Unathorized access to my email account

**spamdies** · June 1st, 2006, 02:25 AM

David, one thing to keep in mind is with most mail server if you set outlook to sae a copy of the message on the server, (people really do this) once it downloads the mail it will mark it as read on the server. If you dont set it to save a copy, once it downloads the mail it will be removed from the most servers. Just a little info so your not caught off guard.

***Ghost_25inf*** · June 1st, 2006, 02:55 AM

Most likely you have a roomate or girlfreind that knows your password. If you use wifi hotspots to check your mail, be sure no one is looking over your shoulder to see what the password is. Weak passwords (like my boss 1234 thats the same as my luggage) will get you into big trouble. Hell it could even be the FBI (NOT). Your best bet is to ditch the email account and get a new one. Dont use the same password for everything, this too can get you into trouble.

I did read about a email program that would allow you to dl all your web mail to outlook, just dont remember the name. Works with MSN, yahoo, aim, and others.

**nihil** · June 1st, 2006, 07:43 AM

Hi David,

This sounds a little strange to me?

I have opened my email and found messages that I had previously read, were now showing that they were "unread".

I am not aware of any mechanism that would cause that to happen, unless it is some sort of problem with the e-mail system.

Logically, if I could read your e-mail and reset it to "unread" you would never even know. I would be inclined to ask the e-mail provider what they think.

**DakX** · June 1st, 2006, 09:10 AM

Hi David,

This sounds a little strange to me?

quote:
I have opened my email and found messages that I had previously read, were now showing that they were "unread".

I am not aware of any mechanism that would cause that to happen, unless it is some sort of problem with the e-mail system.

Nihil, it is possible. But its not done by the computer, but by a user. Maybe the "hacker" thought that those were instresting but he didn't have the time. I know it sounds weird and unlogical. I'm just providing some back ground info.

David, I'm assuming you changed your password. I mean you would be pretty dumb if you didn't, pardon my rudeness. Have you found evidence that showed that after the assumed password change someone "hacked" in your account again?
As to finding out his IP, you would have to check with the email provider. No other option. But as stated before, if you are not paying for it they are most likely to don't give a *****.

Just my 2 pence.

***SirDice*** · June 1st, 2006, 10:23 AM

One note... If you use the "regular" POP3 protocol to receive your email, keep in mind it is a clear-text protocol. Meaning anyone can see your password.. Keep this in mind next time you use a public "open" WiFi network..

If you read your mail using a webinterface make sure you use SSL (https) instead of http.

**nihil** · June 1st, 2006, 10:54 AM

Hi DakX , I can see where you are coming from, I was just trying to figure out the circumstances or sequence of events.

If the server was restored for some reason, that would presumably reset the flags?

If someone is reading my e-mail and they open one that has already been opened, I doubt if they would set it to "unread" as that would probably alert me to what was going on?

If they can reset them to "unread" they would do that to ones that they opened first, so as not to alert me?

Of course, they could be total idiots, or are just doing it to pull his chain?

It is the resetting of opened messages to "unread" that I am having difficulty with. Not the "how" but the "why"?

**daviddaviddavid** · June 1st, 2006, 05:39 PM

Thanks everyone for the great suggestions.
After changing my password I have not identified any new unusual activity on my email account.

Neptune0z:
I am interested in your idea about spreading some "honey".

If I cease using my regular account and then set it up with the old password reset and send some emails to the old address with some interesting "misinformation" of potential interest to a hacker, how do I set up the sniffer and links you mentioned?

nihil:
My guess is whoever is peeking at my email was maybe in a rush on occasion and forgot to mark "unread" on some of the messages looked at that I had not previously opened. As to why a message would show "unread" after I had opened it , I can only assume I am dealing with a sloppy hacker that might be lured into a "honey patch" if I can set one up.
David

**Neptune0z** · June 2nd, 2006, 05:10 AM

Well...The simplest way would probally be to just mention some links in your inbox...Maybe you could mention that FTP server that will be running next week on your home system, so you can share your photo's with your mother-inlaw...Just point the links back to your machine.
Keep in mind that you will probally have to use 2 or 3 different "misinformation statements" so you can construct an identification matrix. This way you can eliminate false positive caused by routine net traffic. Download something like Ethereal to sniff the incoming connection requests.

**DakX** · June 4th, 2006, 09:52 PM

Originally posted here by nihil

If the server was restored for some reason, that would presumably reset the flags?

Yes I agree but I think that the company would have let the users know. Atleast if it concernd data that might have been changed.

It is the resetting of opened messages to "unread" that I am having difficulty with. Not the "how" but the "why"?

I've been "struggling" with the same thing. Why would anyone reset it? It makes no sense.

As to finding out who did it. Something like Neptune0z suggested might be good. You could just stash a document or a file somehwere on a server. Then just mail the url to yourself and wait for him/her to bite. I've heared that you can install a feature that enambles IP logging. If you combine this with a file that no-one knows about besides you and in the future a possbile hacker you can easely find out the hackers IP. This in combination with an whois of some sort ( come on guy's I know you have some sites for this

) could atleast give you a hint in towards the hackers location/identity.
For example if you know his ISP you could find out wich of your friend, co-worker or someone you suspect uses and compare it with your results.

Again just my 2 pence.

DakX

**nihil** · June 5th, 2006, 08:39 AM

Hi DakX , and thanks for your response.

I was also having great difficulty in understanding the "why" bit, as you know.

David probably gave us the answer with his suggestion that the guy might have been in a hurry, or not really known what he was doing?

I always fall into the trap of assuming that a "hacker" knows what he is doing. I forget that there are so many skiddie tools and sites around, that this is not always true

Yes I agree but I think that the company would have let the users know. Atleast if it concernd data that might have been changed.

Good point! I can only talk about commercial transaction applications here, but this is what I have personally seen:

1. System has a database (ledger) which is updated by "transactions".
2. The transaction records are "journalled" (stored in batches or units)
3. The system crashes.
4. You restore the system back to a prior date, which resets the flags/indicators
5. You re-apply the "journalled" transactions, and everything is back to normal.

Problem is that the flags/indicators have not been reset

so you do a payments run, and all the accounts that you flagged to pay since the restore point are ignored, because that is not a "transaction" and is not included in your journals.

I have absolutely no experience of e-mail systems, but I can imagine them working this way?

Thread: Unathorized access to my email account

Thread Tools

Display

Just my $0.02

unauthorized access to my email

$0.02 (again)

Posting Permissions