• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 678
  • Last Modified:

How did client's e-mail password compromised?


One of my clients had a bit of a nightmare recently. He lost access to his facebook account, re-attained access and then promptly lost it again. The perp posted on his wall, added his own e-mail account and then removed the clients. He posted his e-mail password on his facebook wall.

I'm trying to ascertain what a plausible explanation is for how the client's e-mail password was compromised.

Antivirus was out of date by 5 months
Java was about 4-6 revisions behind what's current
Flash was probably 3-4 revisions behind
3 adhoc networks had been connected to in the past
E-Mail was in Outlook
Has a blackberry

I scanned the computer using malwarebytes. Then I removed the hdd and scanned with Kaspersky, then Avast, then Avira. Malwarebytes found some infection fragments. The other three found bits and pieces of java related exploits and trojans. However, no specific keyloggers were found.

I have been trying to ascertain whether the e-mail password was compromised through the adhoc networks, through the blackberry, through infection, or through physical access to the computer?
0
MJCS
Asked:
MJCS
  • 4
  • 2
  • 2
  • +3
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
You forgot guessing and looking over his shoulder.  Since the perp is taking personal and not necessarily financial actions, it's probably someone who knows him.  'Professional' thieves would more likely prefer that he didn't know he was compromised.
0
 
RartemassService Desk AnalystCommented:
If the password was simple then it could have been guessed. This also points to someone he knows.
This is why its important to never use birthdays, pet names, kids names, street names, favourite characters and movies etc.
Also does he write the passwords down and "hide" them at his desk? Many people put a post it note under their keyboard with their passwords and think its secure.
0
 
younghvCommented:
"...or through physical access to the computer?" = or they got their hands on his BlackBerry for a couple of minutes.

People get way too casual about protecting access to their hand helds - and yet they will store information in them that is every bit as critical as what they have on their PC's.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
MJCSAuthor Commented:
how easy is it to pull password info out of a blackberry? I know it is really easy to pull it out of a laptop. There are numerous utilities that could be downloaded and run directly or off of a usb stick.
0
 
younghvCommented:
Very easy.
Just Google "lost blackberry password" and see all the ways you can do it.
0
 
MJCSAuthor Commented:
DO you have any specific links? When I ran that search, general consensus seemed to be that you can reset your blackberry password but not retrieve it...
0
 
btanExec ConsultantCommented:
probably the simple password would be one but it can be easily siphoned as well. Check out this link and mostly the phishing attack would social engineered the user in form of email with link to their phished (spoofed) facebook login. User being unaware will enter the credentials and all those are stored in the hosted attacker fake website

there would be case for "forget password" where user email account (also facebook userid) would be hacked if it is using simple password etc. The "forget password" in facebook will send it to user's primary email account (in this case probably user's facebook userid). attacker got that new facebook password. Also note that sometimes, the "reminder" question in the event of forgetting password can be easily guessed as well e.g. who is the spouse etc - as typically the answer can be found if the user had social information widely available in the web

Nonetheless, I understand that Facebook has security feature in which after 25 or so logins the account is temporarily disabled,to enable the account the account owner must reset his/her account. That may be indirect trigger

for the adhoc network, you should check out firesheep which siphon credentials by hijacking cookie across unprotected WIFI network in hotspot etc. It simply can login to any facebook account without  password. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. See this link @ http://codebutler.com/firesheep

0
 
Tony_the_PC-TunerCommented:
The easiest way to hijack a password is through simple phishing.

The client gets an email from someone that says "you have a new message on XYZ website (Facebook, Craigslist, whatever).  

They click on the "look alike" site, and attempt to login to their account.  Their username and password is captured, and the account is instantly compromised.  The hacker who set up the look-alike site gets an alert that he's caught a fly, goes in and changes the real password on the real account.


Start your investigation there.


Your client should go in and immediately change all remaining passwords to every other account they own- and I mean EVERYTHING; bank passwords, ebay, Amazon, whatever.  Change them now, as the hacker may be in the process of analyzing and digesting whatever they have already compromised.
0
 
MJCSAuthor Commented:
I have figured this out. I have successfully tested a sniffer to intercept non-encrypted wireless traffic to accurately depict passwords on both non-encrypted websites as well as pop e-mail.

How do I close the question with no points given out?
0
 
RartemassService Desk AnalystCommented:
To close with no points, simply select your comment as the solution.
0
 
MJCSAuthor Commented:
Nobody gave me a plausible answer but I was able eventually to duplicate the process myself, therefore answering my own question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 4
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now