email hacked, i've got thief's IP

Ali B
Ali B used Ask the Experts™
on
hi i'm writing this and i think there is no exact solution. it is kind of sharing ideas. anyway, the story is as following:
two day ago my friend wrote an announcement on facebook that his email has been hacked. and he asked me to do something about it.
I tried to chat with the "thief" as I know nothing. the thief was IM'ing me with links to a fake site that asks for email & password (the mistake my friend had done). actually, for me, it was so obvious that page was fake.
so, (1) i figured out the way my friend got hacked and I have the link.
yesterday, while chatting with the "thief" i sent a file so i figured out the IP address through netstat.
also, i've received an email from the "thief" and also i confirmed the IP address.
(2) i have an IP address, ISP and time of email sending.
the interesting part of the story:
i retrieved the country and ISP using that IP address and i got the same country i live in as foreigner, my point 'what a coincidence!' since I and my friends are from another country.
I linked this 'coincidence' with my using to the neighbors' (two) unsecured WiFi. I thought there was someone who's sniffing on me and I think was collecting email addresses and sends fake links (may be was doing more than that).

however, there's no confirm to this assumption but it is the only thing i can think of. anyway, i still using one of the unsecured wifi :) since i feel that i'm secured myself. but, i feel guilty about my friend :( and there are may be more friends got hacked because of me.

questions: assuming my assumption is true.
1. in modern countries can IP be an evidence? i mean what can be done to such thief? (no electronic crime law is applied here).
2. how secured is my https connections? (regardless other unencrypted connections) i'm only concerned about doing e-banking (HTTPS) on my neighbors' unsecured wifi network.
3. is hotspotshield is a secure VPN freeware with no ad-ware, or there's a better choice?

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Co-Owner
Top Expert 2011
Commented:
In answer to your questions:
  1. Yes - you would need to obtain a court order to obtain the records from the ISP as to who was using the IP address at that particular date and time and you could take matters further once the info was obtained, but the computer could be part of a botnet, so the originator may not be the person at the end of the computer.
  2. If you are using your neighbour's unsecured Wi-Fi link, you are most probably breaking the law.  Despite their stupidity, your best course of action would be to offer them some assistance in securing their Wi-Fi and get your own broadband link.  I am sure the HTTPS connection is going to be secure, but you could end up in hot water yourself by using their signal unauthorised, so my recommendation would be to stop imediately.
  3. I have no idea about hotspotshield.
Commented:
Here's how it works. HTTPS might as well be NANANA..   You see what goes on outside you insecured WIFI is. Packet sniffing.
The computer won't goto sleep and won't forget unless told to.  So you use HTTPS to login to the bank, ebay, paypal, and so on.
My friend, you will login via http some times. And when you do a hacker with any brians, will what I call.  Play with the spider.
So I got get your email password. WOW I just help myself to some reading of your email. And before I know It I find out you have an account with Sears.com.  So I try the Email Password on Sears.com and Im in.  
Basically Your whole life can be figured out with access to your email account. And from their it's just a game..
Wep can be cracked in 10 miniutes.......  WEAKEST LINK is the strongest..
 
Regards
Selvol
Ali BIT Consultant

Author

Commented:
@alanhardisty
good information
and i'de like to hear more

@selvol
well, you were right :S
I thought using HTTPS with gmail is an advantage, but wait...  i use the same PWD with other accounts. besides i leave all of my PWD's saved in FF

anyway, what if I use third-party software that always connects me over https:443 am  I going to be secured? (this eliminates Q3:hotspotshield)



Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
Even the Pentigon is a potential hack. NOT BY ME  Wireless Keyboards can be decoded at 60 feet or more.
It all comes down to how bad they want the info.   I would think a service the encrypted the packets would help.  
I do not use wireless. It's slower and insecure.  
 In this program below their is a packet sniffer amoung other useful toys.  It will tell you who and what is coming in and going out of your computer.  
If you think someone is on your computer taking files. You can turn it on and see the packets..
If the guy is near you. Use Netstubler to zero in on the signal from his wireless card..
 
http://users.telenet.be/ahmadi/nettools.htm
 
I used to... I mean .. Nevermind.
 
Trust NO one.  Any site you give a password to can see what the  passwords is 99% of the time. Someone at that site can get your password.....  And play with the spider......
I mean sniper038 is enought  to get someone smart enought into your DELL.com account
1) Unsecured wireless offers no protection against packet sniffing
2) WEP offers no protection against packet sniffing (packets can be captured by any connected client)
3) HTTPS secures the content of the packets but not the source and destination - so this information can be used.

In addition to this....never use a wireless network you do not control yourself or trust the person who controls it.  If you must use a wireless network connect to a socks proxy on a trusted network, to encrypt any traffic sent over the wireless network back to the trusted network.

It's worth noting that SMTP traffic (as well as pop3 and imap) are natively unencrypted - you send/receive using these without using SSL/TLS and data can be captured if using Wireless as above or at any hop between you and the destination.

If you have the public IP of the attacker you can carry out a whois lookup against the IP.  This will identify the ISP, who should have an abuse@ contact address so this can be reported.

Another point to note is that if the attacker has control over the wireless network you are using, it would be very easy for them to perform a MITM attack or to spoof DNS to force you to visit specially crafted pages that would make you susceptible to attack....

The best advice I can offer is to stop using an unsecured wireless network - particularly one you do not own.  If you do not have permission to use it, chances are you are breaking the law anyway.
>In addition to this....never use a wireless network you do not control yourself or trust the person who controls it.  If you must use a wireless network connect to a socks proxy on a trusted network, to encrypt any traffic sent over the wireless network back to the trusted network.
<EDIT>

I should have been more clear with this....have a look at SSH tunneling and SOCKS proxys here http://www.plenz.com/tunnel-everything

Commented:
Thank you Roachy1979, for laying it out in tech terms..... Getting your info  is all a game that anyone can play. The only looser is the unsupecting, trusting internet user with a real life....
 
Regards.
 
Selvl
Ali BIT Consultant

Author

Commented:
thank you all for the valuable information.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial