, But there is a hidden phishing code, and when everyone sends these messages, hackers use your device to steal personal information, such as bank card information and data, and break into your phone.

It is reported that more than 500,000 victims have been defrauded.

If you want to say hello to others, please write your own greetings and send your own pictures and videos so that you can protect yourself and your family and friends.

Important ! To be safe, please be sure to delete all greetings and pictures on your phone. If someone has sent you such images, remove them from your device immediately. Malicious code takes some time to deploy, so if you take action immediately, there will be no harm done.

Tell all your friends to prevent being hacked.

Say hello in your own words and only send your own created images and videos to greet, which is completely safe for yourself, your family and friends. Please understand what I mean! Everyone has a bank card attached to their mobile phone, and everyones mobile phone has many contacts. This hack creates a threat not only to yourself, but to your phone, friends and acquaintances as well! This is brutal.

This is a new technique used by terrorists to visit your mobile phone SIM card, so that you become their accomplice!!!

* * * Send this message to as many of your relatives and friends as possible to stop any unauthorised intrusions!!!

Wow !!! Dear family and friends beware!!

Show less

Truth : Greeting Photos + Videos Cannot Be Hack Your Phone!

Many of us get spammed with Good Morning, Good Afternoon, Good Evening photos and videos every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really cannot hack your phone. Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News – does not exist!

Fact #2 : Greeting Photos + Videos Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these greeting photos and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Greeting Photos / Videos

There has been no known fraud involving Good Morning or Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Canada Internet Outage Due To Software Update, Not China!

Leave a reply

The country-wide mobile and Internet outage in Canada was due to a software update, not hacking by China!

Take a look at the viral claim, and find out what the facts really are!

Claim : China Responsible For Mobile + Internet Outage In Canada!

Within hours of news breaking that Canada suffered a massive Internet outage, Vancouver Times posted a story claiming that the Royal Canadian Mounted Police (RCMP) identified China as the responsible party.

Vancouver Times also claimed that the RCMP will issue arrest warrants for the hackers responsible, who are connected to the People’s Liberation Army (PLA).

Chinese state hackers are responsible for a massive internet outage that paralyzed large parts of Canada, according to the RCMP. The federal police agency is in the process of issuing arrest warrants for several people they believe are connected to the People’s Liberation Army.

The RCMP will be holding a press conference in the next few days to announce the arrest warrants, according to sources. Canadian intelligence agencies are reportedly receiving guidance from the CIA and the FBI.

On Friday a widespread network outage from Rogers left many Canadians without mobile and internet service. The outages caused significant problems for police, courthouses, passport offices and other facilities.

The outage also disrupted services across retailers, courthouses, airlines, train networks, credit card processors and police forces, pushing many to delay business transactions. Many people were seen at Starbucks, trying to use their internet service.

The mainstream media and big tech want to hide the truth. Beat them at their own game by sharing this article!

Truth : Canada Internet Outage Due To Software Update, Not China!

This is yet another example of FAKE NEWS created by Vancouver Times to generate page views and money from gullible people.

Fact #1 : Vancouver Times Is A Fake News Website

Vancouver Times is a “content aggregator” (copy and paste) website that is known for creating fake news to generate more page views and money.

To look legitimate, they copy and paste news from legitimate news organisations. To drive traffic, they create fake news, sometimes masked as “satire”.

To give themselves a veneer of deniability, they label themselves as a “satire website” in their About Us section.

Vancouver Times is the most trusted source for satire on the West Coast. We write satirical stories about issues that affect conservatives.

Here are some of their fake news that we debunked :

Fact #2 : Outage Only Affected Rogers Communications

On Friday, July 8, 2022, Canada was hit by a massive mobile and Internet outage that hit businesses, banks, and even police emergency lines.

However, it only affected Rogers Communications, and did not affect rivals like BCE, Telus and Shaw Communications.

The outage was extensive because Rogers is Canada’s leading telecommunications provider, with about 11.3 million wireless subscribers, and 2.25 million retail Internet subscribers.

Fact #3 : RCMP Did Not Blame China For Mobile + Internet Outage

The Royal Canadian Mounted Police did not blame China for Rogers Communications’ mobile and Internet outage.

This was made up by Vancouver Times to trigger right-wing conspiracy theorists, to go viral and draw more page views.

Fact #4 : Rogers Did Not Blame China For Mobile + Internet Outage

Rogers Communications themselves did not blame China for their mobile and Internet outage.

Fact #5 : Canada Confirmed Outage Was Not A Cyberattack

While the reason behind the outage was still unknown, a spokesperson for Canadian Public Safety Minister Marco Mendicino confirmed to CTV News that “the outage was not due to a cyberattack“.

Fact #6 : Rogers Confirmed Outage Due To Maintenance Update

On 11 July 2022, Rogers CEO Tony Staffieri apologised for the country-wide outage of its services.

He also said that the failure was due to “a maintenance update in our core network“. The maintenance work “caused some of our routers to malfunction early Friday morning“.

Fact #7 : Prior Rogers Outage Also Due To Software Update

This wasn’t the first time Rogers Communications’ network failed so drastically.

Just 15 months earlier – Rogers and its subsidiary, Fido, experienced a nationwide cellular service outage in April 2021.

That outage was ultimately traced to “a recent Ericsson software update” that “affected a piece of equipment in the central part” of their network, leading to “intermittent congestion impacting many customers across Canada“.

Fact #8 : It Would Have Been Considered An Act Of War

China attacking Canada’s mobile and Internet network would have been considered an act of war, if it was proven.

The Canadian government would at least have issued a strong statement, if not cut diplomatic ties with China and/or enact sanctions against the Chinese government.

Fact #9 : No One Else Reported This Story

China attacking Canada’s mobile and Internet infrastructure would have been major international news, reported across the globe.

Yet not only did no mainstream media cover this incredible story, it hasn’t even been reported in the usual conspiracy theory websites!

That’s because it was a fake story created by one publication – Vancouver Times, in their attempt to go viral again for more page views and ad money.

Fact #10 : There Is No Such Thing As A Publication Ban

Vancouver Times likes to use the “media blackout” claim, to explain why you can’t find any reputable media outlet reporting on China attacking Canada’s mobile and Internet infrastructure.

That’s utter and complete bullshit. No one – not a judge, not even the Canadian government – can control the worldwide media, or prevent anyone from writing about such an incredible story.

You can also be sure that even if the mainstream media in the Canada refused to run the story, it would have been reported by foreign media outlets, websites and blogs.

Yet, not a single foreign media outlet or online website published their account of this incredible story? That’s because IT NEVER HAPPENED…

Fact #11 : Mainstream Media + Big Tech Would Have Loved The Hype

Vancouver Times is gaslighting you about how mainstream media and Big Tech want to hide the “truth” about China attacking Canada’s infrastructure.

They would all loved such shocking news, because it would have driven tons of traffic and engagement to their websites / platforms.

In fact, that was precisely why Vancouver Times created the fake story – to drive traffic, for the ad money.

Everything that Vancouver Times publishes should be regarded as FAKE NEWS, until proven otherwise.

Please help us fight fake news websites like Vancouver Times – SHARE this fact check out, and SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

FBI + MI5 Issue Joint Warning On Chinese Spying!

Leave a reply

The FBI and MI5 just issued a joint warning about economic spying and hacking operations by the Chinese government!

Here is what you need to know…

FBI + MI5 Issue Joint Warning On Chinese Spying!

On July 7, 2022, FBI Director Christopher Wray joined MI5 Director General Ken McCallum at the MI5 London headquarters to issue a joint warning about Chinese spying and cyberattacks.

Ken McCallum said that MI5 was running seven times as many investigations into China, as it had just four years ago. He also said that MI5 planned to double that to tackle the widespread attempts.

Christopher Wray, on the other hand, stressed that the FBI had substantially increased its investigations into China, and is currently managing about 2,000 problems, and opening about two counterintelligence cases every day.

The Chinese government is set on stealing your technology – whatever it is that makes your industry tick – and using it to undercut your business and dominate your market.

Maintaining a technological edge may do more to increase a company’s value than would partnering with a Chinese company to sell into that huge Chinese market, only to find the Chinese government and your partner stealing and copying your innovation.

Both McCallum and Wray alleged that the Chinese government is engaged in a “coordinated campaign” to “cheat and steal [technology] on a massive scale“.

They also stressed that China’s hacking programme dwarfs that of any other major country, and that it has a global network of intelligence operatives.

FBI + MI5 : China Also Preparing To Shield From Sanctions

Even more worrying is the fact that China is working to shield its economy from any future sanctions, obviously learning from how the West punished Russia for invading Ukraine.

This suggests that China is at least preparing for the possibility, if not the eventuality, of insulating its economy from potential sanctions, should it attack Taiwan.

Wray said that China is “trying to cushion themselves from harm if they do anything to draw the ire of the international community”, and that the Chinese government is pressuring Western businesses not to criticise Beijing or its policies.

He declined to say whether an invasion of Taiwan has become more likely due to these measures, but warn that Western investments in China could be similarly impacted by such a conflict.

Just as in Russia, Western investments built over years could become hostage, capital stranded. Supply chains and relationships disrupted.

Wray also shared that the Chinese government had directly interfered in a New York congressional election, because they did not want a candidate who was a critic and a former Tiananmen Square protestor to be elected.

China has for far too long counted on being everybody’s second-highest priority. They are not flying under the radar anymore.

Both Wray and McCallum said that the intention of the joint address was to “send the clearest signal” to the Chinese Communist Party (CCP), because if China decides to invade Taiwan, it would cause “one of the most horrific business disruptions the world has ever seen“.

FBI + MI5 : Examples Of Chinese Spying

McCallum shared some specific cases of Chinese spying activities that MI5 detected and thwarted.

Covert Theft

Late last year Chinese intelligence officer Shu Yenjoon was convicted in a US court on charges of economic espionage and theft of trade secrets from the US aviation sector.

Shu was active in Europe too: he’d been part of a prolific Ministry of State Security network targeting the aerospace sector.

MI5 worked with those being targeted in the UK to mitigate the risks until the FBI action could solve the problem for both of us.

Tech Transfer

Clandestine espionage methodology isn’t always necessary. Take the tale of Smith’s Harlow, a UK-based precision engineering firm. In 2017 Smith’s Harlow entered into a deal with a Chinese firm, Futures Aerospace. The first of three agreed technology transfers saw Futures pay £3m for quality control procedures and training courses.

You know how this ends: after further sharing of valuable IP, Futures abandoned the deal. Smith’s Harlow went into administration in 2020. As their Chairman put it: “They’ve taken what they wanted and now they’ve got it, they didn’t need the shell of Smith’s”.

Information Advantage

The CCP doesn’t just use intelligence officers posing as diplomats in the classic fashion. Privileged information is gathered on multiple channels, in what is sometimes referred to as the ‘thousand grains of sand’ strategy.

In Germany a retired political scientist and his wife who together ran a foreign policy think tank passed information to the Chinese intelligence services for almost ten years.

In Estonia a NATO maritime scientist was convicted for passing information to his Chinese handlers, who claimed to be working for a think tank.

Cultivating New Contacts

The deceptive use of professional networking sites is well known. Seemingly flattering approaches turn into something more insidious – and damaging.

In one example a British aviation expert received an approach online, ostensibly went through a recruitment process, and was offered an attractive employment opportunity. He travelled twice to China where he was wined and dined. He was then asked – and paid – for detailed technical information on military aircraft. The ‘company’ was actually run by Chinese intelligence officers.

Chinese Response To FBI + MI5 Spying Allegations

Chinese government officials naturally rejected spying allegations by the FBI and MI5.

A spokesman for the Chinese embassy in Washington, Liu Pengyu, called the accusations groundless and said that China “firmly opposes and combats all forms of cyber-attacks“, and would “never encourage, support or condone cyber-attacks“.

His statement also said that the Taiwan issue was “purely China’s internal affair” and that there was “no room for compromise or concession“. It also said that China “will strive for the prospect of peaceful reunification with utmost sincerity and efforts“, but noted that China would “reserve the option of taking all necessary measures in response to the interference of foreign forces“.

Chinese foreign ministry spokesperson Zhao Lijian did not address the claims directly, but accused the United States of being the real danger instead.

The relevant US politician has been playing up the so-called China threat to smear and attack China. Facts have fully proven that the US is the biggest threat to world peace, stability and development.

We urge this US official to have the right perspective, see China’s developments in an objective and reasonable manner and stop spreading lies and stop making irresponsible remarks.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Enterprise | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

Leave a reply

A hacker is selling data on a billion Chinese citizens, that he stole from the Shanghai national police database!

Find out what’s going on, and what this data breach entails!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker who called himself “ChinaDan” posted in the Breach Forums that he hacked into the Shanghai National Police (SHGA) database and stole more than 23 terabytes of data.

He is offering to sell data on 1 billion Chinese citizens, including their name, address, birthplace, national ID number and mobile numbers, for 10 bitcoins – which is currently worth about US$204,285 / €200,227.

In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen.

Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.

He also posted a sample of 750,000 data entries from the three main indexes of the database, for potential buyers to evaluate.

Shanghai Police Database Left Unsecured For 14 Months!

ChinaDan claimed that the SHGA database was left unsecured on an Alibaba Cloud server. This was confirmed by several cybersecurity experts who had earlier stumbled upon the same database.

Even worse, the database was apparently left unsecured for at least 14 months! Vinny Troia – the founder of dark web intelligence first, Shadowbyte, said that he first discovered the SHGA database “around January” 2021.

Troia even downloaded one of the main indexes of the SHGA database, which contained information on nearly 970 million Chinese citizens (at that time).

And best of all – they made the data available to anybody who registers for an account!

The site that I found it on is public, anybody (could) access it, all you have to do is register for an account. Since it was opened in April 2021, any number of people could have downloaded the data.

Either they forgot about it, or they intentionally left it open because it’s easier for them to access. I don’t know why they would. It sounds very careless.

This Was Second Hack Of Shanghai National Police Database!

Bob Diachenko – a Ukrainian cybersecurity researcher – discovered the database independently in April, and noticed that the databased was attacked in mid-June by a hacker who copied the data, destroyed the copy on the server and left a ransom note demanding 10 bitcoins for its recovery.

By July 1, the ransom note disappeared, but only 7 gigabytes of data was available on the server, instead of the earlier 23 TB.

It is unknown if this data ransom “hack” was performed by ChinaDan, or a different hacker.

Diachenko said that the unsecured and exposed database continued to be used after that, until it was shut down over the weekend, after news of the data leak broke.

Maybe there was some junior developer who noticed it and tried to remove the notes before senior management noticed them.

This is shocking because it suggests that the database administrators were already aware of a prior breach, but did nothing to secure the database, or shore up cybersecurity measures.

Most Of China Affected By Shanghai Police Data Leak!

The Shanghai National Police data leak is currently the largest leak of public information ever.

It does not just cover people who live in, or have been in Shanghai. The database actually has information on over 70% of its 1.4 billion population in almost all counties in China.

The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.
– Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison

This massive data leak acutely demonstrates the risk of government collection of data. China notably collects a tremendous amount of data on its citizens, including digital and biological data through facial recognition, iris scanners, social media tracking and phone trackers.

Once such data is leaked, it is forever exposed, putting people at risk of scams, identity theft, or even extortion.

China Censors Coverage Of Shanghai Police Data Leak

The Chinese government and the Shanghai Police have both refused to comment on the massive data leak.

Instead, they started blocking related words on Weibo, like “Shanghai data leak”, “data leak”, “Shanghai national security database breach”, “1 billion citizens’ record leak”.

Censors have also scrubbed news on this data breach from WeChat, with one popular WeChat user telling his 27,000 followers that he had been summoned to be questioned by the police.

China’s major English-language media like CGTN, Global Times, Xinhua, etc. have also not published any story on the Shanghai police data leak, despite public interest and its wide-ranging consequences for China.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Enterprise | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Hackers Release Pfizer + Moderna Vaccine Death Data?!

Leave a reply

Did hackers just crack the Pfizer and Moderna servers, and publicly released the hidden vaccine death data that they stole?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Hackers Stole, Released Pfizer + Moderna Vaccine Death Data!

People are sharing links to articles that claim that hackers just stole and released vaccine death data from Pfizer and Moderna servers!

Here is an example, which is rather long, so feel free to skip to the next section for the facts!

GOOD NEWS!!!! Hackers broke into all the pharmaceutical companies and stold all the medial data on vaccines thank God!!!! The Great Awaking has lifted off!!! Forward this link everywhere!!!!

**Displays number of deaths and disabilities associated with each batch/lot number = indication of relative toxicity of one batch/lot compared to another
**No one currently knows the reason why some batches/lots are associated with excessive deaths, disabilities and adverse reactions (up to 50 x). Until we do know, it is best to be cautious
**[“Batch-code” = “Lot Number” = the number they write on your vaccination card.]

Here’s the link to the site www.linkremoved.info where you can see live links listed below. Download and save all articals you can incase the site goes down!!!

Check out your batch code (lot number)

Check out your batch code (lot number)
•   Moderna Batch Codes
•   Pfizer Batch Codes
•   Janssen Batch Codes
•   Moderna (outside of USA)
•   Pfizer (outside of USA)
•   Janssen (outside of USA)

Latest Info on Boosters
• Bad Batches of the Month

Variation in Toxicity
•   Cumulative Toxicity over Time PDF
•   VIDEO : Variation in Toxicity between Batches
•   Death by Lottery PDF
•   VIDEO : Non-GMP Compliant Batches Associated with Death and Disability
•   VIDEO : Team Enigma – Covid Vax Variability
•   VIDEO : VAERS reveals super-toxic batches

Do the Batch Codes Code for Toxicity?
•   Moderna’s 20A-21A Classification of Toxicity for Covid Vaccines PDF
•   Moderna : Alphabetic Labelling of Different Toxicities PDF
•   Pfizer : Alphabetic Labelling of Different Toxicities PDF
•   VIDEO : Do Pfizer Batch Numbers Code for Toxicity Part 1 ?
•   VIDEO : Do Pfizer Batch Numbers Code for Toxicity Part 2 ?
•   VIDEO : Do Moderna Batch Numbers Code for Toxicity ?

VAERS Database
•   Covid Science Library
•   Medical doctors talking about VAERS
•   VaersAnalysis.info

Data Source
•   All data is sourced from VAERS, a public database of over 700,000 adverse reaction reports for Moderna, Pfizer and Janssen Covid 19 vaccines in the USA. Our intention is to present the VAERS data in an accessible and unadulterated form, that can be easily verified using the links below
•   Vaccine Adverse Event Reporting System (VAERS)
•   Video Tutorial 1 : Extracting Bad Batch Data from VAERS – Deaths, Disabilities, Hospitalisations

Show less

Truth : Hackers Did Not Steal / Release Pfizer + Moderna Vaccine Death Data!

This is yet another example of FAKE NEWS created and promoted by disinformation websites like Before It’s News, How Bad Is My Batch, Best News Here, and here are the reasons why…

Fact #1 : Pfizer + Moderna Servers Were Not Hacked

Those websites falsely claimed that hackers broke into Pfizer and Moderna servers, and stole their (hidden) vaccine death data.

There is no evidence the Pfizer and Moderna servers were ever hacked, or had any data stolen.

Fact #2 : All Data Are Publicly Available

Despite claiming at the start that the data provided in the website was stolen from Pfizer and Moderna servers, the article ends with a statement that all of the data was really sourced from VAERS.

Data Source
• All data is sourced from VAERS, a public database of over 700,000 adverse reaction reports for Moderna, Pfizer and Janssen Covid 19 vaccines in the USA.  Our intention is to present the VAERS data in an accessible and unadulterated form, that can be easily verified using the links below

In other words – they falsely claimed that the data was provided by hackers who broke into Pfizer and Moderna servers. The data were all from VAERS, which is publicly available.

Fact #3 : VAERS Data Cannot Be Used As Evidence

Like the British Yellow Card system, VAERS is an open reporting system that lets ANYONE from ANYWHERE file a report, without verification.

VAERS reports are not only easily faked, they are easily abused, which why the CDC explicitly warned that :

Reports may include incomplete, inaccurate, coincidental and unverified information.
The number of reports alone cannot be interpreted or used to reach conclusions about the existence, severity, frequency, or rates of problems associated with vaccines.

But anti-vaccination activists and disinformation websites LOVE to use VAERS, because they can easily manipulate the reports to create a fake narrative.

Fact #4 : Pfizer + Moderna Released Their Data In 2020

Both Pfizer and Moderna submitted data from their COVID-19 vaccine clinical trials to health authorities across the world, like the US FDA and EMA in Europe in November 2020.

The release of clinical trial data, which would include post-vaccination adverse events, is necessary for any health authority to approve their vaccines.

The US FDA released the briefing documents Pfizer and Moderna submitted to the Vaccines and Related Biological Products Advisory Committee (VRBPAC) in December 2020 :

Pfizer-BioNTech BNT162b2 vaccine : Publicly released on 10 December 2020
Moderna COVID-19 vaccine : Publicly released on 17 December 2020

Fact #5 : FDA Started Releasing Pfizer Documents In 2021

On 27 August 2021, a group that called themselves Public Health and Medical Professionals for Transparency (PHMPT) filed a Freedom of Information Act (FOIA) request with the US FDA to gain access to all of their documents related to the Pfizer COVID-19 vaccine.

The US FDA started releasing the Pfizer documents on 17 November 2021. They were then ordered by US District Judge Mark Pittman to speed up the release of those documents on 6 January 2022.

As of 2 May 2022, the US FDA had already released 238 documents related to the Pfizer COVID-19 vaccine, containing thousands of pages.

Fact #6 : Before It’s News Is Known Fake News Website

Before It’s News is known for creating and spreading fake news – not just misinformation, but also disinformation about everything from MH17 conspiracy theories to anti-vaccination claims.

Everything posted by Before It’s News must be considered FAKE NEWS, until proven otherwise.

Please help us FIGHT FAKE NEWS by sharing this fact check article out!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Science | Fact Check | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Anonymous Cyberwar Against Russia : 28 February 2022

Leave a reply

Here are the latest cyberattacks by the hacktivist group, Anonymous, in their cyberwar against Russia!

Anonymous Launches Cyberwar Against Russia!

On 22 February 2022, Anonymous lobbed a warning shot at both Russia and China, hacking an official Chinese website and a Russian Modbus device.

After the Russian invasion started on 24 February, Anonymous announced that they would also begin “gearing up for action” :

#Anonymous has always been against war, and against colonialism. We’ve seen how unfettered power decimates the weak, only having its own self interests in mind. We stand with the people, not the governments of the world.
Anonymous condemns the attacks on the Ukrainian people.

There are many #Anonymous accounts gearing up for action against the imperialist state of Russia, and we will be retweeting their endeavors.

The next day, Anonymous announced that they have started attacking the Russian government.

#Anonymous is currently involved in operations against the Russian Federation. Our operations are targeting the Russian government. There is an inevitability that the private sector will most likely be affected too. While this account cannot claim to speak for the whole (con)

Anonymous Cyberwar Successes Against Russia!

Here is the latest list of cyberattacks that Anonymous successfully conducted in their cyberwar against Russian.

25 February 2022

Anonymous took down the RT News website – RT.com.
Anonymous took down four Russian ISP websites
– Com2Com : com2com.ru
– PTT-Teleport Moscow : ptt.ru
– RELCOM : relcom.ru
– SOVAM Teleport : sovam.com
Anonymous took down Russian oil giant, Gazprom’s website : www.gazprom.com

26 February 2022

Anonymous took down several Russian government websites, including the Kremlin, State Duma, and Ministry of Defense.
Anonymous “retrieved” and leaked 200 GB of emails from Tetraedr – a Belarusian arms manufacturer, including blueprints of the SAMs (Surface-to-Air Missiles) they manufacture.

27 February 2022

Anonymous took down the Chechen Republic government website : chechnya.gov.ru
Note : This came after multiple reports of Chechen soldiers being deployed to Ukraine.
Anonymous shut down gas supply provided by Tvingo Telecom in Russia. Tvingo Telecom is owned by Rostelecom, a Russian state owned telecommunications company.

Looks like the Russian state had a little bit of an issue with their Gas compressor. Can someone say, leaking gas, turned off fans, deleted configurations/profiles, access to the file system & an inevitable shutdown? #Ukraine pic.twitter.com/DnjGJbiUvz

— NB65 (@xxNB65) February 27, 2022

28 February 2022

Anonymous took down several official Belarus government websites :
– Belarus Ministry of Communications and Information : mpt.gov.by
– Belarus State Authority for Military Industry : vpk.gov.by
– Belarus Military : mil.by
Anonymous took down several more Russian state and state-linked websites :
– Pension Fund of the Russian Federation : pfr.gov.ru
– Russian Public Services portal : gosuslugi.ru
– Kremlin website (again) : Kremlin.ru
– Russian Federal Customs Service : customs.gov.ru
– Russian government website : government.ru
– Moscow city + mayor website : mos.ru
– Tass news agency website : Tass.ru
The hacking group GNG – an Anonymous affiliate – hacked and leaked a Sberbank database
Anonymous Network Battalion 65′ (nB65) hacked and released 40,000 files from the Russian Nuclear Safety Institute.

I will keep updating this article, as and when Anonymous announces their successes against Russia.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Anonymous fires Warning Shot at China, Russia over Ukraine!

Leave a reply

The hacktivist group, Anonymous, just fired a warning shot at both China and Russia over the invasion of Ukraine!

Anonymous fires Warning Shot at China, Russia over Ukraine!

The hacktivist group, Anonymous, just hacked a Chinese state website, and a logic controller in Russia, as a warning shot to both countries over the invasion of Ukraine.

On Tuesday, 22 February 2022, Anonymous hacked the Chinese Culture website (www.chineseculture.com.cn), replacing its content with a page showing its logo, and the Guy Fawkes mask.

The hacked Chinese Culture website was taken offline, but you can still see the hacked page through the Wayback Machine.

The hacked page includes the YouTube video – It Might Break Your Pinky Heart – the famous music video by Malaysian singer-songwriter, Namewee, that mocks the Chinese government.

After a video about an old MIT experimental antiviral approach called DRACO (Double-stranded RNA Activated Caspase Oligomerizer), and a reference to Operation Samatha Smith, the hacked page warned Russia over its invasion of Ukraine, with a warning shot in the form of “a small hack”.

However sadly because Putin has burned the bridge and reneged the Minsk deal by prematurely recognising separatist territories as independent, instead of waiting until the conclusion of UN interim administration period and if they vote overwhelmingly for independence per that plan, Anonymous decides to make good some of its threats by conducting a small hack on a Modbus device which we intend as a warning shot.

The above Modbus device isn”t located in countries friendly to the US and Taiwan, nor in neutral countries that want nothing with these. Instead, it is in places like China or somewhere like it.

You can make stupid threats like a spoiled child, but remember that Anonymous never have restrictions that says that only homo sapiens can be part of it.

Sony learnt the hard way in 2011 that a part of Anonymous can finish what a totally different part had started!

The Modbus device was later confirmed to be a Schneider Electric Modicon M251 logic controller located in Russia.

Anonymous Will Formally Attack Russia Over Ukraine Invasion!

According to Taiwan News, which reached out to Anonymous, their representative said that they were previously “playing nice and not give them an excuse to start a war“, but now that missiles had been fired on Ukraine, “we are taking off the gloves altogether.”

That representative also said, “Anonymous will formally attack Russian websites or devices later” in retaliation for Russia’s invasion of Ukraine.

The Anonymous threat on the Chinese Culture website ended with its signature quote in English, Russian and Chinese :

We are Anonymous
We are legion
We do not forgive
We do not forget
Expect us!
Мы анонимы
Мы легион
Мы не прощаем
мы не забываем
Ждите нас!
我们是匿名者
我们是军团
我们不原谅
我们不会忘记
期待我们

Anonymous did not explicitly say why they are targeting China over Russia’s invasion of Ukraine, but it seems obvious that they believe that China is partly responsible for Russia’s military action.

Perhaps they felt that indirect support by the Chinese, as well as their propaganda effort, gave Russia some leeway and economic support in attacking Ukraine.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MySJ Trace : Should You Enable Or Disable?

Leave a reply

Should you enable the new MySJ Trace feature in MySejahtera, or should you disable it?

Let’s take a look at people’s deepest fears about MySJ Trace, and find out what the facts really are!

MySJ Trace : Should You Enable Or Disable?

MySejahtera just introduced a new MySJ Trace feature, which uses Bluetooth technology to track your close contacts.

The proximity data it collects allows Malaysia Ministry of Health (KKM) to accurately determine if you are a close contact of a COVID-19 positive person.

KKM has been strongly urging people to turn it on, but many people are offering conflicting advice on whether to enable or disable it.

Let’s take at what people are saying, and find out what the facts really are!

Should You Enable MySJ Trace?

There are several good reasons to enable MySJ in MySejahtera :

MySJ Trace allows for more accurate contact tracing. If you test positive for COVID-19, the data it collects lets KKM accurately identify your close contacts, and inform them.
MySJ Trace automatically tracks your close contacts. All you have to do is turn it on, and forget about it.
MySJ Trace removes the need to manually check out from locations, which was tedious and easy to forget.
Those who use MySJ Trace will avoid being wrongly identified as casual or close contacts, due to the inaccuracy of using check-in and check-out times.

MySJ Trace gets more accurate and more useful, when more people use it. So KKM is strongly encouraging everyone to use it.

Plus, when enough people start using it, we will all enjoy an additional benefit :

When enough people use MySJ Trace, we will no longer need to check-in at every location!

Should You Disable MySJ Trace?

Let’s take a look at some of the reasons why people are disabling MySJ Trace, and see what the facts really are!

Claim #1 : Government Uses MySJ Trace To Track Our Movements
Verdict : False

People are falsely claiming that the Malaysian government will use MySJ Trace to track our movements.

The truth is MySJ Trace does not record or collect geolocation data, so it cannot possibly track your movements.

MySJ Trace also does not transmit data, unless we consent. In fact, we are only asked to transmit MySJ Trace data if we test positive for COVID-19.

Claim #2 : MySJ Trace Not Useful Because No One Is Using It
Verdict : False

Some people are discouraging people from using MySJ Trace because “not many people are using it yet“.

Switching to MySJ Trace immediately helps you by removing the need to check-out of locations. Isn’t that useful?

For healthcare professionals who need to quickly and accurately trace close contacts of infected individuals, MySJ Trace works better when more people use it, but that doesn’t mean it’s completely useless when few people use it.

Claim #3 : Old Check-In, Check-Out System Is More Accurate
Verdict : False

Some people claim that the old method of checking in and out of locations is more accurate than MySJ Trace.

That may be true in the early days, when very few people are using it, but that is no longe true once many of your close contacts are using it.

MySJ Trace not only automatically determines who comes into close contact with you, it also logs how long they are in close contact, and their proximity (distance) to you.

The manual check-in and check-out system is unable to determine time of contact, and distance of contact; and can easily lead to false positives – people wrongly identified as casual or close contacts.

Claim #4 : MySJ Trace Uses A Lot Of Battery Life
Verdict : False

This is a real concern for many people as MySJ Trace requires Bluetooth to be turned on all the time. However, it uses Bluetooth Low Energy technology, which uses very little power.

I had earlier tested MySJ Trace on an old Samsung Galaxy S10 smartphone, and did not notice any noticeable drain on its battery life.

For people who have strong concerns over this aspect, it is possible to temporarily turn off MySJ Trace while you are at home, and only turn it on when you go out.

Claim #5 : Bluetooth Increases Risk Of Hacking
Verdict : Misleading

It is possible for criminals to hack your smartphone using Bluetooth, and it is good cybersecurity practice to turn off wireless connections that you are not using.

However, it is far more difficult to hack you through your Bluetooth connection, than your Wi-Fi connection.

After all, Bluetooth only has a range of 10 metres! The hacker will have to remain in close proximity to hack you.

Claim #6 : Hackers Can Grab Our Personal Information
Verdict : False

Some people are claiming that hackers can hack into MySJ Trace and use it to trawl for personal information of people nearby.

That’s nonsense, because MySJ Trace will only record the following information :

Unique User ID (UUID) that is created by the MySejahtera app.
Operating system version (Android or iOS)
Time of contact
Received Signal Strength Indicator (RSSI)

There is no personal information that would be useful to hackers, even if they grab these information.

The UUID, for example, is useless as an identification number without access to the KKM database of MySejahtera users and their personal information.

Claim #7 : MySJ Trace Continuously Uses Internet Data
Verdict : False

Some people are falsely claiming that MySJ Trace continuously uses Internet data, which is extremely limited for some users.

That’s not true. MySJ Trace does not require Internet connectivity, except :

when you first download and install MySejahtera,
whenever you update MySejahtera
when you consent to upload your MySJ Trace data to KKM

Since those are all optional, you can do it when you have access to a Wi-Fi network. You can use MySJ Trace without mobile Internet.

I hope that clarifies the reasons why you should enable or disable MySJ Trace. If you have any other questions, please feel free to ask us.

Meanwhile, I hope you can share this article with your family and friends, and encourage them to turn on MySJ Trace.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Mobile | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Was Facebook Taken Down By 13 Year-Old Chinese Hacker?

Leave a reply

Was Facebook taken down by a 13 year-old Chinese hacker?

Take a look at the viral claim, and find out what the FACTS really are!

Claim : Facebook Was Taken Down By 13 Year-Old Chinese Hacker!

On 4 October 2021, Facebook and ALL of its messaging and social media platforms went down for about six hours, including Messenger, WhatsApp and Instagram!

Several websites, as well as people on Twitter and Facebook started claiming that Facebook was taken down by a 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Jiso / Sun Ji Soo.

There are quite a number of these claims, so just SKIP to the next section for the facts!

International media claimed that “China” was behind the suspension of social media services in the world.

According to Reuters, a Chinese hacker named “Sun Jisu” is responsible for stopping the services of “Facebook”, “WhatsApp” and Instagram, and added that the Chinese hackers are only 13 years old.

The Chinese hacker “Sun Ji Su” has topped the famous search engines and Twitter platforms during the past minutes, after disabling WhatsApp, Instagram and Facebook today 2021 in all countries of the world, amid questions among activists about the details of this information.

The Chinese hacker who disrupted Facebook, WhatsApp and Instagram around the world. The 13-year-old boy, Sun Jisu, who hacked the three sites and also caused Facebook employees to be prevented from entering the headquarters of the global institution after disabling the electronic portals and caused an economic loss estimated at billions dollars around the world.

Reuters: A 13-year-old Chinese hacker named Sun Jiso has stopped Facebook, WhatsApp and Instagram services.
The value of Facebook shares has dropped significantly due to the disruption of the global network of Instagram and WhatsApp.

#NewYorkTimes: The Facebook company refused the cyber attacks on behalf of a 13, Chinese hacker. It is not clear what the problem is with Facebook, Whatsapp, and Instagram. The Facebook company claims that we repair them soon.

Show less

Truth : Facebook Was Not Taken Down By 13 Year-Old Chinese Hacker!

The story of a 13 year-old Chinese hacker taking down Facebook is just fake news created by fake news / clickbait websites to go viral and get money through ads.

Here are the reasons why…

Fact #1 : International Media Did Not Blame China

On one blamed China for the bizarre 6-hour downtime of Facebook, WhatsApp, Instagram and Messenger.

The international media referred to cybersecurity specialists who pointed at DNS failure as the most likely cause, not a state actor like China.

Clickbait / fake news websites intentionally added that false claim to “trigger” Chinese netizens and Sinophiles to share their fake news.

Fact #2 : Reuters + NYT Did Not Report On Any Chinese Hacker

Reuters did not report that a 13 year-old Chinese hacker called Sun Jisu was responsible for the bringing down Facebook, WhatsApp, Instagram and Messenger.

Neither did the New York Times write about a 13 year old hacker attacking Facebook.

These are complete lies that are easily verified with a quick check on the Reuters and New York Times websites.

Fact #3 : 13 Year-Old Sun Jisu / Sun Jiso Does Not Exist

There is no 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Ji So / Sun Ji Soo. He does NOT exist.

In addition, that is a Korean name, not Chinese – a mistake that a non-Asian person would make.

Fact #4 : That Was An Old Picture Of Wang Zhengyang

The fake news websites used a picture of Chinese hacking prodigy, Wang Zhengyang, speaking at the 2014 Chinese Internet Security Conference.

Wang Zhengyang was 13 year-old at that time, and would be 20 years old this year – 2021. Here are two more pictures of him speaking at that event.

Wang Zhengyang at 2014 Chinese Internet Security Conference

Fact #5 : Facebook Services Were Brought Down By Configuration Changes

Facebook services were not brought down by a hacker, but configuration changes their own engineering team initiated internally.

Facebook’s Vice-President of Infrastructure, Santosh Janardhan, confirmed that “configuration changes” on their “backbone routers” caused the 6-hour long failure.

Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.

Fact #6 : Access Problems Were Caused By Same Servers

Facebook run their internal systems through the same servers, so they became inaccessible when those servers were taken offline.

This included security systems that controlled the fob door locks, with a New York Times reporter tweeting that Facebook staff were unable to gain access to an unspecified office using their keycards.

However, many Facebook staff are working from home due to COVID-19 precautions, so this was only a big problem for engineers trying to gain access to the Facebook data centre in Santa Clara, California.

At no time was this security issue caused by a hacker. It was due to the same servers that went offline.

Now that you know the truth, please SHARE this fact check with your family and friends!

Also, please STOP SHARING fake stories created by fake news / clickbait websites!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Business | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did 13 Yr Sun Jisu Hack Facebook, WhatsApp, Instagram?

Leave a reply

Did the 13 year-old Chinese hacker, Sun Jisu, hack Facebook, WhatsApp and Instagram, causing them to fail for more than 6 hours?

Take a look at the new viral claim, and find out what the FACTS really are!

Claim : 13 Year-Old Sun Jisu Hacked Facebook, WhatsApp, Instagram!

On 4 October 2021, Facebook and ALL of its messaging and social media platforms went down for about six hours, including Messenger, WhatsApp and Instagram!

Some websites and people on Twitter and Facebook started claiming that the failure was due to a 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Jiso / Sun Ji Soo.

There are quite a number of these claims, so just SKIP to the next section for the facts!

International media claimed that “China” was behind the suspension of social media services in the world.

Show less

Truth : Sun Jisu Doesn’t Exist, Did Not Hack Facebook, WhatsApp, Instagram!

The truth is – this is just fake news created by fake news / clickbait websites to go viral and get money through ads.

Here are the reasons why…

Fact #1 : International Media Did Not Blame China

No mainstream media blamed China for the bizarre 6-hour downtime of Facebook, WhatsApp, Instagram and Messenger.

Practically all of them referred to cybersecurity specialists who pointed at DNS failure as the most likely cause, not a state actor like China.

Clickbait / fake news websites intentionally added that false claim to “trigger” Chinese netizens and Sinophiles to share their fake news.

Fact #2 : Reuters + NYT Did Not Report On Any Chinese Hacker

Reuters did not report that a 13 year-old Chinese hacker called Sun Jisu was responsible for the bringing down Facebook, WhatsApp, Instagram and Messenger.

Neither did the New York Times write about a 13 year old hacker attacking Facebook.

These are complete lies that are easily verified with a quick check on the Reuters and New York Times websites.

Fact #3 : 13 Year-Old Sun Jisu / Sun Ji Soo Does Not Exist

There is no 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Ji So / Sun Ji Soo. He does NOT exist.

In addition, Sun Jisu / Sun Ji Soo is a Korean name, not Chinese. This is a mistake that a non-Asian person would make.

Fact #4 : That Was An Old Picture Of Wang Zhengyang

The fake news websites used a picture of Chinese hacking prodigy, Wang Zhengyang, speaking at the 2014 Chinese Internet Security Conference.

Wang Zhengyang was 13 year-old at that time, and would be 20 years old this year – 2021. Here are two more pictures of him speaking at that event.

Wang Zhengyang at 2014 Chinese Internet Security Conference

Fact #5 : Facebook Services Were Brought Down By Configuration Changes

Facebook services were not brought down by a hacker, but configuration changes their own engineering team initiated internally.

Facebook’s Vice-President of Infrastructure, Santosh Janardhan, confirmed that “configuration changes” on their “backbone routers” caused the 6-hour long failure.

He also asserted that it was a faulty configuration change, and no user data was compromised.

Our services are now back online and we’re actively working to fully return them to regular operations. We want to make clear at this time we believe the root cause of this outage was a faulty configuration change. We also have no evidence that user data was compromised as a result of this downtime.

Fact #6 : Access Problems Were Caused By Same Servers

Facebook run their internal systems through the same servers, so they became inaccessible when those servers were taken offline.

At no time was this security issue caused by a hacker. It was due to the same servers that went offline.

Now that you know the truth, please SHARE this fact check with your family and friends!

Also, please STOP SHARING fake stories created by fake news / clickbait websites!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!