Cyber Crime

[A Nonny Moose 8,261]

FBI goes international.

One of the disfeatures of the world wide net is that not everyone is well-intentioned. I haven't had anything funny happen, but if you have the link is in the article.

  Edited November 10, 2011 by A Nonny Moose  

[Ocram's Razr 963]

Spam is technically a crime but that is the only thing that ever happened to me, besides some adware and my laptop caught a couple viruses before I discovered anti-virus software (though it is broken now).

[Duke87 1,070]

As anyone who makes significant use of the internet, yes, I have caught stuff in the past... though not in quite a while. I've taken steps over the years to make my browsing safer and it seems to have paid off.

That, and I suppose the more experience you have, the fewer tricks you fall for.

[Alejandro24 575]

Fortunately I've never been a victim of the cyber-crime. Actually one of my oldest acounts, hotmail, since 2002, is still active and nobody has hacked or cracked it. I don't know why, I've never been a victim. Also I know how to defend my computer.

[hamsterTK 93]

A perfect thread to share the news about how Steam recently got hacked. If you have bought any games and have a credit card tied to it, they suggest being vigilant. Its hoped the hackers didn't actually get the numbers, but technically they could have given the breach.

[jacksunny 741]

I have. Someone once gained access to my e-mail account and sent spam to everyone in my contacts. That sucked.

[A Nonny Moose 8,261]

^ Happened to my daughter on Hotmail. I don't use public mail systems, but only the service supplied by my ISP. They keep getting invaded but no one succeeds in cracking them. They have a rather vigilant and good guy. We have had a few phishing expeditions (I had one the other day), but beyond that, nothing much.

[jacksunny 741]

ARGH it just happened again today

[Easy Bakes 253]

ARGH it just happened again today

change your password. to something random

[jacksunny 741]

ARGH it just happened again today

change your password. to something random

Done.

[Easy Bakes 253]

ARGH it just happened again today

change your password. to something random

Done.

in a week change it back to something you can remember.

[hym 358]

ARGH it just happened again today

change your password. to something random

Done.

in a week change it back to something you can remember.

To be bluntly honest, if someone has hacked into your account, the question you should be asking isn't how to keep them out in the future. The question to ask is "Is it absolutely necessary for me to maintain this account?" If the answer is anything other than "yes", you need to trash the account and start over.

Once your account has been successfully hacked, it's often easy for them to get back in again later, even if you've changed the password and taken other precautions.

Always remember: Security isn't something that you achieve and then leave it alone. Security is an ongoing state of mind that recognizes that the threat is always changing, so the security measures must always be changing. There is no unbreakable fortress.

Personally, all my really important passwords are the result of random hash generators. When I get some time to tackle the project, I'm eventually going to build as close as I can to a one-way function, then use that to generate all my passwords. (Quite naturally, it's illogical to assume that all those passwords can be remembered, so the ones that have to be stored are stored in a hidden, encrypted vault protected by more random hash passwords.)

[Easy Bakes 253]

Hackers are lazy.they will move on to other accounts that have been hacked if you change your password and they cant use it anymore.

[hym 358]

Hackers are lazy.they will move on to other accounts that have been hacked if you change your password and they cant use it anymore.

Hackers frequently aren't lazy; many of them are incredibly bright, well-educated, highly philosophical, and incredibly motivated. (And they aren't snotty nosed teenagers in their mom's basement.)

Furthermore, even in the cases of the lazy ones, they are frequently running very powerful hacking programs that allow them to just about never leave the couch and wreak havoc on hundreds of thousands at the same time.

And who said changing your password actually locks them out of your account? There are more ways into the house than just walking through the front door.

[IDS2 3,344]

And who said changing your password actually locks them out of your account? There are more ways into the house than just walking through the front door.

Precisely- there's the brute-force method, the dictionary attack, and all the password hash stuff. I remember in junior high when some kid was putting keyloggers in the library computers...he got in some pretty deep doodoo and I don't know what happened to him.

Sometimes I question the merit of periodically changing my password. Back in elementary school, I remember Runescape being all the rage - myself included. I had a friend who had put what was, in retrospect, an excessive amount of time into his character and, as a result, was very careful about keeping his account secure and making sure to change his password every now and then. He still got hacked somehow, which goes to show that even being extra cautious doesn't always stand a chance against someone with plenty of motivation and enough know-how.

Of course, common sense is a big part of being secure. I've been receiving a nice steady stream of 419 scams this week. Check out this super cool letter I got this afternoon:

-------- Original Message -------- Subject: CONGRATULATIONS DEAR FRIEND/// Date: Thu, 10 Nov 2011 04:15:12 +0800 (SGT) From: DR. FRANKLIN JOSEPH <custmercareinstruction@gmail.com> Reply-To: drfraklinjoseph@yahoo.com.vn To: undisclosed recipients: ;

ATM Master Card Delivering Department.

(UNITED BANK FOR AFRICA) Benin Republic.

DR.FRANKLIN JOSEPH,

Telephone: +229-991-614-68.

Email (drfraklinjoseph@yahoo.com.vn)

Urgent Attention,

DR.FRANKLIN JOSEPH, from office of ATM Swift Card Department (UNITED BANK OF AFRICA) We knew is very difficult for you to understand because you have been long time waiting for your ATM Card all the time yet things didn’t work out to your expectation but you have to understand that your file has not gotten to this office, then Beside most CARDS are being sent through African and after much investigation it was resulted that 95% of the ATM CARD was not Good which is the reason the card could not being use. To this effect, the appropriate authorities (Economic Community of West African States of African and American Government) has decided not to deliver CARD to foreign clients through African anymore due to a lot of complains that beneficiaries are not receiving their payment after fees has been paid .

This office want you to understand that everything is in order, Economic Community of West African States and American Government have agreed for you to receive your fund (ATM Master Card) through our (UNITED BANK FOR AFRICA) and you are to contact this office immediately for the release of your ATM Master Card with your full information to enable us covers the insurance coverage and please include copy of your identity for proper reprogramming and activation of your CARD PIN Number to enable you have access of withdrawal immediately you receive your CARD.

You are advised to include the followings below:

(1).Your Full Name,

(2).Your Country,

(3).Your City

(4).Your Direct Telephone Numbers,

(5).Your Direct Office Phone Numbers,

(6).Your Mobile Phone Number,

(7).Your Correct Home Address,

(8.)Your Office Address,

(9).Your Current Occupation,

(11).Your age ,

(12).Your Gender,

(13).Your Next Of Kin Name,

(14).Your Next Email Address,

(15).Your Next TelePhone Numbers,

(16). Your Socail Secutrity Numbers,

This is to inform you that you we have done and concluded all the necessary arrangement for your payment worth of $15.8USD (FIFTHEEN MILLION EIGHT HUNDRED THOUSAND UNITED STATES DOLLARS) which have to be pay to you through (UNITED BANK FOR AFRICA) ATM Master Card.Finally, you are being legally contacted regarding the release of your long awaited fund. After a detailed review of your file, the United Nation Monetary Unit, World Bank and the US Homeland Security Department has been Authorized to release your ATM MASTER CARD immediately. The sum of $15.8USD has been approved in your favour via (UNITED BANK FOR AFRICA) desk. Quickly get back to me for more advice.

PLEASE Call +229-991-614-68. And REPLY DIRECTLY TO THIS EMAIL (drfraklinjoseph@yahoo.com.vn)

Thanks for Your Co-operation.

DR.FRANKLIN JOSEPH,

ATM Master Card Delivering Department.

(UNITED BANK FOR AFRICA) Benin Republic.

Telephone: +229-991-614-68.

Email (drfraklinjoseph@yahoo.com.vn)

Rule of thumb: if it seems too good to be true, it is. I've been receiving these as long as I can remember, so now the most I get out of these is a good laugh, but I sincerely worry about the person who only knows enough about computers to send an email or Google something. The trouble with internet communication is that without hearing a voice or watching lips move, detecting something fishy is much more of a guessing game. If you've never met the person you're dealing with on the other end, how are you supposed to know if they're not interested in following the rules?

  Edited November 18, 2011 by IDS2  

[A Nonny Moose 8,261]

And who said changing your password actually locks them out of your account? There are more ways into the house than just walking through the front door.

Precisely- there's the brute-force method, the dictionary attack, and all the password hash stuff. I remember in junior high when some kid was putting keyloggers in the library computers...he got in some pretty deep doodoo and I don't know what happened to him.

Sometimes I question the merit of periodically changing my password. Back in elementary school, I remember Runescape being all the rage - myself included. I had a friend who had put what was, in retrospect, an excessive amount of time into his character and, as a result, was very careful about keeping his account secure and making sure to change his password every now and then. He still got hacked somehow, which goes to show that even being extra cautious doesn't always stand a chance against someone with plenty of motivation and enough know-how.

Of course, common sense is a big part of being secure. I've been receiving a nice steady stream of 419 scams this week. Check out this super cool letter I got this afternoon:

-------- Original Message -------- Subject: CONGRATULATIONS DEAR FRIEND/// Date: Thu, 10 Nov 2011 04:15:12 +0800 (SGT) From: DR. FRANKLIN JOSEPH <custmercareinstruction@gmail.com> Reply-To: drfraklinjoseph@yahoo.com.vn To: undisclosed recipients: ;

ATM Master Card Delivering Department.

(UNITED BANK FOR AFRICA) Benin Republic.

DR.FRANKLIN JOSEPH,

Telephone: +229-991-614-68.

Email (drfraklinjoseph@yahoo.com.vn)

Urgent Attention,

DR.FRANKLIN JOSEPH, from office of ATM Swift Card Department (UNITED BANK OF AFRICA) We knew is very difficult for you to understand because you have been long time waiting for your ATM Card all the time yet things didn’t work out to your expectation but you have to understand that your file has not gotten to this office, then Beside most CARDS are being sent through African and after much investigation it was resulted that 95% of the ATM CARD was not Good which is the reason the card could not being use. To this effect, the appropriate authorities (Economic Community of West African States of African and American Government) has decided not to deliver CARD to foreign clients through African anymore due to a lot of complains that beneficiaries are not receiving their payment after fees has been paid .

This office want you to understand that everything is in order, Economic Community of West African States and American Government have agreed for you to receive your fund (ATM Master Card) through our (UNITED BANK FOR AFRICA) and you are to contact this office immediately for the release of your ATM Master Card with your full information to enable us covers the insurance coverage and please include copy of your identity for proper reprogramming and activation of your CARD PIN Number to enable you have access of withdrawal immediately you receive your CARD.

You are advised to include the followings below:

(1).Your Full Name,

(2).Your Country,

(3).Your City

(4).Your Direct Telephone Numbers,

(5).Your Direct Office Phone Numbers,

(6).Your Mobile Phone Number,

(7).Your Correct Home Address,

(8.)Your Office Address,

(9).Your Current Occupation,

(11).Your age ,

(12).Your Gender,

(13).Your Next Of Kin Name,

(14).Your Next Email Address,

(15).Your Next TelePhone Numbers,

(16). Your Socail Secutrity Numbers,

This is to inform you that you we have done and concluded all the necessary arrangement for your payment worth of $15.8USD (FIFTHEEN MILLION EIGHT HUNDRED THOUSAND UNITED STATES DOLLARS) which have to be pay to you through (UNITED BANK FOR AFRICA) ATM Master Card.Finally, you are being legally contacted regarding the release of your long awaited fund. After a detailed review of your file, the United Nation Monetary Unit, World Bank and the US Homeland Security Department has been Authorized to release your ATM MASTER CARD immediately. The sum of $15.8USD has been approved in your favour via (UNITED BANK FOR AFRICA) desk. Quickly get back to me for more advice.

PLEASE Call +229-991-614-68. And REPLY DIRECTLY TO THIS EMAIL (drfraklinjoseph@yahoo.com.vn)

Thanks for Your Co-operation.

DR.FRANKLIN JOSEPH,

ATM Master Card Delivering Department.

(UNITED BANK FOR AFRICA) Benin Republic.

Telephone: +229-991-614-68.

Email (drfraklinjoseph@yahoo.com.vn)

Rule of thumb: if it seems too good to be true, it is. I've been receiving these as long as I can remember, so now the most I get out of these is a good laugh, but I sincerely worry about the person who only knows enough about computers to send an email or Google something. The trouble with internet communication is that without hearing a voice or watching lips move, detecting something fishy is much more of a guessing game. If you've never met the person you're dealing with on the other end, how are you supposed to know if they're not interested in following the rules?

Aha! A WAFL! West Africa Fraud Letter. The Ontario Provincial Police and the RCMP have a joint task force on this, and even have a special web site for reporting new ones. These things are simply phishing expeditions. I got one this morning and simply deleted it. I gather that some hackers go after the mail accounts in an ISP. Speaking with the tech at my ISP, he states that this is a frequent occurrence and that they do everything short of closing to kill these guys off, but some always get through. Quite often these hackers are computer science students trying to see if they can actually do it, but many are like the one cited above and are out and out frauds.

Never, never, never give out any information about yourself to a thing like that above. Neither your ISP nor your bank nor any of your credit card suppliers will ever ask for this kind of information. Why should they? They already have it. This kind of thing is aimed at the naive and gullible, and it is a pity that the law enforcement guys can't get permanently on top of it.

@hym: for a one-way encrypt you have only to look in the published source of Linux/UNIX. Look at Crypt(3). It will give you a start, if nothing else.

[jacksunny 741]

I copied all my contacts to a file on my computer and deleted them all from the Hotmail contact book. Both times they have sent e-mails to my contacts, maybe this will at least stop them from doing that.

[A Nonny Moose 8,261]

I copied all my contacts to a file on my computer and deleted them all from the Hotmail contact book. Both times they have sent e-mails to my contacts, maybe this will at least stop them from doing that.

Jack, doesn't your ISP have a free mail service (included in the fee)? Every one I have used, including Bell, have this and you should use it. You know how vulnerable anything associated with Microsoft is.

BTW, mine will give you up to four mail accounts, some web hosting space, and some private storage.

I also don't use an on-line (per se) mail client. I use Thunderbird which resides only on my machine and all my associated stuff is on my machine behind my firewall.

  Edited November 18, 2011 by A Nonny Moose  

[jacksunny 741]

Jack, doesn't your ISP have a free mail service (included in the fee)? Every one I have used, including Bell, have this and you should use it.

Ours only offers 1 e-mail account which is used by my mom.

[A Nonny Moose 8,261]

Jack, doesn't your ISP have a free mail service (included in the fee)? Every one I have used, including Bell, have this and you should use it.

Ours only offers 1 e-mail account which is used by my mom.

Hard lines. If Hotmail is getting hacked, why not move to something less likely to be a target. Have you looked at gmail?

[Duke87 1,070]

Another policy which is not a bad one is to simply remember that a solid wall is better than a locked door... for instance, it is quite impossible to hack into my online bank account because I don't have one. I physically go to the bank whenever I need to do something with it.

Also, for anyone using Firefox: install NoScript. Blocks all javascipt unless you specifically allow it. Only allow it when necessary.

[A Nonny Moose 8,261]

One of my correspondents has said that you can use your own local client software such as Thunderbird and connect it through a service such as gmail. The service only acts like an intermediate mail pass through, and all your mail details are kept on your machine behind your firewall and virus scanner.

[hym 358]

Also, for anyone using Firefox: install NoScript. Blocks all javascipt unless you specifically allow it. Only allow it when necessary.

The problem with NoScript is that it's somewhat unpredictable. Absolutely every time I have tried to install it, YouTube would never work anymore. Didn't matter if I turned all the security features off or even disabled the plugin entirely, YouTube wouldn't load. Nothing short of completely uninstalling NoScript would get YouTube to work. Once it was uninstalled, YouTube worked again immediately.

I don't know anyone else who has had that problem, but I know people who have had other erratic behavior after installing NoScript, while some people have nothing abnormal happen at all.

[Easy Bakes 253]

Another policy which is not a bad one is to simply remember that a solid wall is better than a locked door... for instance, it is quite impossible to hack into my online bank account because I don't have one. I physically go to the bank whenever I need to do something with it.

Also, for anyone using Firefox: install NoScript. Blocks all javascipt unless you specifically allow it. Only allow it when necessary.

I do that too.

But I do wonder though if your online account is there anyway even if you dont access it.It sort of has to be there if you can sign up to use in within a few minutes.

But even so if its hacked you can get all the money back since it was not you moving funds since you have never used the service at all.

[A Nonny Moose 8,261]

If yous bank is any good, it will use the https protocol and encrypt the link. Mine does. You also have to use an indirect login because they keep moving the actual on-line banking page. Only the gateway knows where the link is today. My bank branch is not even in the same town I live in, but Canadian banks have had any branch banking for years and are pretty good in that area. Of course we have less than a dozen chartered banks for the whole country. Nothing so silly as state banks, etc. They are all huge outfits with lots of money for on-line security.

  Edited November 20, 2011 by A Nonny Moose  

[jacksunny 741]

Most of the time, I use Windows Live Mail on my computer, I just can't when I am somewhere else, such as the Library. I have set Hotmail to always use a https protocol.