Chatting With a Hacker
Someone broke into my gmail account. (I have regained control.) The hacker sent an email to about twenty people asking for money. To be sent to London. Here is a gchat conversation that ensued:
18:30 Richard: do u need sth professor?
18:32 me: nop
not good at the moment
Richard: what do u mean? ur feeling not well?
| 16 minutes |
18:49 me: HEY
18:50 Richard: hey
18:51 me: heop you get my mail?
Richard: uh.. no
when did u send it?
18:52 me: I’m stuck in London with family right now
Richard: wow!! u didn’t tell us u’re going to the uk!
18:53 me: I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now
Richard: wait.. are you Kaiping or Seth?
me: Seth
i came down here on vacation
18:54 Richard: oh..
this is really odd
i saw kaiping’s post saying that he’s with his family too..
18:55 so u emailed to me? but i didn’t get it..
18:56 u mentioned request.. what is the request in ur email?
18:57 me: i was robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such a crazy experience for me
Richard: what!
where are you now? are you safe?
18:58 me: i need help flying back home, the authorities are not being 100% supportive but the good thing is i still have my passport but don’t have enough money to get my flight ticket back home and l need to clear the hotel bills here
Richard: can u resend me the email?
18:59 me: please i need you to loan me some money, will refund you as soon as I’m back home, i promise.Get back to me ASAP let me know what to do next
Richard: can u log on gtalk so i can voice chat with u?
not enough info for me
19:00 i did get ur email so i don know how i can hel u
~help
19:02 me: can i ask you a qus?
Richard: yes
me: tell me who is your best friend?
19:03 Richard: …..my girlfriend i guess
me: are you kidding me ?
Richard: if ur serious about my helping u then…
19:04 me: are want to who you her
tell me who is your best friend?
Richard: why does this matter if.. what?
best friend okay, a guy in tsinghua
19:05 but u don’t know him i guess
me: the title of book I showed you lat time ?
Richard: the shangri-la diet or mindless eating?
….professor, please
19:06 me: stop kidding me
19:07 Richard: professor i thought u r a little strangely
sorry.. i mean talking a little strangely
i should be confused
19:09 why does these matter if ur trying to fly back?
19:11 the thing is i didn’t get ur email so i do not know how to help
19:13 me: You can wire it to my name from a western union outlet around. Here are the details you need to get it to me;
Richard: can u use voice chat?
19:15 it should be easy to install the voice char plugin for gmail, i mean we are not well connected, so it’s kinda slow
i couldn’t help thinking this as an experiment…
19:16 i think the easiest way would be u resending the email so i can get enough info
19:17 besides, i may not have enough money so i would need time to trasfer money into my active account if we act fast enough we can get u home more quickly
19:18 do u have a phone number of any kind?
19:19 me: You can wire it to my name from a western union outlet around. Here are the details you need to get it to me;
Name - Seth Roberts
Location - 27 Leicester Square, London. England.
Name - Seth Roberts
Location - 27 Leicester Square, London. England.
19:20 Richard: and how much? all i have is rmb does it matter?
19:21 me: how much can you loan me ?
Richard: i donno. all i have in my account is about 4k yuan
19:24 me: I still have my passport so i can use it as identification. You’ll be given a 10 digit confirmation number as soon as the transfer goes through, email it to me as soon as you have wired the cash to me.Regards
19:31 me: you there
Richard: yes professor do u have a phone number?
me: nop
19:32 Richard: but u have access to internet! where r u now?
me: yes
19:35 Richard: i gotta go good luck man
November 18th, 2009 at 6:53 am
Sounds like Not-Your-Self-Experimentation.
November 18th, 2009 at 7:24 am
Wow. Any idea how he got your password?
November 18th, 2009 at 7:48 am
No I don’t, unfortunately. His English is too good for him to be Chinese. So I have a hard time believing it has anything to do with my being in China. A virus scan of my computer turned up nothing. A lot of gmail accounts have been hacked like this in the last few weeks. It certainly has nothing to do with phishing, as Google first claimed. I didn’t give anyone my password. And I use https (rather than http) when using gmail.
November 18th, 2009 at 8:12 am
Did you log in using either a cafe computer or someone else’s computer? I find that people, even sysadmins, can’t be trusted to maintain security.
I try to keep great security on my machines, and rarely use anyone else’s when I’ll need to enter a password. The one time I know my password was snared was when I was working with a friend on a project & needed to SSH from his terminal, which was logged into the Cal math dept. When it came to light a day or so later, I initially assumed my friend had unwittingly gotten a keylogger. In reality, it was the math department that didn’t maintain good security.
November 18th, 2009 at 11:20 am
It probably has a lot to do with being in China. A new and practical man-in-the-middle attack on SSL, and thus on HTTPS, allows anyone who controls a router you’re going through to get your SSL credentials.
No more internet cafes, for a while.
November 18th, 2009 at 12:45 pm
Nathan, the attack you’re talking about only seems to work with Twitter:
http://news.softpedia.com/news/Practical-Twitter-Attack-Using-SSL-Renegotiation-Bug-Demoed-127087.shtml
I don’t have a Twitter account, never use it. You can’t get Twitter in China, I’m told.
November 18th, 2009 at 1:35 pm
A few notes:
- Are you sure they aren’t Chinese? “are want to who you her” - their English is less than perfect.
- The vulnerability you linked to is a flaw in SSL, not in Twitter. Any site using SSL is vulnerable.
- I wouldn’t call this person a hacker, necessarily. Unless you have a much more secure password than average, haven’t ever written it down, and don’t use the same password for any other websites, they could easily have guessed (brute forced against known info) or otherwise found out your password. If not, it was likely a MITM attack, which anyone can do.
November 18th, 2009 at 1:55 pm
No, Twitter is just a convenient and familiar way to demonstrate the exploit. It works with any SSL connection and login, under certain conditions. Of course the people using it for ill are not posting articles about how they’re using it. Probably most uses involve hacking into thousands or millions of wireless routers and altering how they forward SSL traffic, to harvest authentication details.
It’s entirely possible, maybe even likely, that your case was not one of them, and that you got taken by a keylogger installed on a cafe machine, or something.
November 18th, 2009 at 1:58 pm
Also, English skills tell us nothing. Details harvested in China are sold in bulk worldwide. Former Chinese WoW gold farmers are branching out.
November 18th, 2009 at 2:14 pm
thanks, Nathan