How did they do it? (Hacked)

Anything not relating to the X-Universe games (general tech talk, other games...) belongs here. Please read the rules before posting.

Moderator: Moderators for English X Forum

User avatar
Chips
Posts: 4873
Joined: Fri, 19. Mar 04, 19:46
x4

Re: How did they do it? (Hacked)

Post by Chips » Wed, 29. Apr 20, 00:04

Other than what has been said:
1) Never click a link from email.
2) Never believe what the email says either, always find your own way to site and log in.
3) Enable 2 factor authentication (and use a password manager if you don't log in from new devices often - is there not a trust this device option?)
4) Check your email against "Haveibeenpwned" though I doubt you've used the same password twice if it's really obscure.

first thing I thought was - did they actually access the account? I've had emails about "someone tried to log in..." before. Usually someone with similar or somewhat email (or possibly people trying passwords revealed via haveibeenpwned for various sites that were compromised on the biggest platforms - facebook, netflix, twitter, instagram, google etc) but never actually made it in. Even had a few password reset attempts a few years back; some were even legit.

This year i've also received emails from a US professor with coursework from students attached - with requests to mark it by the weekend. I said I would do my best, but warned it may not be up to much as I'm unfamiliar with the subject matter :D So could (if not successful) have been someone a bit muddled?

burger1
Posts: 3003
Joined: Fri, 21. Aug 09, 22:51
x3tc

Re: How did they do it? (Hacked)

Post by burger1 » Wed, 29. Apr 20, 00:57

Changing your password doesn't work with netflix and neither does logging out of all devices as far as I know. Basically on devices like my roku, firetablet, etc... even after passwords are changed they are still ok using the old one for a very long time. On my roku if it asks for passwords I hit the home button and go into the app again and it works with no password request.

I think making a new account might work even though you'd lose your netflix data.

Gavrushka
Posts: 8072
Joined: Fri, 26. Mar 04, 19:28
x4

Re: How did they do it? (Hacked)

Post by Gavrushka » Wed, 29. Apr 20, 08:39

burger1 wrote:
Wed, 29. Apr 20, 00:57
Changing your password doesn't work with netflix and neither does logging out of all devices as far as I know. Basically on devices like my roku, firetablet, etc... even after passwords are changed they are still ok using the old one for a very long time. On my roku if it asks for passwords I hit the home button and go into the app again and it works with no password request.

I think making a new account might work even though you'd lose your netflix data.
Ah, there was a delay, but it did force logout all devices, and now none will go back in with the original password. - It did unnerve me when one of my smart boxes went straight back in under the old password as if nothing had happened, but that sorted after a minute or two.

Thing is, with the spotlight put on Netflix, I'm wondering what I actually watch on it. - Locke and Key has finished (I think that was Netflix) and I originally only activated it for Star Trek Discovery. - With Sky Q 'everything' and Amazon Prime, Netflix does come across as the weakest content-wise, *and* more expensive than Prime...
“Man, my poor head is battered,” Ed said.

“That explains its unusual shape,” Styanar said, grinning openly now. “Although it does little to illuminate just why your jowls are so flaccid or why you have quite so many chins.”

“I…” Had she just called him fat? “I am just a different species, that’s all.”

“Well nature sure does have a sense of humour then,” Styanar said. “Shall we go inside? It’d not be a good idea for me to be spotted by others.”

Gavrushka
Posts: 8072
Joined: Fri, 26. Mar 04, 19:28
x4

Re: How did they do it? (Hacked)

Post by Gavrushka » Wed, 29. Apr 20, 08:45

Chips wrote:
Wed, 29. Apr 20, 00:04
Other than what has been said:
1) Never click a link from email.
2) Never believe what the email says either, always find your own way to site and log in.
3) Enable 2 factor authentication (and use a password manager if you don't log in from new devices often - is there not a trust this device option?)
4) Check your email against though I doubt you've used the same password twice if it's really obscure.

first thing I thought was - did they actually access the account? I've had emails about "someone tried to log in..." before. Usually someone with similar or somewhat email (or possibly people trying passwords revealed via haveibeenpwned for various sites that were compromised on the biggest platforms - facebook, netflix, twitter, instagram, google etc) but never actually made it in. Even had a few password reset attempts a few years back; some were even legit.

This year i've also received emails from a US professor with coursework from students attached - with requests to mark it by the weekend. I said I would do my best, but warned it may not be up to much as I'm unfamiliar with the subject matter :D So could (if not successful) have been someone a bit muddled?
Does the email thing count when you're using Outlook 365 as part of the office package? - I do check all links, but Office also uses something called 'safelinks' to make sure there's nothing nefarious going on. I have a system whereby any official email goes to different folders, and I have had it in the past where phishing emails come in (to my Yahoo account, never my Outlook one) which go straight to the Inbox rather than the designated folder. I guess there's an eternal battle going on between criminals and official websites, and I imagine websites can only react to new 'things' after they've first happened. Is phishing really that clever that an identical link can take you other than the legal website (with the secure icon symbol in the browser.) Damn, if it has, I'm in a stew! LOL

Both my main email accounts show as 'good news' on the "Haveibeenpwned" website.
“Man, my poor head is battered,” Ed said.

“That explains its unusual shape,” Styanar said, grinning openly now. “Although it does little to illuminate just why your jowls are so flaccid or why you have quite so many chins.”

“I…” Had she just called him fat? “I am just a different species, that’s all.”

“Well nature sure does have a sense of humour then,” Styanar said. “Shall we go inside? It’d not be a good idea for me to be spotted by others.”

pjknibbs
Posts: 41359
Joined: Wed, 6. Nov 02, 20:31
x4

Re: How did they do it? (Hacked)

Post by pjknibbs » Wed, 29. Apr 20, 08:53

Vertigo 7 wrote:
Tue, 28. Apr 20, 18:01
brute forced or reversed encryption is the most likely, unless somewhere netflix creds are being sent plain text. but it's a good bet they have access internally to netflix and got passwords for multiple users and decrypted them.
If any website is storing passwords in an encrypted format that can be *decrypted* then something is already very wrong. You should always store a one-way encrypted hash of the password, then encrypt whatever the user types in using the same method and compare the results.

Vertigo 7
Posts: 3457
Joined: Fri, 14. Jan 11, 17:30
x4

Re: How did they do it? (Hacked)

Post by Vertigo 7 » Wed, 29. Apr 20, 09:43

pjknibbs wrote:
Wed, 29. Apr 20, 08:53
Vertigo 7 wrote:
Tue, 28. Apr 20, 18:01
brute forced or reversed encryption is the most likely, unless somewhere netflix creds are being sent plain text. but it's a good bet they have access internally to netflix and got passwords for multiple users and decrypted them.
If any website is storing passwords in an encrypted format that can be *decrypted* then something is already very wrong. You should always store a one-way encrypted hash of the password, then encrypt whatever the user types in using the same method and compare the results.
True but encryptions are broken all the time. Even RSA has been cracked. It may take a long time to decrypt but it does happen. That's the truth of the internet, there is no such thing as perfect security. There are highly effective measures that can deter hackers, such as multi-factor authentication, but they can still be broken or circumvented.
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

CBJ
EGOSOFT
EGOSOFT
Posts: 51740
Joined: Tue, 29. Apr 03, 00:56
x4

Re: How did they do it? (Hacked)

Post by CBJ » Wed, 29. Apr 20, 10:20

Hashes are, by their nature, harder to break than two-way encryption, because they don't need to be reversible even by the person who created them. The list of hash algorithms that have weaknesses (and note that a weakness doesn't necessarily mean that it's easy to actually break in practice) is known and doesn't change often. Any large company worth its salt (pun intended: the data should be salted too) shouldn't have too much trouble in avoiding those.

User avatar
Chips
Posts: 4873
Joined: Fri, 19. Mar 04, 19:46
x4

Re: How did they do it? (Hacked)

Post by Chips » Wed, 29. Apr 20, 12:01

Gavrushka wrote:
Wed, 29. Apr 20, 08:45
Does the email thing count when you're using Outlook 365 as part of the office package? - I do check all links, but Office also uses something called 'safelinks' to make sure there's nothing nefarious going on.
So do you know what safelinks does? A quick check seems to say it's basically checking against a known blacklist of Microsoft and a corporate blacklist (company related if you're part of an organisation).

Most disconcerting would be the old phrase... the weakest link in any security is the user. If people outsource the trust to safelinks it means if its able to be beaten, then they are beaten.
So if my 10s of Googling is correct, a new (non blacklisted at time of writing) url would pass with flying colours. However, I'd be surprised if safelink was *that* basic, but you should definitely find out if you don't already know!
An article pointed out that if anything, the presentation of links by safelink makes it even harder to determine if a link is bogus, so you're entirely reliant upon it warning you.

But the main thing is - this may be utterly irrelevant from the problem you had as who knows :P It may have been from a year ago, two years ago etc. I got an email the other day saying they knew my password and told it to me; they demanded money. It's a password not used in about 18 years...

Gavrushka
Posts: 8072
Joined: Fri, 26. Mar 04, 19:28
x4

Re: How did they do it? (Hacked)

Post by Gavrushka » Wed, 29. Apr 20, 12:49

In summary: unless you're savvier than Sam Saveloy, Sausage King of the Virtual World, it's best to avoid the Internet.

*Buys idiots guide to Semaphore*

*Notes neighbour reading it over my shoulder*

Shrieks "I've been hacked!"

===

I'll never follow links from emails again. I'll click on bookmarks, or create new ones as needed. I'll change my passwords more often than I change my socks... Actually, no, it's best to change passwords at least twice a year, yes? -And I'll wear a false moustache whenever I use my webcam.

You've got this, Gavrushka. :sceptic:
“Man, my poor head is battered,” Ed said.

“That explains its unusual shape,” Styanar said, grinning openly now. “Although it does little to illuminate just why your jowls are so flaccid or why you have quite so many chins.”

“I…” Had she just called him fat? “I am just a different species, that’s all.”

“Well nature sure does have a sense of humour then,” Styanar said. “Shall we go inside? It’d not be a good idea for me to be spotted by others.”

RegisterMe
Posts: 8903
Joined: Sun, 14. Oct 07, 17:47
x4

Re: How did they do it? (Hacked)

Post by RegisterMe » Wed, 29. Apr 20, 14:18

Chips wrote:
Wed, 29. Apr 20, 12:01
I got an email the other day saying they knew my password and told it to me; they demanded money. It's a password not used in about 18 years...
Likewise my lodger. She received an email that demonstrated that the sender knew part of her password. It also claimed that he(?) had installed a keylogger, had at times taken used her webcam, and that the various porn sites she looked at demonstrated that she had good taste. Unless x thousand in bitcoin was transferred wherever a lot of her personal details / communications / porn habits would be relayed to her various contact lists.

It was, in effect, a reasonable sophisticated social engineering attempt.

I talked her through it. She was adamant that she hadn't looked at the claimed porn sites. This was enough for me to say "there's a lot of bluff in this and that undermines the rest of the threat. Change all your passwords on everything and either ignore it or tell them where to get off, and report it to the police".

But if she'd been vulnerable in some way, and without access to somebody reasonably tech savvy, and had looked at whatever porn sites... it might have felt very threatening indeed.
I can't breathe.

- George Floyd, 25th May 2020

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: How did they do it? (Hacked)

Post by red assassin » Wed, 29. Apr 20, 16:02

Those emails started appearing a few years ago after a particularly big password leak. Pretty easy to just trawl the internet for big password leaks, crack whatever passwords you can if they're salted, and then email everybody whose password you have a threatening message about hacking them. (Amusingly, not too long after that, somebody started sending the same template out but without bothering with the including the actual password!) Lots of people reuse passwords a lot, so it doesn't really matter what service you originally get the email from.


The key advice is pretty simple:
1) Use a password manager. Let it generate passwords for everything except maybe your email account. Have really strong, different passwords for your password manager and your email. (A string of a few random words is often easier to type and remember than a string of a dozen random characters.)
2) Use two-factor authentication wherever available. Yubikeys are great for the services that accept them. Standard authenticator apps on your phone are good. Text messages are better than nothing, but not ideal.
3) Don't click links in emails. While most phishing can be detected via the usual checks on use of your name, whether the email service can verify the sender, etc, identifying a really good targeted phish is hard even for professionals. Navigate directly to the site in question and you'll be a lot safer.

Once you're following that advice, you probably don't need to worry about changing individual passwords unless you have evidence that one has actually been compromised.
Signing up for haveibeenpwned notifications is also pretty useful as a warning for when you should probably change your password somewhere and/or keep an eye out for targeted phishing on the basis of it.
Also, some email accounts offer a feature that allows you to make distinct email addresses: e.g. on GMail, you can add "+whatever" to your email address, as in "johnsmith+amazon@gmail.com" if your account is "johnsmith@gmail.com". This allows you to associate an email you're receiving with where the sender got your email address from, which can often be quite illuminating.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

Vertigo 7
Posts: 3457
Joined: Fri, 14. Jan 11, 17:30
x4

Re: How did they do it? (Hacked)

Post by Vertigo 7 » Wed, 29. Apr 20, 16:08

red assassin wrote:
Wed, 29. Apr 20, 16:02
Also, some email accounts offer a feature that allows you to make distinct email addresses: e.g. on GMail, you can add "+whatever" to your email address, as in "johnsmith+amazon@gmail.com" if your account is "johnsmith@gmail.com". This allows you to associate an email you're receiving with where the sender got your email address from, which can often be quite illuminating.
That is quite brilliant. I hadn't considered that. I need to find out if that's offered with MS accounts.
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

pjknibbs
Posts: 41359
Joined: Wed, 6. Nov 02, 20:31
x4

Re: How did they do it? (Hacked)

Post by pjknibbs » Wed, 29. Apr 20, 16:18

red assassin wrote:
Wed, 29. Apr 20, 16:02
Those emails started appearing a few years ago after a particularly big password leak. Pretty easy to just trawl the internet for big password leaks, crack whatever passwords you can if they're salted, and then email everybody whose password you have a threatening message about hacking them.
Yeah, this is why the passwords you see in these e-mails are generally old ones. In a lot of cases people have been using the same passwords forever so they get caught out. Of course, there may be other clues that the mail is a fake--in my case it tells me they've been recording me doing naughty things through my webcam, but I don't have one on my home computer and never have had one!

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: How did they do it? (Hacked)

Post by red assassin » Wed, 29. Apr 20, 16:22

Vertigo 7 wrote:
Wed, 29. Apr 20, 16:08
That is quite brilliant. I hadn't considered that. I need to find out if that's offered with MS accounts.
Outlook.com accepts the same + syntax as GMail. Easy enough to test, anyway!
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

Vertigo 7
Posts: 3457
Joined: Fri, 14. Jan 11, 17:30
x4

Re: How did they do it? (Hacked)

Post by Vertigo 7 » Wed, 29. Apr 20, 16:44

red assassin wrote:
Wed, 29. Apr 20, 16:22
Vertigo 7 wrote:
Wed, 29. Apr 20, 16:08
That is quite brilliant. I hadn't considered that. I need to find out if that's offered with MS accounts.
Outlook.com accepts the same + syntax as GMail. Easy enough to test, anyway!
Well, i'll be damned. It does indeed work. I love it. I have some account changes to make. Learn something new every day! ty sir!
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

pjknibbs
Posts: 41359
Joined: Wed, 6. Nov 02, 20:31
x4

Re: How did they do it? (Hacked)

Post by pjknibbs » Wed, 29. Apr 20, 16:53

red assassin wrote:
Wed, 29. Apr 20, 16:22
Outlook.com accepts the same + syntax as GMail. Easy enough to test, anyway!
Odd, I just tested sending an e-mail to my work e-mail address (which is an Office 365 one) with that + thing on it, and it didn't work--got rejected due to the e-mail not existing. Guessing they only enable this feature for actual @outlook.com e-mail addresses.

Gavrushka
Posts: 8072
Joined: Fri, 26. Mar 04, 19:28
x4

Re: How did they do it? (Hacked)

Post by Gavrushka » Wed, 29. Apr 20, 16:55

red assassin wrote:
Wed, 29. Apr 20, 16:22
Vertigo 7 wrote:
Wed, 29. Apr 20, 16:08
That is quite brilliant. I hadn't considered that. I need to find out if that's offered with MS accounts.
Outlook.com accepts the same + syntax as GMail. Easy enough to test, anyway!
That's simply awesome. I need to send you many, many dollars. Thank you! :thumb_up:
“Man, my poor head is battered,” Ed said.

“That explains its unusual shape,” Styanar said, grinning openly now. “Although it does little to illuminate just why your jowls are so flaccid or why you have quite so many chins.”

“I…” Had she just called him fat? “I am just a different species, that’s all.”

“Well nature sure does have a sense of humour then,” Styanar said. “Shall we go inside? It’d not be a good idea for me to be spotted by others.”

Vertigo 7
Posts: 3457
Joined: Fri, 14. Jan 11, 17:30
x4

Re: How did they do it? (Hacked)

Post by Vertigo 7 » Wed, 29. Apr 20, 17:20

pjknibbs wrote:
Wed, 29. Apr 20, 16:53
red assassin wrote:
Wed, 29. Apr 20, 16:22
Outlook.com accepts the same + syntax as GMail. Easy enough to test, anyway!
Odd, I just tested sending an e-mail to my work e-mail address (which is an Office 365 one) with that + thing on it, and it didn't work--got rejected due to the e-mail not existing. Guessing they only enable this feature for actual @outlook.com e-mail addresses.
I would bet that the enterprise accounts don't have that enabled. I could see that as something the admins would not want enabled (if it's an option), especially if they have a spam/AV filter before the emails hit the mail server. But it def works for personal accounts.
The Future is Progressive!
rebellionpac.com
Fight white supremacy, fight corporate influence, fight for the rights of all peoples!

User avatar
Chips
Posts: 4873
Joined: Fri, 19. Mar 04, 19:46
x4

Re: How did they do it? (Hacked)

Post by Chips » Wed, 29. Apr 20, 17:34

RegisterMe wrote:
Wed, 29. Apr 20, 14:18
I talked her through it. She was adamant that she hadn't looked at the claimed porn sites. This was enough for me to say "there's a lot of bluff in this and that undermines the rest of the threat. Change all your passwords on everything and either ignore it or tell them where to get off, and report it to the police".

But if she'd been vulnerable in some way, and without access to somebody reasonably tech savvy, and had looked at whatever porn sites... it might have felt very threatening indeed.

It was, in effect, a reasonable sophisticated social engineering attempt.
I think it's more basic than you give them credit for :D 100k leaked email/passwords? Send out those emails with part password (rest starred out). Then take some guesses and leave the targets to self identify (common porn site, most laptops have webcams built in etc).

Now you just need a percentage to fall for it as they've kept it secret or think it's something to be humiliated over. Personally, I worked on the principle if you refuse to be embarrassed then hard to get blackmailed. No shame here :D

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: How did they do it? (Hacked)

Post by red assassin » Wed, 29. Apr 20, 18:04

Gavrushka wrote:
Wed, 29. Apr 20, 16:55
That's simply awesome. I need to send you many, many dollars. Thank you! :thumb_up:
Be aware that this is a fairly well-known trick and spammers may strip the +whatever off, replace it with something else, etc etc, so it's not reliable by any means, but it is often useful. (At least for telling you who to blame for losing your details!)
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

Post Reply

Return to “Off Topic English”