Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: PayPal HTF?

  1. #11
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Quote Originally Posted by ShagDevil
    Basically, there's no HTTPS between your computer and your wireless router. The conversation between your wireless card & your wireless router doesn't use the internet. That's what WPA is for. It encrypts traffic between your computer & your wireless router.
    Wouldn't there be https between the computer and Paypal via the router?
    The router wouldn't be encrypting and decrypting SSL packets? Https is
    all tcp/ip whether it's inside the router or outside, and as such would be
    encrypted on either side except at the endpoints, which the router is not.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #12
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Yeah, you're right. For whatever reason, I've been thinking of HTTP this entire time. Even if his WPA passphrase is brute-forced, the HTTPS traffic will still be garbled nonsense.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  3. #13
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmmm,

    Having worked as an auditor for a number of years in my early career, all I can say is follow the money. If money is taken out of an account it has to go somewhere, and that is what law enforcement and paypal are for

    I will reiterate previous requests for information regarding physical security of the PC and the router. Also, are you sharing a connection over a network or is this a stand alone set up entirely under your physical control.

    Sometimes it is beneficial to start with the answer and work back to the question? If I know where the money went, it might give me an idea of who did it, and that could lead me to how?

  4. #14
    Member
    Join Date
    Dec 2006
    Posts
    33
    Confirmed:


    The HTTPS session exists between the computer and the HTTPS server via the router. The HTTPS traffic is simply encapsulated inside the WPA traffic.

  5. #15
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Anyone else feel uneasy?

    Like if someone rips me off I call the police........... unless I already have a pretty good idea, and the answer is too close to home?

    I would start looking for physical devices, a divorce lawyer, and a residential school somewhere in the desert


  6. #16
    nihil is quite right. You mustn't approach this purely as a hack, it's actual crime. Immediately inform paypal and authorities. A good computer crime division will send expert forensic team to analyze your equipment, as well as follow the money trail.
    An extremely common error of hackers is that they will transfer money to their accounts, or purchase somenthing very traceable (passing through customs, or having DHL tracking). I bet that PayPal will also do everything they can to help you in order to keep their good name.
    I would appreciate it if you keep us posted on the results

  7. #17
    Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Thanks for the replies!

    First thing I did was contact PayPal. They are going through their normal process. It should take 10 days and I should get my money back.

    At this point I'm just trying to figure out how it happened so it doesn't happen again.

    So, I'm the only one that uses this computer besides my girlfriend who checks her gmail. I'm connected to a wireless router with WPA, the router is connected to a cable modem, I'm the only one on the network. No one else knew my PayPal password and I didn't use that same password for another account.

    I'm 99% sure I don't have a keylogger, unless it's the most stealthy, unknown one that exists or it deleted itself (which I've never heard of). That pretty much leaves:

    - Network sniffing: Unlikely because of WPA and HTTPS
    - Phishing: Unlikely
    - XSS on Ebay Auction: If this is even possible, doesn't look like it happened
    - Bruceforced: Pretty unlikely considering the password

  8. #18
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    Self-deleting keyloggers do exist.

    All I can suggest is:

    1. Get A-squared, update it and run it in safe mode with all scanning options "on".

    http://www.emsisoft.com/en/software/free/

    2. Get a file recovery tool such as UndeletePLUS and run that. Look for files around the date of the incident.

  9. #19
    Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Quote Originally Posted by nihil
    Hmmmm,

    Self-deleting keyloggers do exist.

    All I can suggest is:

    1. Get A-squared, update it and run it in safe mode with all scanning options "on".

    http://www.emsisoft.com/en/software/free/

    2. Get a file recovery tool such as UndeletePLUS and run that. Look for files around the date of the incident.
    Re: #1. Nothing came up here
    Re: #2. This didn't show much at all. I had a BSOD today which dumped my ram and probably wiped out a lot of "undeletable" files.

    One thing I noticed is that I have 2 emails: One is confirmation that I won the auction (which I did with Buy It Now), the other one is confirming one of the fraudulent transfers (there were more than 1). What's weird is that both have the same exact time (1:19AM). I didn't actually pay until 1:22 though.

    How about something like this?
    http://www.falle-internet.de/de/html/pr_exme_engl.php
    Last edited by fetuz; June 16th, 2008 at 05:31 AM.

  10. #20
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes, XSS or some other drive by would seem the most likely candidate, and I would suspect the page on which you made the "buy now" purchase, or one you visited prior to that. I am guessing that the other one took longer to confirm?

    Assuming that the times are correct, or at least from the same source then it can be explained.

    It would still require something to be loaded onto your machine, I would have thought?

    A possible scenario might be:

    1. You log onto e-bay and start looking at stuff.
    2. You visit a contaminated page and malware is loaded onto your machine.
    3. You decide on a "buy now transaction"
    4. You open your pay pal account and authenticate yourself. That gets your pay pal details and password to the fraudster.
    5. The fraudster now has to move quickly or there is a good chance that you will spend the money before his transaction goes through. Possibly a bot does that?

    I am not sure why the transaction was split, as I don't know enough about the internal workings of paypal. Were they both for the same amount? A common reason is to avoid some sort of internal control threshold, although if the amounts are the same it could be just a badly programmed bot? Were the two fraudulent transactions at the same time?

    The main problem with fraud from the criminal's viewpoint is converting the transactions into cash or goods whilst avoiding detection. This is when most of them get caught.

    Whatever was on your computer would uninstall itself as it is a potential evidence trail back to the fraudster? It might have loaded itself directly into RAM as I have read of recent malware that can do this.
    Last edited by nihil; June 16th, 2008 at 09:47 AM.

Similar Threads

  1. Scam Examples
    By foxyloxley in forum Phishing and Cyber Scams
    Replies: 62
    Last Post: November 24th, 2018, 10:55 AM
  2. Paypal Scam
    By 11001001 in forum Phishing and Cyber Scams
    Replies: 6
    Last Post: July 7th, 2005, 10:30 PM
  3. Interesting PayPal Phishy (Where's Phishy?)
    By MrLinus in forum Phishing and Cyber Scams
    Replies: 2
    Last Post: March 20th, 2005, 04:05 AM
  4. Phishy: PayPal - Flagged Account
    By MrLinus in forum Phishing and Cyber Scams
    Replies: 2
    Last Post: February 28th, 2005, 12:40 PM
  5. Paypal Scam.
    By FrameWork in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: May 23rd, 2003, 02:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •