Catch the hacker the MOMENT they are on your computer!
HTML-код
- Опубликовано: 3 авг 2024
- I was hacked. We are all so sure our anti-virus is protecting us, but what if it isn't?
Here is what you need to do!
🚨 60% Discount 🚨
GET 60% off System Mechanic Ultimate Defence: geni.us/SearchRecover
Have you taken the split second it takes to hit the SUBSCRIBE button YET?
ruclips.net/user/LironSege...
How to disable images in Gmail:
support.google.com/mail/answe...
How to disable images in Outlook:
support.microsoft.com/en-us/o...
#TheTechieGuy
Need to get faster wifi and faster internet? Is your gaming lagging and your zoom buffering? What is a Mesh WiFi and WiFi 6?
I show you all you need to know about faster and better connectivity with the best router settings, wifi optimization, wifi tips and internet bandwidth performance tricks and even boosting speed apps.
My name is Liron Segev, aka TheTechieGuy, and I make tech simple for everyone to understand - I answer your technology questions making so you are more productive more efficient, and getting more out of your phones, gadgets, and apps
Liron Segev aka TheTechieGuy
TheTechieGuy.com
FYI: As an Amazon Associate I earn from qualifying purchases
00:00 I got hacked
00:13 What is a honeypot
00:55 How to set up a honeypot to catch hackers
04:35 How to recover deleted files
06:31 How companies are tracking your email Наука
We have answers from the amazing team about triggering tokens:
Q: Why is the ISP triggering the tokens?
A: CanaryTokens generate a unique HTTP URL or DNS hostname which once browsed to or resolved, makes a connection back to our servers and raises an alert.
The Windows Folder Token makes use of DNS to trigger an alert, and inspecting the downloaded files reveals that we set the folders icon to a remote resource and encode some local system information into the hostname.
Due to the hostnames being unique, Windows will recursively query a Tokens hostname up the DNS resolution chain which usually follows the path of localhost -> local DNS server (router) -> ISP DNS servers -> Root Servers -> Canary Tokens server.
We tend to see multiple alerts happening after a Token is first triggered as ISP name servers cache the query and later refresh that cache for any DNS updates, this causes the Token to trigger multiple times.
The “recent places or quick access” features of Windows can keep the Tokened folder in explorer's sidebar which attempts to preview the document causes further unnecessary alerts.
Our advice: once a Token has initially triggered, you'll have gotten the all-important alert to further investigate; once complete, it's worth swapping out the Token for a new one to avoid later false positives.
Q: Does this work on cell phones too?
A: Yes. It's worth noting however that Tokens are designed to be tripped by their intended applications.The Word Token will require a desktop version of Microsoft Word to trigger
Q: What about Anti-Virus?
A: AV products do sometimes detect and even trigger Tokens in their scans, it's worth hiding Tokens a little deeper in your files. Certain AV programs also offer "sandboxing" services whereby files are uploaded to their servers for safe "detonation" which can end up triggering Tokens multiple times.
Is it possible to translate this into English for those of use who aren't computer geeks.
@@monophoto1 I persoanlly would appreciate a quick video on what you just said Liron , I have a comprehension issue when reading , , Allways understand your Awesome vids , easy to understand and implement into action what you explain , Thanks
@@monophoto1 the dns is the domain, basically it is the acces to the online information, it assings to you an ip, that is like an unique id for your device... the cache memory is like some kind of archive that stores data to be easy to access, the cache triggers the token multiple times so you are supposed to give importance to the very first one... sorry for my english, i dont know if i am being clearly enough..
Homeland, FBI, Google and Windows analytics, Facebook and Amazon trackers, game launchers, Discord, the list goes on and on. Most software these days acts like spyware, but they get on the whitelist and get you to approve permissions.
@@monophoto1 It sounds like there will be so many false triggers as to make the technique practically useless.
hmmm I am seeing several people saying that their own ISP is triggering their tokens. I am looking into why this is happening. I also reached out to Canary Token people to see if they can shed some light. So DONT PANIC - your ISP is most likely not hacking your computer. My guess it is some type of "checks" that is happening at the ISP level. Will keep you updated as I learn more. This is getting interesting 🤔
Same problem here, in 15 minutes got 62 alerts. Not very helpful, unfortunately.
Keep us posted, please!
From the ip addresses and locations through Comcast, it's almost as if Comcast is treating something in the code as a new DNS address and it's passing it around just like DNS propagation. It may settle down after the initial spread, then all you need is to ignore the initial burst, although it would be nice to be able to remove the "hits" from the main list.
You are a living legend Liron.
Thank you so much. I love ur channel and subbed a few weeks ago. Love all ur content and use a lot of it. Thank you for increasing my security
Liron, you're great. I'm so glad I subscribed so that your video appeared at the top of my RUclips viewing list.
appreciate you Brendan!
Liron you're the Best 🙌
Much love 🙏
- Stay Blessed -
🙏❤✌
🔥
YOU ARE Epic!!!
So much valuable info, I'll be watching again! Thank You!
appreciate you being here!
Tech experts gets hacked moment
At least when they get hacked, they explain clearly how to protect ourselves from getting hacked like them.
there are only two kind of people: those who have been hacked, and those who don't know they have been hacked....
@@LironSegev give them time to let what you said marinate they'll get it tomorrow!
You are a star. Thank you . I'm subscribed.
Welcome!
Lots of valuable information brother ,thanks
Glad it was helpful!
Great info as always.
Glad it was helpful!
I would love to see you describe home network security and how to monitor connections and do some tls dissection
wow this is crazy thanks for this man like always you keep giving great information did the email stuff now.
Thanks for the message and hanging out here 👍
This is interesting. Will try this out. 👍🏻
For me still lost, but good that you can help people. Thank you.
No worries!
Great and useful content as always :)
Bravo, brother!
Great info -- AGAIN! Thanks
Thanks again!
So cool. I didn't even know "honey pots" were a thing. Now I have one on my desktop.
ahhh love that!
great information. I created a similar folder and opened it and then checked to see that it has been opened 3 times, once by me and 2 times from two different asian conuntries
Good Info thanx 😃👍
No problem 👍
Thanks for the great info... I will definitely use this !!! Thank You for taking the time to educate people like me. I really like your channel . Please keep up the great work !!!
You are so welcome!
Thanks Liron, good stuff matey !!
My pleasure - thanks for stopping by!
@@LironSegev Its bloody funny you know, I got an email from Hoselink the other day, and I do buy stuff from there and I clicked on the email and it took me to their website. Not long after I got another email from them saying we see you visited our website... ding ding ding, and also wondered how Kogan was doing the same damn thing. and come to think of it a few other websites have really upped their emails that I visit.
Crafty bastards.
I do like to look at the pics to see whats on sale but I don't want to be hit with extra emails... other than turn off the images, is there any other way to look and not get tracked? I use gmail only.
Cheers Liron, I'll be sharing this info around.
I like Honey Pot lol, good stuff.
yeah - thats how they get you...If you enable email images it triggers their system. What you can do is use another email address like DuckDuckGo email system which anonymizes your email address. Apple has one too. And I am sure there are others. So you sign up with these emails instead of your main one. Also use a VPN and put yourself in another country which could cut down their tracking. Finally, there are some plugins that scan through Gmail (I havent personally tested these)
Thanx
Thanks!
Appreciate you being here 🔥
Thanks for another useful video and yes I am a subscriber
Awesome, thank you!
Thumbs up and subscribed!
Thanks Leron. Very apt for Aussie right now.
apt for everyone all the time 😜
Amazing bro!!!!!😮😮😮👍🏽✊🏽✊🏽🎧🎵👏🏾👏🏾👏🏾
appreciate you being here!
I have created the folder and shortcut and put them on my desktop, it will be interesting to see what hits i get. Thanks for creating the very interesting and useful videos.
Hopefully you get nothing which means no one is in your system 😉
I have many of these and just hope I never see an alert. Ever.
Epic... thanks so much
Same I got hacked yesterday
Really like those over the top, exaggerated thumbnails 👌
what a coincidence - me too!
Update: I made the token and I see that my cellphone provider seems to trigger it, now I do not know if cookies do this or a hacker is active, but I did ask them to clarify. Thank you it is nice to see.
Thanks for your expertise.
Any advice for Android phones?
yes
OK, now what do you DO with that information? Can you go after the hackers some way?
Secure your device obviously
I'm your new subscriber, and I love you 😍😍😍😍
Appreciate you
Liron you're a Boss
Thx for the info, but what do I do to stop them from acessing my computer? Do I have to format my pc and install everything again? Keep with your great work, 👍👍
get a good anti virus that has the ability to scan your computer even if it already infected.
Some allow you to create a special boot disk so you can run the scans without actually opening Windows.
That is a good place to start.
Nice! What should I do with the info about the hackers?
report it to your local authorities
Thanks Liron! Honeypot set up.
nice!!! Simple right?
@@LironSegev I got an alert when I shut my PC down and when I woke it from sleep. Running MS safety scanner and windows security scans and researching now. I made sure indexing was off. The src_data is always my PC. Hopefully it is just something innocent doing its thing.
Running file backups that include a tokenized folder will also generate email alerts.
Good call. Anytime anything touches the files it is triggered. So anti virus scan, backups, cloud syncs, renaming the file etc.
@@LironSegev That scares me off. I wanted to place the file and forget it, but your reply here says I will get never ending email alerts from scans, backups, etc. Correct?
What can I do if I catch someone?
You dont
Hi thanks
Hello can I use canary tokens on MacBook Pro or iPhone 13? I see a lot of the tokens are related to windows
MERCI
How long did it take from the time you set up the honeypot until you got results?
I would redirect them to one of the RUclips channels that messes with scammers. LOL
Appreciate the knowledge!
I've subscribed a while back
Appreciate you being here 🔥
Very useful video
Glad you liked it
What if your on a apple ipad which one Would you click on
Hi Liron if im getting these tokens what do I do? I have virus protect and everything is up to date what am I missing thank you so much for your time
There is a file called "desktop" which is a configuration ini file, which i believe i can see because i have windows to show all hidden files, inside the My Documents folder downloaded.
What do I do if someone trigger it? How to I revoke the access they have to my PC??
Thanks Liron. I followed your instructions and immediatly got 8 hits from my ISP?????
yip - see my pinned comment
Amazing video as usual. I tried it and every time i startup my computer ( after i Power down) i get a trigger alert immediately...... every single time I power on my computer. I tried restart as well ( as opposed to power down) and same thing happens , i get an trigger alert as soon a my computer is restarted ( false positives) and sometimes I get many other alerts, all says my VPN ( I have VPN on at all times). I had to remove it.
Is anti-virus worth to keep in computers now in 2024?
I wish there was such on cell phones too.
Nice video Liron , PLEASE I've question to ask .... You said that if I open an email I received if the image load without clicking the image itself it'll notify them that I've read the email...
So I taught it's only when I clicked on the image ?
nope - as soon as the image downloads, it triggers. That's how they know how many people received it, even if you didn't interact with any links.
@@LironSegev Thanks for you reply.
But please how do you mean download? Do you mean download straight to my phone or just the image load up or my email application (GMAIL) ?
This explains it so much better than what my professor did.
haha thank you for the compliment and for hanging out here!
@@LironSegev you’re welcome. Love your content.
Thats awesome. BUT! How we de stop them from taking info are watching and viewing our PC?
there really isnt any confidential info - its a trap. Make sure you have a good anti-virus and use a VPN, dont download cracked software and you should be fine.
Thiojoe made a vid like this and he went over a method that uses logs to detect any access, even if the attacker is not on windows. It would then turn off the network drivers and shut down.
I get it. Could they open a file/folder that uses encryption? Meaning not using bait, but they come across a real file.
Excellent video advice. However, I think I may be getting false positives. I have a new PC. I don't surf in admin, only visit legit known sites, and check links with virus total before visiting a new site or clicking a link I've never used before. I have an up-to-date AV, using Quad9 DNS. I always look forward to being notified of your new uploads.
isnt it strange just how much happens in the background that we are not even aware of? I wonder if its your anti-virus triggering this as it is testing the links?
@@LironSegev Thanks for all the tips and tricks you've offered over the years. My AV.; That was my first thought, I only mentioned it because I'm getting hits from around the world; Ireland, Germany, USA, India, Russia. I'm thinking of trying it in a new local account to see what happens.
Once again thanks for all the tips and tricks you've offered over the years.
Instantly after doing this i got over 50 triggers, all from my ISP.......................
Update: I get a trigger alert approx every 30 minutes from my ISP.
Update 2: I removed it due constant triggers from ISP.
A little confused, Google's options are always see images or always ask, there's no don't automatically download images.
It does say in the link you provided, that Google automatically scans email for potential threats.
So what's the score? 🤔
Hmm...very interesting. Insteading of email, can CanaryTokens trigger a text message?
youve never replied to me but maybe this is my lucky shot. I followed all the directions, but I am not getting any emails and it says my token has not been triggered yet, despite me trying every which way to make it work. Theres quite a few people commenting this but I havent seen it answered. THANK YOU!
WHEN I HAVE A VIDEO ATTACHED TO MY EMAIL I HAVE TO SAVE IT IN ORDER TO PLAY IT. I USE TO JUST RIGHT CLICK ON THE ATTACHMENT AND CLICK PLAY. WHAT DO I HAVE TO DO IN FIREFOX TO HAVE THIS OPTION AGAIN. THANKS
Would this work if I dropped these folders on a Synology server?
Hi - At the 1:50 mark, are you copying the downloaded folder to the desktop or are you moving it? Thanks!
I believe you can do either. The embedded code follows the file / folder.
Liron, I have tried putting the windows folder thingey on two different computers, and I am not getting any emails or trigger alerts on the Canary page under ''manage this token''.
Your instructions are very clear and I followed them directly but still nothing.
Any ideas what Im doing wrong?
did you ever find a resolution? im experiencing the same thing
Could one create something similar in PowerShell?
Why does this process use so much CPU processing power? It seems to bog down down the PC!
Liron , will System Mechanic®
Ultimate Defense help me with the people getting into my computer , like canary is showing , ? Thanks
Yup. I has great detection features
First here to watch and like, am that am always first person. big ups to you big brother 👏
you rock!
Can you explain more about "just by it being in your email and hovering over the link" comment you made? Does this mean even if I don't click the link just hover over it and look at the URL description it is triggering a token to the sender...??? Really appreciate this info!
I, similarly, have an e-mail contact named "Me". Every once in a while I get an e-mail from Me. That way I know if something has gone through my contact list and tried baiting me. It's at least an alert.
nice!
Nice
Don't close the token download page,
First go to that "manage this token",
When you get to the log page for that token (it shows the token ID number),
Copy the URL for that log page and save it to your computer, else if you close that download page, you will lose access to that token history log.
Great comment!
how did they get in?
Getting a lot of hits from _Cloudfare WARP_
what if hackers are using VPN ?
the hackers seeing this video 😧
That would be fun yo put some rickroll
did as instructed but whenever I access this folder, there are no triggers at all
Love your videos with it's plethora of info. I've used IOLO System Mechanic for many, many years now but I've been disappointed with them lately. Not the product but the way they do business. The big one is they have gone to an automatic auto-renewal system and you can no longer login and make changes to your account. Their site will tell you how to login but where they tell you to look, it's not there. You need to call them to do that. IOLO has made changes as of September 2022.
I tried the token site you mention and get this site can’t be reached?
anyway I tried the the fast redirect and slow redirect and could not get my browsers to go through when ever I would go to test them
Thanks for posting. I have question, why after creating the honeypot, I checked on the history, it shows all 14 clicks where various IP addresses show up, some from local and some from out of state. Does someone constantly watching it ? I have no idea.
see the pinned comment where Canary Token explains why this is happening.
The Thunderbird email client for PCs/Laptops refuses to download images by default. They can be enabled each time or permanently for senders the user selects. Some companies don't give you much information, what they want you to see is loaded in the images which are also links. I get lenient, "This was sent from, say, a streaming service I subscribe to, so I'm more willing to allow the images to load. Others, no.
Curious, this upload started at 2:57 into video
Ok
Nice idea, but it doesn't seem to be working for me, nor can I see the "Manage Token" screen. Help me!
It appears to be uneccessarily attracting hackers??
Hello L, I have troubles taking photos using Android smartphone in a way that is acceptable to Mobile Bank App.
Please do UTube video on this subject.
I u go to recent pages opened?
Hey, do you script yo videos??
depends on the video
I tried this, but found that Google triggered the tokens more than 30 times in the first two hours after I installed it. That's not tolerable.
not at all - when you say Google, can you be more specific?
@@LironSegev All I can say is that the the reports all traced the 'hacker' back to a Google IP address in the Washington, DC area.
Will you get notified if this file is copied or scanned by a program like Discord? Let’s say copied to remote location.