FOAK email hacking

Extreme oddity.

Two people I know had their hotmail/live accounts hacked recently. There
have no shared acquaintances and live in different places. General
nuisance was caused by sending emails that had passed between them to
other people with malicious post editing.

We all hear of individual accounts being hacked but I'm struggling to
imagine how this could happen unless hotmail has a malicious techie?
both claim to have had strong passwords, changed occasionally.

Heard anything like it before?

Do Plod have a cybercrime department which deals with such things: i.e.
not just obsessed with kiddie porn

 

Probably signed up to some dodgy website using the same password as
the email account. I've had a number of emails from acquaintances
singing the praises of dodgy chinese electronics sites using less than
grammatically correct engrish.

Odd that the 'hacker' has just been causing mischief though, they
usually get put to money-making purposes.

No shared acquaintances, other than you? There's a logical conclusion
in there somewhere....

 

No. What is odd is that it's the same behaviour applied to two totally
different hotmail accounts, and that the behaviour is essentially
harmless (when you consider what could have been done). That suggests
to me that it's the same perp, and that the perp is someone who knows
at least one of those people, is quite possibly considered a friend,
and that the two victims have been sloppy with security. Perhaps
logging on with the perp standing by, and the perp memorised one PW
and then managed to find the other.

Yes, but they wouldn't care about this.

 

I rather tripped myself up at the beginning of the email. No shared
acquaintance other than me! But in fact I don't know one of them except
in passing. I'm sure it wasn't me <checks mirror and medication>

But is has just moved on this morning. Looks like it started on one side
of the equation, someone with a grudge who managed to guess a password.
They picked up on the 2nd victim by reading all the 1st victim's emails
I think. But how they gained access to that account is a mystery. I
don't think you can hack Hotmail with brute force.

Perhaps a child's name or somesuch that was mentioned in an email to
victim one.

 

Hotmail is remarkably hard to hack. Yahoo used to be much easier: I
haven't for years. There used to be a Java vulnerability whereby you
could be copied in on all correspondence.

Once you've got one PW, it's remarkably easy to obtain more. It's like
picking a little hole in a sweater: all of a sudden the thing
unravels.

I'd still lay odds that the perp was/is known personally to the first
victim.

 

Well deduced Holmes.

 

Well, uh, duh. But I don't mean that the email addie was harvested
from a guestbook or somesuch.

 

You're obsessxed with bestiality porn too?


--
Beav

VN 750
Zed 1000
OMF# 19

 

It was an ex friend with some sort of grudge. I'm trying to get them to
report it to Plod.

 

Told you.

Waste of time.

 

I've recently seen a demo from one of the security experts in my
company and it's remarkably easy to get peoples email addies.

He set up a free hotspot with a commonly recognised name (call it X
but could be ANY free hotspot such as McDonalds, etc) and because he
used an access point that had stronger signal strength than the
regular access point, PC's automatically connected to his.

In the access point, there was a web server with an identical copy of
the X login page and a link to gmail (for example). Users would go
over to gmail and the welcome page was, again, identical to the gmail
login page. When the user entered the login/password, they were
redirected to the regular gmail page with all their emails, etc. What
users didn't know is that on the gmail login page, they had their
login/password harvested when they hit the submit button.

It's extremely easy to do and really isn't rocket science.

 

Some people *cough* used to do something similar with Yahoo mail (but
not the hotspot) a few years ago. Redirect to an identical login page,
and harvest the username and PW. Incredibly basic stuff, as you say,
and superceded now, but it still works as a technique. And with the
refinement of a powerful hotspot, I can see it working perfectly.

 

The solution to that is to use

https://gmail.com/

It's incredibly basic stuff.

 

I've used a couple of hotspots in cafes abroad for email. In every
case I had to get a password from behind the counter. I'm not saying
that's completely secure, but presumably it's at least safe from the
kind of harvesting you mention here. Or is it?

 

It's safer but you're still not immune. Even so, all a hacker needs to
do is set up an identical page which requests your login/password,
pretends to give you full internet access (without even worrying about
whether the login/password you've been provided with is valid or not)
and carries on doing the harvesting as I described above.

Even if you go to an https page, it's still possible to do the same.
In fact, you'd believe that you're more secure going to a https page
and will worry less about these sort of harvesting attempts.

GPRS connections (whilst not 100% secure) are actually much, much more
secure than bog standard wifi connections.

 

I think you've missed the point.

 

Why do you say that? The way certificate signing with HTTPS works is
specifically designed to prevent this kind of man-in-the-middle attack.
If the access point is subverted you'll get a certificate warning, which
is quite difficult to bypass with more recent browsers.

 

You'd be surprised at how many people accept invalid certificates or
don't look at the details of certificates to check their authenticity.

Most issues can be overcome with common sense.

 

Okay, but tell me, do you check every time when you go to gmail that the
login page is https? And, as I posted elsewhere, people don't always check
the validity of certificates (even if they have a bloody great warning page
pop up).

It's down to education though. But people don't generally receive security
training courses on internet and PC usage.

 

You'd be surprised at how many CERN pages I have to click past an
"invalid certificate" warning...

--
Ivan Reid, School of Engineering & Design, _____________ CMS Collaboration,
Brunel University. Ivan.Reid@[brunel.ac.uk|cern.ch] Room 40-1-B12, CERN
GSX600F, RG250WD "You Porsche. Me pass!" DoD #484 JKLO#003, 005
WP7# 3000 LC Unit #2368 (tinlc) UKMC#00009 BOTAFOT#16 UKRMMA#7 (Hon)
KotPT -- "for stupidity above and beyond the call of duty".