How hacking works - Part 1 - What's hacking
Have you seen a lot of bots join at the same time in a server, then start DMing everyone to offer a crypto scam? Or maybe you've seen an account, that used to be active in a server, come back from the grave and start sending "free nitro" DMs? Are you wondering how they manage to get past server security barriers, be it a reaction role, a captcha, an altdentifier, ... Did you wonder how the accounts they use are 2-3 years old sometimes? They can't have been planning this for so long, can they?
In fact, these hackers use real, authentic discord accounts that they previously took control of. If you want to know how it works, go to the ▶️ next page ▶️.
How hacking works - Part 2 - Grabbing a token
You are probably used to connect to discord with a login and password. When you use them, your discord client asks discord for a token, a big alphanumerical string that can identify you. The token is then store so that you don't have to log in every time you want to send a message.
This is what scammers target. If they can get hold of your token, they'll be able to send messages, send DMs, join servers...
There are a few common ways to grab a token from an existing discord user. You can either get a login and a password, then ask discord for a token. The problem is, if the user has 2FA (two-factor authentication, you should enable that now if you haven't), they will need that code too, so it's not very efficient.
Instead, they will try to steal the token by installing a virus (a token grabber) on your computer. This small piece of code will find the token in your chrome/firefox files for the web version, or in the discordapp files if it can. The token will then be sent to them for use in the next few hours.
How hacking works - Part 3 - Installing a virus
So, you are probably wondering how they managed to install a virus on your computer without you knowing.
The most likely way they used was just sending you the virus in a DM and hoping you'd click it. Maybe you've received a DM that asked you to try a game the random user supposedly created. This game, in fact, is just a loading screen (that will never load, there is no game), and the virus.
Some servers you get invites to, like "5 invites = Free Nitro", will also ask you to "verify yourself" using a special piece of software. You've guessed, that's the same virus as before. (And of course, they will just ban you and not give you nitro)
An example of the game scam:
https://cdn.discordapp.com/attachments/331922010361823233/948182405234163732/unknown.png
How hacking works - Part 4 - How can I protect myself?
Even if you can't do much about these bots (You work at Discord? Please do something, FFS.), there are still a few things you can do to be protected.
First, the golden rule is to never run applications from strangers. If you do, you're probably owned already. You can check a file for viruses on the VirusTotal website.
Then, a very useful thing you can do is to disable DMs from strangers in your discord settings. You can do so per server, so if you're in a few big servers, do it for any one of them. If someone really wants to DM you, they'll send a friend request and ping you in your common server.
Finally, if you haven't done so, please enable 2FA on your account, this might reduce risks in case your password gets leaked. Use a strong, random and different password on every site, and remember them with a password manager (Bitwarden, 1Password, Dashlane, KeePassXC... Most of them have free tiers)
Thanks for reading and for keeping us safe.
**How hacking works - Part 1 - What's hacking** Have you seen a lot of bots join at the same time in a server, then start DMing everyone to offer a crypto scam? Or maybe you've seen an account, that used to be active in a server, come back from the grave and start sending "free nitro" DMs? Are you wondering how they manage to get past server security barriers, be it a reaction role, a captcha, an altdentifier, ... Did you wonder how the accounts they use are 2-3 years old sometimes? They can't have been planning this for so long, can they? In fact, these hackers use real, authentic discord accounts that they previously took control of. If you want to know how it works, go to the ▶️ next page ▶️. --- **How hacking works - Part 2 - Grabbing a token** You are probably used to connect to discord with a login and password. When you use them, your discord client asks discord for a **token**, a big alphanumerical string that can identify you. The token is then store so that you don't have to log in every time you want to send a message. This is what scammers target. If they can get hold of your token, they'll be able to send messages, send DMs, join servers... There are a few common ways to grab a token from an existing discord user. You can either get a login and a password, then ask discord for a token. The problem is, if the user has 2FA (two-factor authentication, you should enable that now if you haven't), they will need that code too, so it's not very efficient. Instead, they will try to steal the token by installing a virus (a token grabber) on your computer. This small piece of code will find the token in your chrome/firefox files for the web version, or in the discordapp files if it can. The token will then be sent to them for use in the next few hours. --- **How hacking works - Part 3 - Installing a virus** So, you are probably wondering how they managed to install a virus on your computer without you knowing. The most likely way they used was just sending you the virus in a DM and hoping you'd click it. Maybe you've received a DM that asked you to try a game the random user supposedly created. This game, in fact, is just a loading screen (that will never load, there is no game), and the virus. Some servers you get invites to, like "5 invites = Free Nitro", will also ask you to "verify yourself" using a special piece of software. You've guessed, that's the same virus as before. (And of course, they will just ban you and not give you nitro) An example of the game scam: https://cdn.discordapp.com/attachments/331922010361823233/948182405234163732/unknown.png --- **How hacking works - Part 4 - How can I protect myself?** Even if you can't do much about these bots (You work at Discord? Please do something, FFS.), there are still a few things you can do to be protected. First, the golden rule is to **never run applications from strangers**. If you do, you're probably owned already. You can check a file for viruses on the [VirusTotal](https://www.virustotal.com/gui/home/upload) website. Then, a very useful thing you can do is to disable DMs from strangers in your discord settings. You can do so per server, so if you're in a few big servers, do it for any one of them. If someone really wants to DM you, they'll send a friend request and ping you in your common server. Finally, if you haven't done so, please enable 2FA on your account, this might reduce risks in case your password gets leaked. Use a strong, random and different password on every site, and remember them with a password manager (Bitwarden, 1Password, Dashlane, KeePassXC... Most of them have free tiers) Thanks for reading and for keeping us safe.