HI again gang,
One update regarding the hacking. This is just FYI in case you ever
have to unsnarl this yourself.
First thing they did was set his email to forward to an anonymous
email on outlook. com (that they controlled). They then sent the
’gimme money’ email to all his contacts, then dumped the whole
contact list. The next trick was to set his email so that it would
block anyone not on his contact list. Which was now empty. So it
blocks all email to the account, and forwards everything to them.
The reason this matters: next step was to go to ebay, do the ‘I
forgot my password’ thing. So it sends a reset link to ‘his’ email.
Which they control. 5 minutes later, they’re into his ebay account,
ordering a few dozen pair of Air Jordans, and a couple of laptops.
Ebay smells a rat and shuts them down automatically. (Yay ebay.
Shocking, eh?) They managed to get the block lifted, but then we got
control back a couple of hours later, and nuked the pending
transactions. They also didn’t have access to any way to actually
pay for any of this crud, so nothing got shipped. Net gain: zero.
There are two lessons here:
(A) if they hadn’t gotten greedy and sent the ‘gimme money’ email,
we wouldn’t have figured out what happened for at least a day, as
the only symptom would have been him just not getting email. Not too
uncommon with Yahoo, so he might just have chalked it up to net
troubles for at least a day. The ‘gimme money’ email caused his
phone to start ringing almost instantly, so we knew there was a
problem quite quickly. Wouldn’t have without it.
(B) Two factor authentication. Get it. That way nobody can fiddle
with your account without some sort of alternate channel ID token.
Either a passcode texted to your phone, or some other
non-email-based sort of ID. All of his (and my) accounts now are set
up that way. Makes it much harder to hack into.
We’d just come back from a show, and my suspicion is that his email
password got sniffed from a public WiFi node somewhere on the trip.
“Open” or “Free” wifi connections are unencrypted, which means that
everybody on the connection can potentially sniff all the other
traffic on the network. One way around this is to turn wifi off while
you’re on the road, and force the phone/laptop/pad to use the
cellular network, which is encrypted. (If that’s an option for
So, first thing if this happens to you, check merchant sites like
Amazon or Ebay, to see if that wasn’t the real goal. Change all
passwords, and go to two factor ID if you can. Beware Geeks bearing
the gift of free Wifi.
Hope this helps somebody down the road.
PS. > Back up your contacts to your local computer periodically. In
fact, just back everything up. Often. Do it now while you’re
thinking about it. If you want a good offsite backup service, I use
Crashplan .com. I’ve been very happy with them. About $100/yr for
unlimited space, and heavy encryption.