LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 03-31-2018, 01:50 PM   #1
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,961
Blog Entries: 4

Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
Anybody heard of Z-shadow?


I was doing some private research into Facebook shadow profiles (you should look them up; they're a horrific violation of privacy) when I came across a site distributing something called Z-Shadow. It's a tool for acquiring usernames and passwords for Facebook, Google and other sites. As far as I can see, it creates realistic "shadow" sites to which phishing emails can link.

Subsequently I found a number of other sites which make Z-Shadow available or describe how to use it. How come sites like this exist? Surely identity fraud and password theft are illegal in in all jurisdictions.
 
Old 03-31-2018, 09:02 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 13,700
Blog Entries: 22

Rep: Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601
And you think the Zuckerborg cares about the law?
 
Old 04-01-2018, 03:19 AM   #3
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,961
Blog Entries: 4

Original Poster
Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
Z-Shadow has nothing to do with Zuckerberg! Facebook is their target -- their preferred target because it contains more data on its hapless users than any other site. Once you have cracked someone's Facebook account, you have everything you need to steal their identity.

The point I was making is that phishing, site cracking and identity theft are crimes in most if not all countries, so how come the police allow these sites to proliferate? Shouldn't they be tracing the people who create and use them and locking them up, along with whoever wrote the software in the first place?
 
Old 04-01-2018, 08:01 AM   #4
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 17
Posts: 5,525
Blog Entries: 20

Rep: Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626
Quote:
so how come the police allow these sites to proliferate?
Location, location, location. Budgets. If danger is involved. Easier to write a traffic ticket. Lot's of reasons.
 
Old 04-02-2018, 03:14 AM   #5
Trihexagonal
Member
 
Registered: Jul 2017
Location: Land of 1000 Nights
Distribution: FreeBSD, OpenBSD and Solaris
Posts: 165

Rep: Reputation: 112Reputation: 112
Quote:
Originally Posted by hazel View Post
Subsequently I found a number of other sites which make Z-Shadow available or describe how to use it. How come sites like this exist? Surely identity fraud and password theft are illegal in in all jurisdictions.
I had never heard of it before but you're right. It's easy enough to find info on using it. Not that I'm interested.

Why is MetaSploit allowed to exist? Man-in-the-middle proxy? Or for that matter, Kali Linux? How much legit "penetration testing" is done with Kali compared to less laudable activities? A very small percentage I suspect.

You can google up numerous .pdf files on just about any form of hacking you can think of and there will always be people inclined to those types of activities. Before there were personal computers there was phone phreaking.
 
Old 04-02-2018, 10:28 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166
Quote:
Originally Posted by Trihexagonal View Post
Before there were personal computers there was phone phreaking.
The WikiPedia article on "Phreaking" is an entertaining read. In addition to the whistles sold in boxes of breakfast cereal, early computers were immediately being programmed to generate the increasingly complex tone signals used by phone networks of those days. Some things just don't change.
 
Old 04-02-2018, 01:45 PM   #7
Trihexagonal
Member
 
Registered: Jul 2017
Location: Land of 1000 Nights
Distribution: FreeBSD, OpenBSD and Solaris
Posts: 165

Rep: Reputation: 112Reputation: 112
Quote:
Originally Posted by sundialsvcs View Post
The WikiPedia article on "Phreaking" is an entertaining read. In addition to the whistles sold in boxes of breakfast cereal, early computers were immediately being programmed to generate the increasingly complex tone signals used by phone networks of those days. Some things just don't change.
I am well aware of Captain Crunch and his genius with a whistle from a box of cereal. But that's only part of what makes up phone phreaking.

Cordless phones used 10 frequencies in the 46MHz range and 10 in the 49MHz range. With a multiband ground plane mounted on the roof they could be picked up for blocks. Baby monitors worked on the same range

Until cell phones came out scanners were capable of picking up signals in the 800MHz range, then they blocked it so you couldn't listen to cell phones. That is unless you had a scanner with dual conversion and picked up images of the transmission at twice the Intermediate Frequency of the scanner. The police also used cellphones to call from car to car if they didn't want something over the radio.

Some local Local law Enforcement in those days used voice inversion to scramble what they didn't want your average Radio Shack Joe to listen to, maybe something like asking another officer for the password for the State Police website. A readily available descrambler hooked to the external speaker outlet inline with an external speaker defeats it and transmissions are heard in the clear. The FBI used a different technology (digital as opposed to analog) referred to as "bubble machines".

Body wires work on the same principal. Anyone set up for it within a couple blocks of the Drug Taskforce could hear it the instant they turned on the wire to check if it was working, make the buy and the dealer was no the wiser. Going to jail, but happy as a clam ATM. A techy fellow might even be able to record such events live.

Or so I heard. I think this is what they were talking about.

Last edited by Trihexagonal; 04-02-2018 at 01:51 PM.
 
Old 04-02-2018, 02:01 PM   #8
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,961
Blog Entries: 4

Original Poster
Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
Phone phreaking was harmless. It robbed the telephone companies of some income but it was really a victimless crime. I don't think there is any moral equivalence with cracking people's Facebook logins so that you can steal their identity (and probably most of their money too). People who do that kind of thing are scum and the police ought to be doing more to take down sites that encourage it.
 
Old 04-02-2018, 09:57 PM   #9
Mill J
Member
 
Registered: Feb 2017
Location: 127.0.0.1 Sweet 127.0.0.1
Distribution: Void, LFS,Tahrpup, Quirky on Rpi and many others
Posts: 848
Blog Entries: 2

Rep: Reputation: 302Reputation: 302Reputation: 302Reputation: 302
Quote:
Originally Posted by hazel View Post
Phone phreaking was harmless. It robbed the telephone companies of some income but it was really a victimless crime. I don't think there is any moral equivalence with cracking people's Facebook logins so that you can steal their identity (and probably most of their money too). People who do that kind of thing are scum and the police ought to be doing more to take down sites that encourage it.
Right but anybody that's stupid enough to "post" that information in the first place.... While I don't support those sites in ANY way(never heard about them until now), I think that the "victims" brought it upon themselves. I mean get real, I don't need to know what you're eating tonight...also where....
 
Old 04-03-2018, 02:05 AM   #10
Trihexagonal
Member
 
Registered: Jul 2017
Location: Land of 1000 Nights
Distribution: FreeBSD, OpenBSD and Solaris
Posts: 165

Rep: Reputation: 112Reputation: 112
Quote:
Originally Posted by hazel View Post
Phone phreaking was harmless. It robbed the telephone companies of some income but it was really a victimless crime. I don't think there is any moral equivalence with cracking people's Facebook logins so that you can steal their identity (and probably most of their money too). People who do that kind of thing are scum and the police ought to be doing more to take down sites that encourage it.
Did I make a moral equivalency to cracking a Facebook account and phone phreaking? Not that I'm aware of, unless my generalization of "those types of activities" is what you meant.

Perhaps it was that you didn't want to address the existence of Kali. Try searching "kali linux facebook hack 2018" and see what Google brings up.
 
Old 04-03-2018, 06:15 AM   #11
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,961
Blog Entries: 4

Original Poster
Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
I suppose Kali is a two-edged sword. It can be used to do a lot of damage, but on the other hand sysadmins of big sites do need a tool to test their server security to destruction. I can't see any white-hat use for Z-Shadow. And the sites that I have seen are frankly criminal.
 
Old 04-03-2018, 06:22 AM   #12
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 16,744

Rep: Reputation: 2473Reputation: 2473Reputation: 2473Reputation: 2473Reputation: 2473Reputation: 2473Reputation: 2473Reputation: 2473Reputation: 2473Reputation: 2473Reputation: 2473
Quote:
Originally Posted by hazel View Post
How come sites like this exist? Surely identity fraud and password theft are illegal in in all jurisdictions.
I was listening to the beeb overnight the other night, and one of the correspondents made the interesting point that Snowden exposed the fact that the governments are using the mega companies to do the surveillance for them. For no cost, and no voter back-lash.
Don't expect a crackdown from the legislators any time soon.
 
Old 04-03-2018, 08:06 AM   #13
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166
Well, sooner or sooner, we're going to have to have both domestic laws and international treaties to define the legal environment of the Internet. It's baffling to me why we don't have such things yet.
 
Old 04-03-2018, 08:39 AM   #14
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Somewhere on earth? Maybe I'm a figment of your imagination?
Distribution: A number of them over the years...
Posts: 1,609

Rep: Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773
Quote:
Originally Posted by sundialsvcs View Post
Well, sooner or sooner, we're going to have to have both domestic laws and international treaties to define the legal environment of the Internet.
Care to tell us how you come to learn of this?

I think the UN already tried to take over control of the Internet and failed.

Quote:
It's baffling to me why we don't have such things yet.
Really? And how exactly are individual country's going to control the Internet? How exactly are individual country's going to be able to take action against a site that's not within it's borders? Why are all country's going to respect a "international treaty", particularly country's that use it for cyber attacks against other country's ?

Let me guess, Russia's completely innocent and it's just the "west" playing silly buggers?
 
Old 04-03-2018, 10:22 AM   #15
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,089
Blog Entries: 5

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
Quote:
Originally Posted by jsbjsb001 View Post
Let me guess, Russia's completely innocent and it's just the "west" playing silly buggers?
Which is in fact a straw man argument.

You've already made the case that the WWW pretty much 'transcends' nation states, in that any state attempting to legislate will only really ever censor (as is already the case in some countries).

So someone appearing to be attacking from e.g. Russia could be pretty much, well anyone and not necessarily state sponsored (or even in Russia for that matter).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ubuntu karmic nis client 'ypcat shadow.byname' works, but 'getent shadow' fails casterln Linux - Networking 1 03-06-2010 01:47 AM
Ever heard of Alinux and HOW do you burn a 800mb CD I've never heard of one BiPolarPenguin General 4 12-19-2006 08:56 PM
have you ever heard? Hedon Linux - Distributions 1 06-01-2006 06:19 PM
LXer: Loan Linux Your Larynx - Let Your Voice Be Heard…No, REALLY Heard LXer Syndicated Linux News 0 01-29-2006 11:03 PM
/etc/shadow- (notice the dash after the word shadow) shellcode Linux - Security 1 09-03-2004 04:54 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 08:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration