Unusual software which was ultra popular last few months amongst Instagram users who’s accounts got hacked, stolen or password forgotten got sealed this Friday by official Instagram security representatives. The tool got its cracking algorithm patched by Instagram’s automatic anti-hacking system after their database got hit by a massive hacking attack of thousands login attempts per second.
Results showed that all IP addressed of attackers came from Russia. And by unbelievable speed of login attacks which was impossible achieve for a human, there was no doubt it’s about a brute-force type of cracking attack. This type of hacking is performed by a special coded software which works together with a text file with thousands of rows of possible passwords users may use for their accounts. It automatically tries each of these password at login page of entered website. In this case Instagram. Software is running all the time until a right matching password is found.
To achieve this successfully, hacker needs to posses a high speed processor inside their PC, and sometimes this process can take days, even weeks, if users passwords are made very strong (complex).
However, many, almost all of todays websites, especially ultra poplar ones, like Instagram, YouTube, Facebook, Twitter etc. are using strong, super expensive security systems which can easily block any type of brute force attempt by blocking user IP address after few unsuccessful login tries. This process is automatic. But in case with “Instagram Password Finder” this didn’t happen.
Russian hackers managed to steal thousands of IG accounts before security system blocked their application from further working. Which means developers who made this Instagram hack tool implemented some kind of “evolved” type of brute-force system which can bypass blocking its IP address.
After making deep analyze by “opening” this tool using special programs to extract its source code, we came to conclusion that is was not about a classic brute-force system used here. But indeed the code inside was enhanced so this hacking application was automatically changing new IP address after every 3 unsuccessful attempts. It was connected in background with a server hosted in Russia too, from where it was draining new IP addresses and throwing them on Instagram login page just like a gun assault rifle bullets from its magazine. In this case the magazine was this special server they’ve built, loaded with IP’s.
The pity is, that idea of creating this app was not supposed hacking Instagram accounts of other people and stealing their online information, but helping individuals to recover back their own accounts of which they’ve forgotten password, or got their accounts stolen. But in reality bad guys will always misuse such tools and use them in wrong manners.
So sealing the tool from further functioning is not 100% sure as good or bad move. However its developers claims they working on recovering back their app and adding strict Terms of Service policy in their website and software installation window, which will legally protect them if their work is going to be misused again in future.