digg

Facebook Connect Join Digg About

Scammers take Web-mail hostage

news.com.com — After a visit to a cybercafe a Hotmail user returned to an empty Web-mail account, except for a note demanding payment for the return of e-mail and address book, a security firm said Monday.

Who dugg this? Made popular Dec 13, 2006

Add a friend

submitted by

fatmike Dec 12, 2006

351 diggs
digg

40 Comments

BrokedownPalace, on 10/12/2007, -0/+30Is it the cybercafe right down the street from that bar? I know it too!
rikardos, on 10/12/2007, -0/+18don't think this helps if you use keylogger
brendanc, on 10/12/2007, -0/+17a hardware keylogger will take keystrokes before they get "encrypted"
brendanc, on 10/12/2007, -2/+14Gmail, hotmail, yahoo... doesnt matter.. a keylogger will still take your info.
inactive, on 10/12/2007, -0/+9@ Doublez - leaving it logged in or out wouldnt make much difference if the guys that work there put a keylogger on the computer anyway.

Also if you use Gmail, then you would most likely be in luck if this happens, because as far as i know, Gmail Keeps all information even when you delete it.
Mugsleymug, on 10/12/2007, -0/+5i own a netcafe. I havnt yet found a keylogger running on one of the machines, but we don't get all that many clever customers so I don't really expect to see any anytime soon.
inactive, on 10/12/2007, -1/+6Perhaps if you think about it for a few seconds, Alpha, you would realize there are quite a few ways of gaining access without having someone leave their account logged in
nogami, on 10/12/2007, -0/+4There was a good technique that someone mentioned a couple weeks ago for helping to foil keyloggers on possibly insecure terminals.

Basically it was "click" the password field, then type a character of your psw, then click outside the password field on the screen and type a few more letters/vowels/numbers, then click inside the field and type another character, then click outside and type a few more characters, and so on.

So if your password is "dog%cat", what they would see on their logger is something like "jimdl6moe4g7nqi%opclmyakt". The characters are all there, but unless they know exactly which characters are used in your password, they're out of luck (if they clue in that you're using english, for example, they could possibly "de-clutter" it with a dictionary attack to highlight possible english words, so it's a good idea to add a bit more randomness).
dacheetah, on 10/12/2007, -0/+3Obviously you don't realise that logging out does almost nothing to protect you.
A keylogger would get you as soon as you log in, and wouldn't care if you log out afterwards. In an internet cafe it wouldn't be hard to install a hardware keylogger, even an invisible one. (If could be mounted INSIDE the keyboard if the owner of the netcafe is malicious, or if someone knows what model the keyboard is, and replaces it with one in his bag when no-one is looking. Sure it's unlikely, but it's possible)
The best option is buy a laptop, and use that, with HTTPS or other secure connections, and just incase, don't type your passwords when anyone (or anything, cameras and the like) are watching...
SmileyChris, on 10/12/2007, -2/+5Of course HTTPS is a good start, but it isn't going to protect you from keyloggers running on cybercafe machines.
Ajajadude, on 10/12/2007, -0/+2Yet another reason why you want to back everything up, even e-mail data.
affanjam, on 10/12/2007, -1/+3On screen Keyboard FTW
centinall, on 10/12/2007, -0/+2how would this prevent keylogging?
simonbp, on 10/12/2007, -1/+2Better yet, a portable OS on a USB stick. Damn Small Linux is pretty good for that. That way you can boot any machine into a known clean state and do your work without fear of keyloggers, etc.
jlebrech, on 10/12/2007, -0/+1Something like this?

http://www.thinkgeek.com/gadgets/security/5a05/

No matter what OS you use, if it has ps/2 then you're screwed.
invader, on 10/12/2007, -0/+1ok...

hardware keylogger -> on screen keyboard
packet sniffing -> tor+privoxy
browser plug-in and/or software keylogger -> case-by-case, but more difficult to circumvent.. you could always just bring in a linux boot cd or usb drive (and still use the previous two techniques)

just hope they don't have their machines locked down as much as they, well, should..
foobarra, on 10/12/2007, -0/+1so... the question begs to be asked: Where did this (not so well spoken) attacker store the contacts and messages to be ransomed?

Contacts -> Select All -> Delete?
Inbox -> Select All -> Forward?
Sent Mail -> Select All -> Forward again?

nah... they just deleted everything...

Change your password and move on. Better yet, it is a Hotmail account, just get a new one. Take your own laptop next time, and learn about VPN's.
Arramol, on 10/12/2007, -2/+3And flaming everyone who uses a certain acronym ISN'T inane?
inactive, on 10/12/2007, -0/+1They didn't hijack the account. The victim could still log into her Hotmail account. The ***** deleted all her e-mail and contacts (and presumably saved them so he could give them back to her later) to blackmail her into paying unless she wanted to lose all her contacts. At that point, there is nothing that Hotmail could do unless they backed up all accounts
jer2eydevil88, on 10/12/2007, -0/+1This is more of an example on why using Linux off a Pen Drive is such a good idea. It'll stop those pesky software keyloggers if not confuse the hell out of the hardware kind (do some software keybinding to remap the order of your keys).

http://www.althack.com/index.php?option=com_content&task=view&id=24&Itemid=27
CptCarnage, on 10/12/2007, -0/+1You know I have a hard time with this. Who would pay to get the data back? Seriously! How important is your email and your contacts? Just change the account password and start from scratch.
brendanc, on 10/12/2007, -3/+3How do you know that the person didn't log out?
eFiniTi, on 10/12/2007, -1/+1Isn't getting your account back as easy as answering your security questions?
dacheetah, on 10/12/2007, -1/+1The thief didn't change the password, he backed up the emails and contacts, and then deleted the originals...
The email account still works, but the list of email addresses the person sends mail to, as well as all the mail they have sent and recieved is gone.
Good thing that I have a copy of both at more than one location. (setting gmail to auto-archive, and forward all mail helps with this, every email I read with thunderbird is also sitting on a google server somewhere, so if I never lose my gmail details, it doesn't really matter what happens to my other emails and contacts...)
invader, on 10/12/2007, -1/+1@ascott9

I might recommend NetworkActiv PIAFCTM.. Pretty good filtering on content and for IPs. You can ignore your own packets or target a specific computer by IP. Or you can just sit back and listen to everyone while plucking any packet that contains "password=" right out of the air.

I've gotten loads of passwords at local coffee shops.. mostly myspace, which can be fun, because you get to give security advice to hot chicks every now and then.. :-)
dacheetah, on 10/12/2007, -1/+1Better yet, don't use that crap, when any secure (HTTPS or the like) connection would do just as well. And most webmails will let you log in using https. Encrypting the entire stream isn't going to help much when the important stuff is already encrypted properly. There are plenty of other ways (such as keyloggers) to get the information.
Hell, it wouldn't surprise me at all if it was one of those emails that was made to look like it came from hotmail staff, requesting that you re-enter your username and password, and the use was just an idiot, who while using "mysecureisp" thought that there was no way that human error could ever be the easiest way to get sensitive information.
apotropaic, on 10/12/2007, -2/+1keylogger? Thats for people who DONT work there. If you work there you are sniffing every packet and getting info that way.
lenwood, on 10/12/2007, -3/+2What a complete farce! Lets count the mistakes here.

1) the shop owner left the computer logged in as admin, so that users could install programs.

2) the individual was smart enough to log into his email from a public terminal.

3) the "robbers" hijacking a Hotmail acct for money? What complete moron would even try this? Not a bank account, but an email account? A webmail account at that! Ha! Take it! Here, let me give you my Yahoo and Gmail accts, too. Its all SPAM, jerks!

Its worth noting that if this system had been running Linux, the chances of this same thing happening would have been significantly less. The hackers would have had to find a keyboard logger written for Linux, and they would have had to have known the SU password.
KniteWulf, on 10/12/2007, -3/+2@broomett

I've long since made the transition to Facebook. And learn to not judge age by the use of acronyms that are pretty popular. If I said rofl or lol or even wtf, would you still consider me 12, despite the fact that I'm 16? Next time, don't assume what you don't know.
britkev1, on 10/12/2007, -9/+5This is a good reason to use portable apps on a USB stick.
gmprunner, on 10/12/2007, -6/+2'tards.
DOUBLEz, on 10/12/2007, -14/+9I think I know which cybercafe this happened in, and I know that the guys that work there are total dicks, they fell they know more than anyone else I am sure it was one of them who did it, you better be careful text time never ever leave your computer away and logged on.
inactive, on 10/12/2007, -7/+2affan...check out MySpace. You will be more in your element with hte other 12 year olds who continue to use inane acronyms WELL after everyone else has stopped.
ascott9, on 10/12/2007, -6/+1how can you sniff info going over 802.11b. That could be fun.
showgun, on 10/12/2007, -7/+2Smells like garbage.
talledega500, on 10/12/2007, -7/+1Would not have happened had he used http://www.mysecureisp.com
KniteWulf, on 10/12/2007, -9/+2Gmail FTW. And why was Microsoft being queried? They had nothing to do with this.
inactive, on 10/12/2007, -9/+2Knite...check out MySpace. You will be more in your element with hte other 12 year olds who continue to use inane acronyms WELL after everyone else has stopped.
AlphaMack, on 09/26/2008, -11/+1There is this great thing called logging out. Perhaps this person should try it more often. It's too bad that I know plenty of other people who leave their webmail logged in on public machines.
inactive, on 10/12/2007, -13/+1lol, 0wn3d. Always use encryption! HTTPS is your BEST FRIEND! Take it from me, it is like shooting fish in a barrel to sniff plaintext passwords going over open 802.11
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

Site Links: Home; Take a Tour; Search Digg; Digg Mobile; RSS Feeds; Popular Archive

Help: Frequent Questions; How Digg Works; Report a Website Bug

All About Digg: About Us; Contact Us; Community Guidelines; The Digg Blog; Digg Townhalls & Meetups; Jobs at Digg; Advertise on Digg; Diggnation Podcast

Digg Store: Get hats, shirts, hoodies, stickers, and more at the Digg Store.

Digg Tools & API: All Digg Tools; DiggBar Tools; Firefox Toolbar; Twitter Feeds; Add Digg to Google; Netvibes Widget; Integrate Digg Buttons; Digg Badges; Make a Digg Widget; API for Developers

Digg Dialogg!: Digg Dialogg lets you choose the questions.

Digg Labs: Get a real-time view beneath the surface of Digg.; Digg Labs Home; Arc, Swarm, Stack, Bigspy, Pics

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.