Friday, July 8, 2011

Hacked Again!

So yeah. Both my gmail and facebook accounts were hacked again. And this time they made sure to permanently delete any email received since the first compromise. After the last time, I obviously changed my password, and made sure it was a strong(er) password. I don't think they could have brute forced it in only 5 days.

That got me thinking about how they got access. There are few devices that I access my gmail account from, and it's possible that one of those devices is compromised and contains a keylogger. I've used some of these devices since the second attack, and haven't seen a third...yet.

In a fit of paranoia I uninstalled any new apps on my phone but the more I think about it the more I think that is not the avenue for the second attack. We shall see. I'm in a "hurry up and wait" state at the moment.

What I think happened is that for the first attack it was brute forced offline, either from the leak a couple of weeks ago, or from the massive Sony attack, but in that first attack if you remember, they got access to my facebook friends list. It just happens that my mom is a friend and her maiden name is listed. Well guess what my gmail password reset security question was. D'oh!

I've had my gmail account for many years and was a wee bit of a security newb not so long ago -- not that I know everything, but I have learned quite a bit over the past couple of years. I'm sure that way back when I set this account up I had no idea that someone one day could use information obtained from one web site to compromise my account on another.

This is all still speculation as I have not rooted my phone yet so I don't have access to exactly what each app is trying to access, nor do I have access to gmail log files. It could turn out to be a bad app that I downloaded, and they just haven't attacked me again yet, and that while my cell phone could have saved me from getting my identity stolen, it was also the attack vector. We'll just have to wait and see.

Lesson learned... Don't use any security questions/answers that can be easily obtained online by just about anyone, e.g. birth month, mother's maiden name, pet's/children's names, etc...

Wednesday, July 6, 2011

How my cell phone may have saved me from getting my identity stolen

I say may have because I'm not quite sure how much damage was done. I'm still cleaning up. Also I'm not sure what these a-holes wanted.



It all started on a Sunday afternoon. I was sitting at home getting ready to head over to a cookout with my family. I noticed that my cell phone had two "!" icons. I clicked on them and noticed that I was no longer syncing with gmail or Facebook. So I tried logging in again on my phone. . . No luck. WTF?!?

I then tried logging in to gmail on my laptop, still no luck. Well, I knew my password was correct, so I tried resetting my password, and was able to log in instantly. Once I logged in, there was a bright red bar at the top of the gmail layout stating that my account had been logged into from a questionable IP. I'm not sure of the algorithm that google uses to detect this, or even if they have a list, but sure enough, the IP was registered in Italy; and unless there had been a shift in the time-space continuum, I was not in Italy.

I then checked my gmail settings to ensure there were no forwarding rules set up, or any other settings out of the ordinary. Good-to-go.

Next, let's concentrate on what the hell happened to my Facebook account. Tried accessing it using what I thought was my "strong" (not a dictionary word, use different charcter sets, etc...) password, which is different from my gmail password. Sure enough, it had been changed. So I reset that password as well, and also ensured there were no odd email addresses associated with my account (Account Settings -> Email, Account Settings -> Security). Good-to-go.

So how did they hack my gmail account? I have a "strong" (not a dictionary word, use different character sets, etc...) password, so I'm not really sure. There was a breach of thousands of email addresses a few weeks back, but if I remember correctly, only a small percentage of them were gmail accounts. So maybe it was brute-forced. I'm not sure if gmail has an account lockout feature -- never needed to try or look into it. Either way, my accounts had been hacked. DAMMIT!

I checked my spam folder in gmail. . . nothing. Checked the deleted items folder. Hmmm. . . There were two deleted messages about a facebook account password reset. I don't remember doing that. WTF?!? Those sneaky bastards had hacked my gmail, changed the password, then sent a Facebook password reset to my gmail account. Since they now had my gmail password, they were able to reset my Facebook account with the link that was happily provided by Facebook, then delete those messages. Luckily, google never really deletes anything.

From the hacking of accounts to me getting "notified" by errors on my cell phone took about 10 minutes, and another 10 minutes for me to figure out what the hell happened and fix it.

All I know for sure is that they had access to my gmail address book and my facebook friends list for about 15-20 minutes. I have not heard from anyone getting spammed by me, and I haven't received any notifications about other account password resets, so for now I think I'm okay.

But what if I didn't have a smart phone that linked to gmail and Facebook? how long would it have taken me to find out my accounts had been hacked? Hours? Days if I was away from a computer or on vacation? My smart phone addiction paid off for once.

Lesson Learned? Change passwords often, make them long and full of different characters. Don't use dictionary words. And don't ever, ever, ever, use the same password for all of your online accounts. Oh, and keep the smart phone data plan!