Someone broke into my gmail account. (I have regained control.) The hacker sent an email to about twenty people asking for money. To be sent to London. Here is a gchat conversation that ensued (me = the hacker, Richard = one of my students):
18:30Â Richard: do u need sth professor?
18:32Â me: nop
  not good at the moment
 Richard: what do u mean? ur feeling not well?
|
|
16 minutes |
18:49Â me: HEY
18:50Â Richard: hey
18:51Â me: heop you get my mail?
 Richard: uh.. no
  when did u send it?
18:52Â me: I’m stuck in London with family right now
 Richard: wow!! u didn’t tell us u’re going to the uk!
18:53Â me: I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now
 Richard: wait.. are you Kaiping or Seth?
 me: Seth
  i came down here on vacation
18:54Â Richard: oh..
  this is really odd
  i saw kaiping’s post saying that he’s with his family too..
18:55Â so u emailed to me? but i didn’t get it..
18:56Â u mentioned request.. what is the request in ur email?
18:57Â me: i was robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such a crazy experience for me
 Richard: what!
where are you now? are you safe?
18:58Â me: i need help flying back home, the authorities are not being 100% supportive but the good thing is i still have my passport but don’t have enough money to get my flight ticket back home and l need to clear the hotel bills here
 Richard: can u resend me the email?
18:59Â me: please i need you to loan me some money, will refund you as soon as I’m back home, i promise.Get back to me ASAP let me know what to do next
 Richard: can u log on gtalk so i can voice chat with u?
  not enough info for me
19:00Â i did get ur email so i don know how i can hel u
  ~help
19:02Â me: can i ask you a qus?
 Richard: yes
 me: tell me who is your best friend?
19:03Â Richard: …..my girlfriend i guess
 me: are you kidding me ?
 Richard: if ur serious about my helping u then…
19:04Â me: are want to who you her
  tell me who is your best friend?
 Richard: why does this matter if.. what?
  best friend okay, a guy in tsinghua
19:05Â but u don’t know him i guess
 me: the title of book I showed you lat time ?
 Richard: the shangri-la diet or mindless eating?
  ….professor, please
19:06Â me: stop kidding me
19:07Â Richard: professor i thought u r a little strangely
sorry.. i mean talking a little strangely
  i should be confused
19:09Â why does these matter if ur trying to fly back?
19:11Â the thing is i didn’t get ur email so i do not know how to help
19:13Â me: You can wire it to my name from a western union outlet around. Here are the details you need to get it to me;
 Richard: can u use voice chat?
19:15Â it should be easy to install the voice char plugin for gmail, i mean we are not well connected, so it’s kinda slow
  i couldn’t help thinking this as an experiment…
19:16Â i think the easiest way would be u resending the email so i can get enough info
19:17Â besides, i may not have enough money so i would need time to trasfer money into my active account if we act fast enough we can get u home more quickly
19:18Â do u have a phone number of any kind?
19:19Â me: You can wire it to my name from a western union outlet around. Here are the details you need to get it to me;
Name – Seth Roberts
Location – 27 Leicester Square, London. England.
Name – Seth Roberts
Location – 27 Leicester Square, London. England.
19:20Â Richard: and how much? all i have is rmb does it matter?
19:21Â me: how much can you loan me ?
 Richard: i donno. all i have in my account is about 4k yuan
19:24Â me: I still have my passport so i can use it as identification. You’ll be given a 10 digit confirmation number as soon as the transfer goes through, email it to me as soon as you have wired the cash to me.Regards
19:31Â me: you there
 Richard: yes professor do u have a phone number?
 me: nop
19:32Â Richard: but u have access to internet! where r u now?
 me: yes
19:35Â Richard: i gotta go good luck man
Sounds like Not-Your-Self-Experimentation.
Wow. Any idea how he got your password?
No I don’t, unfortunately. His English is too good for him to be Chinese. So I have a hard time believing it has anything to do with my being in China. A virus scan of my computer turned up nothing. A lot of gmail accounts have been hacked like this in the last few weeks. It certainly has nothing to do with phishing, as Google first claimed. I didn’t give anyone my password. And I use https (rather than http) when using gmail.
Did you log in using either a cafe computer or someone else’s computer? I find that people, even sysadmins, can’t be trusted to maintain security.
I try to keep great security on my machines, and rarely use anyone else’s when I’ll need to enter a password. The one time I know my password was snared was when I was working with a friend on a project & needed to SSH from his terminal, which was logged into the Cal math dept. When it came to light a day or so later, I initially assumed my friend had unwittingly gotten a keylogger. In reality, it was the math department that didn’t maintain good security.
It probably has a lot to do with being in China. A new and practical man-in-the-middle attack on SSL, and thus on HTTPS, allows anyone who controls a router you’re going through to get your SSL credentials.
No more internet cafes, for a while.
Nathan, the attack you’re talking about only seems to work with Twitter:
https://news.softpedia.com/news/Practical-Twitter-Attack-Using-SSL-Renegotiation-Bug-Demoed-127087.shtml
I don’t have a Twitter account, never use it. You can’t get Twitter in China, I’m told.
A few notes:
– Are you sure they aren’t Chinese? “are want to who you her” – their English is less than perfect.
– The vulnerability you linked to is a flaw in SSL, not in Twitter. Any site using SSL is vulnerable.
– I wouldn’t call this person a hacker, necessarily. Unless you have a much more secure password than average, haven’t ever written it down, and don’t use the same password for any other websites, they could easily have guessed (brute forced against known info) or otherwise found out your password. If not, it was likely a MITM attack, which anyone can do.
No, Twitter is just a convenient and familiar way to demonstrate the exploit. It works with any SSL connection and login, under certain conditions. Of course the people using it for ill are not posting articles about how they’re using it. Probably most uses involve hacking into thousands or millions of wireless routers and altering how they forward SSL traffic, to harvest authentication details.
It’s entirely possible, maybe even likely, that your case was not one of them, and that you got taken by a keylogger installed on a cafe machine, or something.
Also, English skills tell us nothing. Details harvested in China are sold in bulk worldwide. Former Chinese WoW gold farmers are branching out.
thanks, Nathan