Link to home
Start Free TrialLog in
Avatar of Ali B
Ali BFlag for Australia

asked on

email hacked, i've got thief's IP

hi i'm writing this and i think there is no exact solution. it is kind of sharing ideas. anyway, the story is as following:
two day ago my friend wrote an announcement on facebook that his email has been hacked. and he asked me to do something about it.
I tried to chat with the "thief" as I know nothing. the thief was IM'ing me with links to a fake site that asks for email & password (the mistake my friend had done). actually, for me, it was so obvious that page was fake.
so, (1) i figured out the way my friend got hacked and I have the link.
yesterday, while chatting with the "thief" i sent a file so i figured out the IP address through netstat.
also, i've received an email from the "thief" and also i confirmed the IP address.
(2) i have an IP address, ISP and time of email sending.
the interesting part of the story:
i retrieved the country and ISP using that IP address and i got the same country i live in as foreigner, my point 'what a coincidence!' since I and my friends are from another country.
I linked this 'coincidence' with my using to the neighbors' (two) unsecured WiFi. I thought there was someone who's sniffing on me and I think was collecting email addresses and sends fake links (may be was doing more than that).

however, there's no confirm to this assumption but it is the only thing i can think of. anyway, i still using one of the unsecured wifi :) since i feel that i'm secured myself. but, i feel guilty about my friend :( and there are may be more friends got hacked because of me.

questions: assuming my assumption is true.
1. in modern countries can IP be an evidence? i mean what can be done to such thief? (no electronic crime law is applied here).
2. how secured is my https connections? (regardless other unencrypted connections) i'm only concerned about doing e-banking (HTTPS) on my neighbors' unsecured wifi network.
3. is hotspotshield is a secure VPN freeware with no ad-ware, or there's a better choice?

ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ali B

ASKER

@alanhardisty
good information
and i'de like to hear more

@selvol
well, you were right :S
I thought using HTTPS with gmail is an advantage, but wait...  i use the same PWD with other accounts. besides i leave all of my PWD's saved in FF

anyway, what if I use third-party software that always connects me over https:443 am  I going to be secured? (this eliminates Q3:hotspotshield)



Even the Pentigon is a potential hack. NOT BY ME  Wireless Keyboards can be decoded at 60 feet or more.
It all comes down to how bad they want the info.   I would think a service the encrypted the packets would help.  
I do not use wireless. It's slower and insecure.  
 In this program below their is a packet sniffer amoung other useful toys.  It will tell you who and what is coming in and going out of your computer.  
If you think someone is on your computer taking files. You can turn it on and see the packets..
If the guy is near you. Use Netstubler to zero in on the signal from his wireless card..
 
http://users.telenet.be/ahmadi/nettools.htm
 
I used to... I mean .. Nevermind.
 
Trust NO one.  Any site you give a password to can see what the  passwords is 99% of the time. Someone at that site can get your password.....  And play with the spider......
I mean sniper038 is enought  to get someone smart enought into your DELL.com account
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
>In addition to this....never use a wireless network you do not control yourself or trust the person who controls it.  If you must use a wireless network connect to a socks proxy on a trusted network, to encrypt any traffic sent over the wireless network back to the trusted network.
<EDIT>

I should have been more clear with this....have a look at SSH tunneling and SOCKS proxys here http://www.plenz.com/tunnel-everything
Thank you Roachy1979, for laying it out in tech terms..... Getting your info  is all a game that anyone can play. The only looser is the unsupecting, trusting internet user with a real life....
 
Regards.
 
Selvl
Avatar of Ali B

ASKER

thank you all for the valuable information.