Gmail Account Hacked

[ghost]

So I have a gmail account, and today at work (internship) I got a call from a close friend asking why I was instant messaging him and calling him horrible curse words. I had been working in my lab fro the past 5 hours, so I asked him to save the chat and I assured him that wasn't me. So when I got home and logged into Gmail, the language had been changed to Chinese and there was an auto-responder set up to reply with:

HACKED BY DISTURBED5X
HACKED BY DISTURBED5X
HACKED BY DISTURBED5X
HACKED BY DISTURBED5X
HACKED BY DISTURBED5X
HACKED BY DISTURBED5X

After changing the language back to English, I realized that the hacker had deleted over a months worth of email. Thank god he was an idiot and simply put them in "Trash" without deleting them. And these are very important emails.
So then I looked in my IMing history and found that the hacker was having conversations with my friends, calling them horrible curse words. I know he was doing the talking because of this one chat (this was the only non-explicit chat):

3:04 PM me: hey
friend: hey who is this?
3:05 PM me: you tell me
friend: i really have no idea
3:06 PM me: that ok
3:08 PM friend: so u ever gunna tell me who this is?
me: no its ok
3:09 PM friend: really?!
me: yup
3:11 PM friend: please!
3:12 PM me: nah, u'll never know srry
you know even know who i am?
friend: do u know who i am?
me: nope srry
just figured id aim someone
friend: wow
me: that i saw on my fl
3:13 PM friend: on ur wat?
me: friends list
friend: so wats ur name?
3:14 PM me: id even know
3:16 PM friend: where do u live?
me: lol idk!
3:17 PM friend: y not?!
me: im srry dude
i just don't know!
3:18 PM friend: ...ok
im just REALLY curious
me: me 2!
3:19 PM i have no ****** clue!
3:20 PM if you don't mind me asking, how old r u ?
roughly?
friend: ha, almost 16
and u?
3:21 PM me: o ok cool thx
3:22 PM friend: wait wat about u?

I hadn't emailed this friend from that email address before, so he didn't know who I was.

And then the worst news came - my book's website had been compromised. He deleted all the content, including the one thing not backed up - the forum
He replaced it with an image saying "HACKED BY DISTURBED5X" I quickly reset the website but the forum will take a lot of time to restore

I then tried to use System Restore to restore my computer. It didn't work (I tried 6 different dates ranging from February to yesterday). FYI, Norton Internet Security 2008 has been running full blast. It did a full scan last night and found nothing. I made it do another scan and it found nothing. So I installed SpyBot Search and Destroy, and it found dozens of malicious cookies as well as a registry changed that blocked system restore - installed last night.
I did notice something was weird when I woke up this morning. I always leave my computer on screensaver while I sleep, but it had restarted itself, probably installing the system restore blocker

I am very mad with Norton, and I feel violated. This jerk impersonated me, and then was such an idiot he didn't even know how to delete email. He/She is pathetic. Stupid hackers.
Sorry for the long post/rant. But are there any more precautions I should take. Dell's outstanding Gold Tech support (extreme sarcasm here) is "not allowed to support hacking or virus issues" but the nice (not sarcastic here) lady advised me to reinstall windows. But IU have the feeling this was mostly a brute force entry through Gmail. But I'm still worried.
By the way, my old password had literally been a string of random numbers and letters that I NEVER shared with ANYONE.

Advice?
Thanks :/

:cry:

 

[Chrisn]

Perhaps he got the password for your website after accessing your gmail account and looking through the emails. What browser you are using, IE, Firefox or other? I suggest you use firefox and keep it updated, along with your email client. Do you use the same password for other websites on the internet? if so change them and dont store copys on email or on the computer. Another thing to do would be to check any websites youve been to recently which this person may have used to infect your computer or browser. And remember not to open unknown attachments in emails regardless of filename/format.

 

[ghost]

I'm pretty careful... I always use the most up-to-date version of firefox, and I always immediately delete emails from people I don't know (without ever opening the email). I only open attachments from senders I know.

 

[lessgravity]

My the extent of your hack it seems to me that a key logger of some sorts may have been placed on your computer capturing passwords. Did you keep Norton up to date. Have you installed all Microsoft patches? What kind of firewall are you behind? Do you have physical firewall like a router or software firewall?

 

[skycopp]

There are several ways that a person can hack your gmail account.
Sometimes when people log into gmail using one of those firefox tools, the log on will occur unencrypted unless you specify that it is to be encrypted. If you happen to be at one of those free wifi places and you check your gmail account, someone sitting nearby can 'sniff' the air and see the password.
Another way is someone can steal your cookie. When you logon to gmail, a cookie will be saved to your hard drive saying that you have established a connection. Now if you did this on someone elses computer or a shared library computer or something, someone can take that cookie, place it on their computer and walla, they are already logged into your gmail account.
I've seen that live when I was at a security conference last year. This guy gave a talk on the vulnerabilities in gmail and while the talk was going on, he surrepticiously was sniffing the wireless traffic and pulled several cookies out of the air of people in the audience logging onto their gmail account. Then he pulled up peoples in boxes on the bigscreen. He now has a program that can do this automatically. Forgot the name of it.

 

[skycopp]

https://it.slashdot.org/article.pl?sid=07/08/03/1241217

 

[lessgravity]

There are several ways that a person can hack your gmail account.
Sometimes when people log into gmail using one of those firefox tools, the log on will occur unencrypted unless you specify that it is to be encrypted. If you happen to be at one of those free wifi places and you check your gmail account, someone sitting nearby can 'sniff' the air and see the password.
Another way is someone can steal your cookie. When you logon to gmail, a cookie will be saved to your hard drive saying that you have established a connection. Now if you did this on someone elses computer or a shared library computer or something, someone can take that cookie, place it on their computer and walla, they are already logged into your gmail account.
I've seen that live when I was at a security conference last year. This guy gave a talk on the vulnerabilities in gmail and while the talk was going on, he surrepticiously was sniffing the wireless traffic and pulled several cookies out of the air of people in the audience logging onto their gmail account. Then he pulled up peoples in boxes on the bigscreen. He now has a program that can do this automatically. Forgot the name of it.

Yes wireless sniffing is quite common. This is why I suggest to all my Wifi users to do two things.
Place security on your home wireless routers...do not leave it open to the world.

Install a software based Firewall to block intrusions while you surf wireless.

I've heard of several users who had password and other personal info stolen while surfing in hotels or at the local Starbucks( a favorite hangout for hackers)

 

[heada]

If the packets are being transmitted between the wireless adapter and the access point, how would a software firewall on the PC help at all? The packets are being snagged while in flight, not from the PC itself. This is no different than sitting on the physical network and sniffing each packet as it goes by.

As for enabling wireless security, make sure to use WGA and not WEP. WEP can be broken in less time than it took for me to write this post (about 45 seconds or so)

I would bet that someone guessed your gmail password. That is the most common method.

-Aaron

 

[lessgravity]

If the packets are being transmitted between the wireless adapter and the access point, how would a software firewall on the PC help at all? The packets are being snagged while in flight, not from the PC itself. This is no different than sitting on the physical network and sniffing each packet as it goes by.

As for enabling wireless security, make sure to use WGA and not WEP. WEP can be broken in less time than it took for me to write this post (about 45 seconds or so)

I would bet that someone guessed your gmail password. That is the most common method.

-Aaron

In regards to the software firewall --I wasn't referring to packet sniffing but direct access to the PC. I should have made that clearer.

Yes - WGA over WEP. I've personally seen WEP broken on a neighbor's router.

 

[skycopp]

minor nitpick...
WPA, not WGA.

 

[cjl]

I'm guessing you mean WPA?

That's what I would reccommend for any wireless network.

 

[lessgravity]

I'm guessing you mean WPA?

That's what I would reccommend for any wireless network.

Yes WPA (WiFi Protected Access) over WGA(Windows Genuine Advantage) anyday

 

[Tom Swift]

And then the worst news came - my book's website had been compromised. He deleted all the content, including the one thing not backed up - the forum
He replaced it with an image saying "HACKED BY DISTURBED5X" I quickly reset the website but the forum will take a lot of time to restore

If I were you, I'd assume the home computer is compromised and unplug the network cable ASAP. Then back up files & photos, and reformat (unless you feel you could do forensics).

From a known good computer that has a wired network connection (or properly encrypted wireless connection), change ALL your online passwords. Do it now. Have you recently performed any online financial transactions (banking, purchasing, etc.)?

To be clear - are you hosting a website and forum on your home PC? Or are you referring to the freewebs.com site shown in your profile?

 

[heada]

(hangs head in shame) That teaches me to post just before running off to a meeting.

 

[Nerull]

If he got into your computer, that was probobly the first thing. A strong password should not be brute forceable, and random numbers and letters fits that.

A trojan virus would let him snoop all your passwords, though. I'd sugguest you change the passwords on everything, and if you really suspect the computer was compromised, reformat. A random internet worm is one thing, but never trust a computer that has been hit with this sort of hack, system restore or not. A root kit can be undetectable to anti virus and immune to system restore, and will let him back in whenever he wants.

 

[WiK]

A strong password should not be brute forceable, and random numbers and letters fits that.

Any password can be cracked by brute force, it's just a matter of time. Random letters/numbers just protect against slightly quicker dictionary attacks.

< /nitpick>

 

[Nerull]

Because I'm sure some bored teenager in China spent months doing random passwords for some random gmail account he found.

 

[WiK]

You never know

 

[init 6]

Because I'm sure some bored teenager in China spent months doing random passwords for some random gmail account he found.

Ah, but there are 1.3 Billion Chinese people and (according to google) 24% of these are 'youths'.

So if most teenagers get bored at some time in their adolescence (and lets face it most of them are bored all the time ) that gives about 312 million random password attempts. Of course getting 312 million teenagers to do anything would take some impressive co-ordinating (and parenting) skills.

On a more serious note. If your password is a string of random characters, how do you remember it? Did you write it down anywhere or have it on your computer?

 

[krypton21]

Honestly.... get rid of Norton. Get rid of McAfee if you have it.

Get AVG. It catches more things than Norton & McAfee combined, and the anti-virus is free. Keep Spybot, and run it once a week at least. Ad-Aware is another one you should have running on a weekly basis (you can get a limited function free version). It'll catch anything the first two miss.

My computer is powered on & online all day long, and I have never been hacked.

The best thing about AVG (other than the free part) is that it doesn't bog your PC down the way Norton & McAfee does.

 

[ghost]

Thanks for all of your support!

My the extent of your hack it seems to me that a key logger of some sorts may have been placed on your computer capturing passwords. Did you keep Norton up to date. Have you installed all Microsoft patches? What kind of firewall are you behind? Do you have physical firewall like a router or software firewall?

Norton was updated about two nights before the attack and has always been (and is) up to date.
We use a Netgear access point (password protected, WPA2) with the default settings.

If the packets are being transmitted between the wireless adapter and the access point, how would a software firewall on the PC help at all? The packets are being snagged while in flight, not from the PC itself. This is no different than sitting on the physical network and sniffing each packet as it goes by.

As for enabling wireless security, make sure to use WGA and not WEP. WEP can be broken in less time than it took for me to write this post (about 45 seconds or so)

I would bet that someone guessed your gmail password. That is the most common method.

-Aaron

We use WGA2. But I know my neighbors well, and they would never do that.
Maybe someone in a car, but our block is VERY quiet, and if a car drives by at night, everyone notices. If a car drives, parks, and drives away, I'm sure neighbors would be yelling at the person in the car (the only people to do that, in our experience, are teenage lovebirds or kids trying to get high ),

Ah, but there are 1.3 Billion Chinese people and (according to google) 24% of these are 'youths'.

So if most teenagers get bored at some time in their adolescence (and lets face it most of them are bored all the time ) that gives about 312 million random password attempts. Of course getting 312 million teenagers to do anything would take some impressive co-ordinating (and parenting) skills.

On a more serious note. If your password is a string of random characters, how do you remember it? Did you write it down anywhere or have it on your computer?

It's only 6 characters, and I've had it for like 5 years now. You remember it after 5 years. Plus, I'm good at memorizing

 

[Reinhard]

On a more serious note. If your password is a string of random characters, how do you remember it? Did you write it down anywhere or have it on your computer?

One trick is to use a password that is not truly random but is derived from a sentence that you can remember easily.

Something like: My rocket flew 7 times before I lost it. -> Mrf7tbIli


Things to consider when choosing passwords:

• 
  Never ever use passwords that share a connection to you, like the name of your dog, the city you live in, your birthday etc. This also applies to mechanisms intended to help you when you lost your password. When the system asks you for your mothers maiden name or something similar, don't enter it. Social engineering is one of the most successful ways to gain unauthorized access.
  This is especially important when dealing with attacks which are specifically directed against you. It won't happen as often as random attacks over the internet, but it usually has more serious consequences. Social engineering was used successfully in some high profile espionage cases.
  
• Don't use passwords that are listed in dictionaries or other common phrases.
  
• Don't use sentences that refer to the login process (logincomputer, letmein,..). Too much people do this.
  
• Try to mix at least lower case letters, upper case letters and numbers. There is no need to shuffle them in a complicated way or distribute them evenly as long it is not too obvious (single upper case letter at the beginning). This increases dramatically the number of possible combinations, making bruteforce attacks much harder.
  Number of different 6 character passwords:
  only lowercase: 26^6 = 308915776
  upper- and lowercase: 52^6 = 19770609664
  upper- and lowercase + numbers: 62^6 = 56800235584
  
• Avoid recycling passwords. Sometimes internet sites will send you your password back with the confirmation email - unencrypted. Once a friend of mine set up a bulletin forums, on which I registered. The email bounced, enabling my friend to see the password. In theory, passwords shouldn't be stored in plaintext, but it happens sometimes. Expect administrators, webmasters and hackers to be able to see your password, so it's important to limit its usefulness to a single system or site.
  One example: If you register on a 'rogue site', the admin is usually able to see your email address and your (temporary) IP. A shared password may enable the admin to gain access to your email and your home network.
  
• Don't store passwords on places near the computer (I've seen Post-Its on monitors, under desks,...) when you can't ensure that only thrustworthy persons have access to it.
  
• Change your passwords regularly, not as often as your underwear, but keep doing it from time to time.

Personally I'm having some master passwords for critical applications that I remember using the scheme explained above. The other passwords are stored in a password safe (Keepass).

Reinhard