During the recent weeks i see that there is a trend on the Moroccan Web community about Maroc Web Awards, so I took a look on the leaderboard of some of its categories, but i noticed that there is something suspicious with the ongoing votes over there ...

As any Facebook votes-based contest, there is always some predators (aka. Cheaters) looking to get the prize with the easiest and the trickiest way possible ... It might be a trophy (social status), a smartphone or even holidays to some nice places (Yeah, If you are reading this M.T. i know how you cheated on other contests).

Well, a big part of those cheaters are a bit tech-savvy, most of them are script-kiddies, but they know how to trick the votes system just by using "valid" credentials and Facebook accounts to get ahead on the leaderboard.

I checked some of local social contests, and of course i debugged with one of my friends (C.G.M), and we managed to get that you can easily trick the system by just using a simple HTTP requests replay attack.

My small experience i had with managing and monitoring votes of a middle sized Facebook contest helped me to know how cheaters think (well, at least the ones who participated at this contest), and most importantly to learn how to stop them from getting their undeserved prizes ... so, if you are interested to join the Justice League, please feel free to follow my recommendations (Unfortunately i can't mention all of them publicly ...):

- Track every single vote separately

Just for analysis purposes, see Votes Analysis.

- Votes must be protected with a Facebook App to check the identity of the user

By using a Facebook App you are forcing the user to be connected to his Facebook account in order to ensure that the vote came from a "trusted" Facebook user with a token validation of course.

- Protect vote requests with CSRF Tokens or just a simple NONCE authentication

It might be an optional step if you trust the design of your system enough, but you can add it in order to avoid the replay HTTP attacks and "stolen" votes from other users. [Read more: Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet]

- Don't base your votes only on Facebook likes

If you would like to wake up with a Facebook notice message on your Facebook developer's inbox which tells you that your app is suspended (if you are lucky enough, your account as well), then you can go with Facebook likes, otherwise i really recommend you to separate the votes completely from Facebook and use your own voting system so you can customize it with your own needs and requirements and also to have the ability to study and analyse votes as well to detect any unusual behaviour.

- Retrieve maximum information about the voter (You should mention this in your Participation Terms and Conditions)

You can get the name, the country and city of origin of the voter in order to strengthen your assumptions and have valid proofs about those cheaters.

You can also get the browser's properties and also other detailed informations (I can't mention all of them here unfortunately :\ ).

- Voter informations must be retrieved on the server, not send with the vote request:

It's just a dumb thing to mention or to tell good developers about, but unfortunately i saw it on a popular local brand Facebook's contest ... I thought maybe it's not a big deal to tell people who aren't aware of this to change their thinking ... or maybe even their job if they are experienced and do this mistake ...

Votes Analysis

The measures i mentioned above are just our first line of defence to eliminate major threats, the big work to detect and the accuracy of our investigations depends on the processes that we will define:

1 - Spot the potential cheaters:

If you notice the gap between the first 1-6 participants and the others on the leaderboard is huge, especially after a short amount of time, this is a red flag that you need to check and start your investigation.

[ Paypal's Command Center ]

2 - Check the origin country of the voter [Facebook's origin vs IP's origin]:

One of the main reason to do this is to check if the users who votes for a specific user (or any other related entities - Song, Picture etc ...) are really within the geographical scope of the targeted audience of the contest and also if their votes origins (IP) really match their Facebook country of origin.
Most cheaters use low value accounts from India, Pakistan, Malaysia or other countries that don't necessary match the geographical target of the contest.

3 - Study and analyse the behaviour of the voters

Some of those cheaters use keyloggers (or other techniques) to collect passwords of a specific targeted audience (ex: Morocco) and automate the process of voting by using tools that are already available online, you can use Captchas to avoid this, but unfortunately they can be bypassed as well, but you will make it harder for your users from a UX perspective and also for the cheaters from the technical part.

In order to detect those kind of unusual behaviours you might notice a small (or static) time delta between votes during some peak periods, multiple votes coming from the same origin IP to the same user, repetitive browser's properties etc ... All those signs will push you to start cleaning up your competition.

4 - Compare previous banned users with potential cheaters

Just analysing behaviour might not always give clear results to make a decision you are 100% sure about, especially if you came across a smart guy, but you will always find some missed areas he didn't think about.

For example, you can use some Social Network Analysis to get a clearer view about the votes you can't detect easily by just reading metrics:

As you can see, this graph represents the votes made during the whole contest, who voted whom, and a constructed view about the network, communities involved etc ...

What pushed me to use this methodology is that I suspected the behaviour of a user, after investigating his voters, i couldn't catch any rightful proof about him from the usual checking, even if there were some fraudulent votes based on the criteria i defined before, but not big enough to use them as a legit proof ...

So I decided to generate the graph using Gephi (Visualisation Software), and TADAA ! : The voters who voted this guy already voted two previously banned users ...

This is just a small example on how you can use SNA in fraud detection for example, even though i believe that there is some other ways and techniques i'm not aware of, if you have any insights about them, maybe you can suggest them in the comment section or give me a hint on my e-mail ayoub@4ts.io.

I will talk more about subjects that involve Social Network Analysis in some of my upcoming posts Expand your LinkedIn network in a Smart Way, feel free if you have any ideas or topics that could involve it.

With the evolution and the increase that we see every couple of years in term of the bandwidth reserved for our internet connection either on our desktop or mobile devices, the needs of the users evolve and adapt to that change, starting from just consuming lightweight and "text based" content, to more interactive and heavy ones like videos (YouTube, Twitch, Dailymotion etc ...).

I had a couple of projects i did just for fun during some occasions, just to improve my skills set on the video and multimedia part, since the first time i worked on such projects was a while ago ... (If you were a fan of Anime during your teenage years, you would try at least once to translate some Japanese subtitles to another language).

But in the recent months, i noticed that Facebook changed their whole video system, in order to compete with YouTube and gain some market shares by giving more visibility and organic reach to the videos uploaded there than the ones on other video sharing sites.

Facebook made a huge success with video content:

Facebook would have reached $17.45 billion in revenue last year, surpassing its $12.5 billion milestone from 2014 by 40 percent.

[...] Global spending on video ads grew by 41 percent from third quarter to fourth quarter, according to data from Nanigans, a Facebook marketing partner.

Source: Facebook Inc (FB) Q4 2015 Earnings Preview: Mobile, Video Obsession To Drive Company’s Success

Besides the growth that we see in the current time, the expected increase of video content on mobile devices in the upcoming years is not negligible, some forecasts say that 72% of mobile traffic will be video content.

BY 2019, 72% OF MOBILE TRAFFIC WILL BE VIDEO CONTENT [CISCO STUDY]

Viral videos on Facebook & Automation

My obsession to know how things work, and how some pages on Facebook became famous within a very short time just by using videos (Unilad, SoFloAntonio etc ...), made me think: "Does the page owner really open his video editor and edit the video's title, resize the canvas of the original short clip and add his page's watermark every single time ?" ...

The answer might be yes or no ... but my inner decision tree pushed me to say: "Let's challenge this and automate it".

Operation name "Automator"

Just before getting into technical details, just take into consideration that i won't discuss the setup process neither how to type "apt-get install" or "yum install" ... It's just an overview about the architecture of the system and how i implemented it, so it's not really for newbies (Sorry for the Clickbaiting :P).

Automator: Code name "Alpha" (I like fancy words too)

This is just a simple version of the system, i started with this just to create a small PoC.

WebApp : Back-office

The back-office is used to manage the whole inventory of the videos (I used just a SQLite Database for development purposes).

Amazon S3

Used just to store the assets that will be used with the editing, also to store the uploaded and the converted/edited videos to be downloaded later.

Message Broker

Since the process of converting and editing the video is too much time & ressource consuming, it's better to create asynchronous tasks/jobs that will be managed by a messaging broker (ex: RabbitMQ, Apollo ...) to dispatch the load across workers and synchronise between them to handle the tasks needed to be done.

Workers/Converters

I won't talk in detail about the different tasks needed to be executed by those workers (Download, Conversion, Edition and Re-upload), but just take into consideration to separate each task with a specific queue to organise the workload and to make each queue easier to debug (Best practice).

Automator: Code name "TripleS (SmallSaaS)"

Just a small improvement you might want to think about, is to add a hub that manages the webapps by granting them the wanted permissions to communicate with the broker, with credits support if you want to for example.

An optional CDN might help too, but it's not really necessary since latency is not our main concern here, because the results that we will get won't be delivered in a continuous way and to huge amount of users directly from the platform.

"Automator" is alive !

Some screenshots of the beast (Just the back-office part):

Pretty satisfied with the results

Watching a young boy running over his older brother might be priceless sometimes (The watermark is just used for testing purposes):

If something is not clear or if you have any further questions or inquiries, just let me know in the comments section or via e-mail ayoub@4ts.io .

With the threats coming from ISIS and other terrorist organisations around the world, many governmental and Intelligence agencies have started to work on upgrading their surveillance arsenal to help them to monitor their citizens and crackdown on potential and dormant terrorist cells, especially with the emerging technologies and apps that appeared in the recent years. [ CNN Money: An app called Telegram is the 'hot new thing among jihadists'].

After watching a small report made by Vice News about Britain's wiretapping and their "secret surveillance program" i though to myself, maybe i should talk about my home country as well.

Britain's Secret Surveillance (Trailer)

A breach exposed everything

Last year, many administrative documents, source codes and e-mails of the Italian security company "Hacking Team" were leaked, the big surprise is that Morocco is ranked among their most important clients with more than €3,173,550 of their revenues.

We are watching you, but other things might not be our priority

Neither the local newspapers nor online medias did mention Careto's trojan attack that targeted many countries since 2007 until 2014 (Unfortunately it wasn't a sex scandal), with a main focus on Morocco and Gibraltar and other Spanish speaking countries.

This attack was an advanced persistent threat that targeted many public and private organisations, starting from sensitive governmental entities to single activists.

The main targets of Careto fall into several categories:

1. Government institutions
2. Diplomatic / embassies
3. Energy, oil and gas
4. Private companies
5. Research institutions
6. Private equity firms
7. Activists

Careto's full report by Kaspersky (Page: 4).

What is Careto ?

Careto (Spanish for mask), sometimes called The Mask, is a piece of espionage malware discovered by Kaspersky Lab in 2014. Because of its high level of sophistication and professionalism, and a target list that included diplomatic offices and embassies, Careto is believed to be the work of a nation state.[1] Kaspersky believes that the creators of the malware were Spanish-speaking.[1]

Because of the focus on Spanish-speaking victims, the heavy targeting of Morocco, and the targeting of Gibraltar, Bruce Schneier speculates that Careto is operated by Spain.[2]

[Wikipedia: Careto (malware)]

A wake up call came from Twitter

The Moroccan authorities weren't aware of those cyberespionage threats, until an important leak of sensitive documents happened on Twitter by an account named "Chris Coleman" (until now his identity is still unknown), but the first thing i noticed from those documents is that they date from 2007 to 2014, the same period believed that Cerato was active. [#Illuminati #ConspiracyTheory]

ISIS' threats and the ongoing surveillance program

With the raise of ISIS and the expansion of their operations in a global scale, starting from Iraq, Syria to Paris and Indonesia, the profiling of those group members became more and more difficult, especially here in Morocco (it's just an assumption ... I don't work for them by the way).

In the recent months, every like 15 or 30 days we hear that a cell that pledged allegiance to IS planned to make attacks on Moroccan territories was dismantled.

More than 130 "terrorist cells" have been dismantled, 2,720 suspects arrested and 276 plots foiled since 2002, according to Abdelhak Khiame, director of the newly established Central Bureau of Judicial Investigations. [26th March 2015]

[Yahoo News: Moroccan 'FBI' and imam training keep jihadists at bay]

Wiretapping and phone tracking is a common practice in those cases, no matter how "SMART" or "DUMB" your phone is, you are always under surveillance.

But if you do really care about your privacy, you might be interested to call up those people, but i don't think they might help you with Neflix:

Phone Hackers: Britain's Secret Surveillance

Some interesting facts were mentioned in this report, it talks about IMSI tracking and how intel agencies use them to track down and collect data about some people.

IMSI-Catcher Detector

If you are interested to check if there is some fake mobile towers around, and you have an Android phone of course, you can use Android IMSI Catcher Detector:

https://secupwn.github.io/Android-IMSI-Catcher-Detector/

This question will decide what you would do about this: Would you trade your own privacy for your safety and security ?

It has been a while since the last time i coded a Twitter bot, then i remembered that i had couple of bots that were hanging in the wild ...

@Wikiquote Arabic

It was like 2 years ago when i was an active member in Wikimedia Morocco, i created a small Wikiquote bot that tweets quotes extracted from Wikiquote Arabic.

Unfortunately, the original Twitter account (@WikiquoteArabic) got suspended for an "unusual behaviour", but today i decided to bring it alive again under a new name: @WikiquoteArabi ...

What you have to do is just to ask "it" (Honestly, "him" sounds better to me) in Arabic to give you a proverb about a subject that you want to hear about: "حدثني عن الحكمة" (EN: Talk to me about wisdom)

If it couldn't understand the tweet, you can try again with one of the replied suggestions.

@Apolikamixitos للأسف لم أفهم رسالتك, لكن يمكنني أن أحدثك عن الأقوال مثلا. أرسل "حدثني عن الأقوال"

— WikiquoteArabi (@WikiquoteArabi) January 12, 2016

@Benkiration

The Moroccan Prime Minister Mr. Abdelilah Benkirane has an intriguing personality that caught interest of the Moroccan population with his unusual statements, outgoing and un-calculated declarations in the Moroccan political scene, so i decided to create (just for fun) a bot that mentions his most known expressions whenever there is a tweet that mentions his name.

With all due respect to him and his supporters.

Playing with fire might be dangerous sometimes ...

Interesting Twitter bots

Here is a list of the available bots that you might be interested to follow: https://botwiki.org/tag/twitterbot/

If there is any bots i couldn't mention here, please let me know on the comments or send me an e-mail to ayoub@4ts.io.

P.S: I will publish the source code of those bots in the near future.

Apparently, i'm not only the only person who struggles to watch Netflix or any other geo-restricted service especially when you are outside the US ...

One of the simplest and well known solutions is to use a VPN, and by achieving that you need to create a PPP connection directly from your router to your VPN provider, but it might not be the best solution here, especially when you don't really need to use a VPN to encrypt your connection when you are at home, it might not be very practical with streaming services ... unless you don't want your ISP to know what you are watching :P .

Instead of using a VPN that consumes, increases latency and slows your connection, you can use a SmartDNS to access those services.

What is a SmartDNS ?

A smart DNS proxy server is a DNS server that directs clients to a proxy server for an unknown list of websites and services. Access to the proxy and DNS servers is typically available as subscription plans to so-called Smart DNS software and services. These services grant access to websites and services that restrict digital media content availability by region, acting as an intermediary between the client and the website or service. This is accomplished by obscuring the IP address of the client that is often used to verify a user's location.

it alters a device's DNS and intercepts data needed for a device to log in and gain access, so a user can stream or download content which is normally blocked for viewing by people within that region.

[Source: https://en.wikipedia.org/wiki/Smart_DNS_proxy_server]

Why should i use a SmartDNS ?

There is some pros and cons by using SmartDNS, but for entertainment purposes, i guess it's the best option to choose:

Pros:

• Fast Speed when Browsing
• Efficient Unblocking of Sites
• Easy Setup without Any Requirement of Technical Knowledge
• No VPN Softwares available on the SmartTV, SmartDNS is a great alternative

Cons:

• No Encryption Involved
• No Connection Sharing Allowed

Where can i get a SmartDNS ? How should i use it ?

To use a SmartDNS you have just to change the DNS server configuration of your SmartTV by entering the IP of the DNS servers provided by the VPN providers.

Personally, i got a package that includes 2 years of VPN + SmartDNS for about 50$ from PureVPN, until now, it's working perfectly and they have many geographical locations available.

I have the IP address now, How can i watch Netflix Hulu ?

To have Netflix, Hulu or other apps that are available in certain countries, you have to change the region attributed to your TV NOT just the IP.

Thank you Samsung SmartHub.

By default, during the setup of your SmartTV, your country is automatically attributed to your TV (I don't know if it's factory based or detected from the internet connection). You can follow here those steps to change it:
https://support.unlocator.com/customer/portal/articles/1244175-how-to-change-region-on-a-samsung-smart-tv

Warning:

You will have to reset ALL your apps, ONLY the apps available on THAT region will be available, you might lose some apps your are using right now.

After changing the region and completing the setup, you need to install the apps you want from Samsung Apps.

Setting up Samsung Smart TV

1. Open "Settings"

2. Select "Network"

3. Select "Network Settings"

4. Click "Start" and wait for the test complete

5. Click "IP Settings"

6. Change "DNS Mode" to "Manual"

7. Fill "DNS Server" field with the value from the table below and click "OK" (Those are PureVPN SmartDNS servers):

   • Primary DNS: 107.168.129.2
   • Secondary DNS: 46.23.70.70
   • Click "OK" to apply the Network Settings

Add your IP to SmartDNS on PureVPN

1. Get your public IP from http://ipecho.net/plain
2. Add it to your account:

1. Chill !

I have a dynamic IP and i don't have Windows

I created a small bash script that helps you to update the public IP associated with the device where the script was run, you can add it to your cronjob to update SmartDNS entries periodically.

In the end nothing is better than:

Netflix & Chill

Someone who understands you (I'm talking about Pandora here)

Occasional shows