Email accounts hacked!

Hi everyone and Happy New Year,

Recently found this forum and wish that I had found it before, especially after all the stress and worry I've been through due to a stalker who has now become an internet stalker and email/pc hacker! Now I am more security aware..but still learning!...always learning!

Here is the scenario:

a) Some hacker managed to second guessed my password and hack into 'Friendsreunited.com'. They changed information about me and caused great anxiety! See b) below.
Now I have learnt the lesson on how to construct decent and different passwords of course, but instead of second guessing, maybe they got the password in the first place by checking my credit card bill (easy) then contacting friendsreunited with my personal details and last four numbers of the card used to request the password!

Observations: In all emails originating from this site my password was on full view and was never encrypted, so this poses the question:

q1) is it possible for emails to be intercepted from that site and the password extracted, and is it a common method or fairly easy for a hacker?

b) From Freindsreunited they discovered my long time email address from yahoo which was used for personal and business corresspondence.
They hacked into this account as the password was nearly identical. From this account they discovered my work, home, personal business, my friends personal information, my credit card transactions and other email accounts. Basically they now about everything there is to know about me! Of course it feels like I've been burgled! Except its worse because I don't know what they could, or indeed want to do next online!
They have changed the password and personal information on this account so it is useless to me and I cannot log into it anymore, but of course they can still read all my information in it and see all my personal photos etc!

Now they also got the id's of another hotmail and yahoo account too which I used to use for messaging. Now I have made up difficult and different passwords and my account info questions are not easily guessed now but still poses the questions:

q2) If someone has my hotmail or yahoo id, is it possible by any method for them to intercept my email or indeeed conversations when I use messenger?

q3) Are cookies on my pc that store my login information safe?

q4) Can they trace my computer information or system id from an email or messaging in order to hack it from a port unprotected by Norton?

And here is my present situation:

Personally I have had to change address, mobile numbers, cancel credit cards, stop using friendsreunited and started looking over my shoulder due to the physical threat. Have contacted the sites where the info was changed to do an audit trail. However they need a legal instruction from the police to do this, and the police without specific proof of fraud or ABH they are unwilling to do anything. And I only have circumstancial evidence!

Basically they will react after the damage to me has been done! Except in fact, it already has been done psychologically.

Anyway on the pc I have installed Norton Personal Firewall and AntiVirus.
Have Advanced Ant-Keylogger
Have BT modem protection
Have Webroot spysweeper
Have Spybot resident, Ad-Aware, AOL spyware and Microsoft Antispyware
Have ewido ant-malware

I have a dial-up modem but this is sufficient for my uses.

My passwords are pretty difficult to crack and my personal info on sites is now spurious.

But my concern is that they can trace, hack or monitor my online message conversation or my emails from sources on the web, and considering I work and keep in touch with family and friends from my pc this is becomig extremly stressful for me now!

Also I am worried that they can trace the ip address or system id and hack back to my PC to access the information on it. They only need a recent picture of me now and they have everything there is to know about anyone!

The above all sounds pretty bizarre but this is an actual real life situation and the stalker has already shown to be threatening!

Well Hope someone can help with the IT questions above and many thanks in advance,

Cheers

 

***NOTE: this topic may be in the wrong forum***



By Poster:

***q1) is it possible for emails to be intercepted from that site and the password extracted, and is it a common method or fairly easy for a hacker?***

*****************


An e-mail in transit may be read countless times by countless people.....
un-encrypted e mail is just plain bad news to use.
your post contains numerous questions that would require indept answers and solutions........others with more time to spare may jump in later so check back......
It appears that you may need to spend some time learning about pc security...(as you, yourself stated) an this is a website to ask for the help you need........
You state that you were threaten.....if you have proof of this threat show it to the Police and DEMAND action....this may require an attorney.....but well worth the expense.
There is a good chance that it was you computer that was hacked and not your e mail accounts.....this is certainly in question.
The damage has obviously been done.......securing your computer now wont change that....but will help prevent such things in the future.........those here offering you help will need to know which operating system you are using in order to suggest Programs that will work on that system..........BUT DO BE CAREFUL........read some threads around the forum so that you can become awear of Who is Who.....and What is What.....
Most of the people at this forum are good people who give of their time helping others for the sake of helping others.......
At the moment the time I can spare to post is very short so will jump out of here an let others offer there suggestions.....

Good Luck

Snowie The Snowman

 

By the way.....whenever you visit a website.....any website.....your IP address is log......your internet provider's name is logged.....the browser you are using is known......and more..........thats very common.........
so, if you feel comfortable here.....what the hack....why not just join and become a member.....if you like........its totally your choice of course.........

 

Thanks Snowie, points taken and will be careful with information.

Am running Windows XP SP1

Cheers

 

You are most welcomed.......sorry to see you went through that experience........you have lots to do now.....just be patient.....

there is much you can do to prevent this from happening again.....so don't be discouraged...........hang in there.........


seeya later


snowie


P.S

while waiting why not visit the windows update website to make certain you have all the M$ updates oh, an woul;d suggest that you install adaware.....and spyware blaster.....the vendor is right here at this website..............you can download those programs from:

www.wilders.org

or

www.snapfiles.com (the freeware section)

 

Here you go......


http://www.snapfiles.com/freeware/security/fwantispy.html



Regards

Snowie (on my way out)

 

The threats are non-recorded calls to work, numerous calls with no answer in the middle of the night, computer messages left on mobile answerphone from a telephone box, stalker walking past my house and place of work. All circumstancial, not worth even an injunction.
So best to make my personal info as difficult to obtain as possible! So I'm as difficult to find as possible!

Questions from previous message:
a) Actually not sure which forum is best?
b) Although emails are able to be read by countless people, can a targeted individual email from a specific site be filtered out and read?
c) How could my computer be targeted in advance and hacked by these people?
d) Is my computer id or address logged in emails etc?
e) If someone has my messenger id can that cause me problems even if they do not have my password ie like msn passport etc?

Basically I need to know that my computer, emails and messenging are safe to use!
Also I'm not worried about technical replies, I'm learning...or will learn fast. Have also already noticed comparisons and dfferences with testing the various spyware products which I will put in a post...hopefully in the right forum later.

Cheers

 

After reading your last comment......it strongly appears that there is something "personal" involved .......perhaps an "EX".......or former acquaintance .........someone who could have had access to your computer....or someone you no longer want to associate with......

User..........a Hacker would not even consider doing any of the things you mention.........nor would younger "script-kiddies".........

but don't worry.....I am not even slightly interested in personal matters.........you have a security issue....an thats the only issue.


once again..your question requires indept answers.......answers that don't come so easily.............no one here would have any idea whats "inside: your computer.....is there private spyware.....or maybe someone who visited you an accessed your computer.....etc, etc, etc......
do you really need to ask if using your computer is safe......of course its not safe.....you already know that.......all your information has already been obtained!!!! The real question is: "How was your computer accessed" if it was at all. You lean towards thinking that your e mail accounts were hacked.......not one but several.......very un-likely that several e mail accounts would be hacked..........
If you are sincere in wanting to secure your computer....then leave no room for question...REFORMAT IMMEDIATELY! AN NO EXCUSES. If someone has gone as far as you say......its PAST time for some action on your part.........
Any other comment on my part would be less than honest......USER you may be in actual danger....an thats not to be played around with......sure, I could offer suggestions.......but in a case such as yours you need to start entirely over...to remove any room for doubt..........if you were my bestest friend I would offer the same suggestion.........for your own safety.

Ok, you are obviously intelligent.......now make the right choice!

 

USER

am not sure I understand some of your questions.........if you sent me an e mail yes the "headers" could be read......revealing alot of info......plus there are other "means"

this is a security forum......there are people here who are experts......an know things that would overwhelm the average User......that type of knowledge is not common.......your hacker person does not show that type of knowledge.....hardly.

reformat.....an enter entirely new passwords.......then secure that computer like a fort....... start at the beginning..........

 

oh, an be careful about installing "spyware products" because many of them are spyware themself........ask in the forum before installing...

 

You may not be ready for this yet.......but you will be eventuallty..so take a glance:

http://www.truecrypt.org/


an don't go fooling yourself.....you need to reformay.....then you can install programs such as the one above.......

 

USER123

decided to login so as you may know that this website is ok.......

 

USER123


You seem to have disappeared or lost interest........so guess I'll do the same.....an leave others to offer you their help........

good luck in resolving your issues.............this will be my last post


Regards

Snowie

 

Hi Snowie,

No not lost interest, just my work taking up all my time due to very long hours work, plus the travelling.

Will act on advise.

Thanks to everyone for their help so far. It's not wasted, just work in progress.

Cheers

 

Actually Snowie, you are the only person to have hepled.

So a very large thanks to you!

Will give you an update tomorrow as I've just got back from work and have to be up again in 6 hours...and I'm really tired just now.

Can't wait for my day off!

Cheers again Snowie!

 

Is your computer your own or a work computer. If work, the IT grubs can access anything they want at anytime.

 

Its my own computer at home.

Have reformated and reload xp on my home pc now.

Took a while, will do more tomorrow after work.

Still don't know if hotmail or yahoo messenger can be intercepted if someone has my user id. Think I'll just create new email accounts to solve the problem.

Cheers

 

USER123


So, you reformatted.....GREAT!!! You are off to a terrific start.
now, for here onward go slow....one step at a time.........you are correct in opening new e mail accounts...........
not knowing your experience with computers....to buy you some time to learn.......consider installing SecureIt Pro :

** Use SecureIt Pro to lock your computer when you re not there. The program comes with a ton of features: Disabling the main Windows key functions, like Ctrl+Alt+Del, Alt+Tab, the Windows key, and the Ctrl+Esc key combination. SecureIt Pro can also disable the Windows boot keys, detect for cold boots, allow other people to leave messages, log incorrect password attempts, or even hide itself every few seconds. The program also includes password reminder options, that can assist you if you ever forget your password, as well as several advanced configuration options as well as a locking screen saver. **


http://www.snapfiles.com/freeware/security/fwaccess.html


No, its not the best of the best...but should prevent access to your computer while you are away....if thats needed........later you can install encryption........
when you get the time......would suggest that you install EWIDO.....which is a trojan scanner.....an its a decent program..........
USER123, these days I don't spend much time here at the forum but will try to keep an eye on this thread to make sure you are ok.......
don't just install any program on your puter.......an learn to use encryption.......it does not need to be anything fancy.......just encrypt........if you need a simple program that will encrypt your entire hard drive.....without complication.....that can be provided...........just keep people out of your computer.....physically and on the internet as well........
If you need to use a messenger,,,install TRILLIAN.....it provides you with aim, yahoo, msn,,,,,but in a safe enviorment..............

got to go now........take care.....wishing you well

snowie the snowman

 

Yes, Trillian is a lot safer.

Remember to patch windows to the latest version (was there any reason before you did not have SP2?).

Make sure you use STRONG passwords on all your accounts now - at least 10 characters long, include numbers and other chraracters (like #&%! etc). No password is uncrackable, but a strong password will be unguessable!

Yes, set up new mail accounts at once!

Make sure you correctly configure Norton Firewall. Only the most dedicated and skilled hacker can get into your system through a decently configured firewall. You will NOT be the target of such a person.

If anyone but you has access to the PC, set up limited user accounts for them, and consider snowie's advice about using SecureIT or similar.

Practice SafeHex!

Do NOT, ever store credit card information etc on your PC.


If you are on dial-up, you will be assigned a random IP by your ISP when you log on. I would assume this would make hacking your PC, or sniffing your mails, next to impossible. Maybe someone else would confirm this.

 

Thanks for the guidence guys! This is getting most interesting now, and I'm feeling more secure already!

I'm going to allocate Saturday to get this system configured properly!

But here is a question:

Q: how can I check if my documents backup is free of a bogus program that my nemesis hacker may or may not have installed. I know that he will not have the technical ability to do this himself so would have employed someone else to do this, if indeed they managed to access my pc at all through my AOL dial up link. However sometimes the system would be connected for 20 hours at a time while working from home before or just left logged in.

At the moment my software listed below has not revealed anything that could not be deleted.

Norton Personal Firewall and AntiVirus.
Ant-Keylogger
BT modem protection
Webroot spysweeper
Spybot resident
Ad-Aware
AOL spyware
Microsoft Antispyware
ewido ant-malware

Information is the key, not so bad for not having the knowledge but very bad for not attaining it!

Cheers again

Ps Here is a link in return for your help...if anyone wants to monitor network traffic from there home or workplace its ideal:

http://people.ee.ethz.ch/~oetiker/webtools/mrtg/

 

USER123


The link you posted.....well it did not pass my security for whatever reason......so a word of caution......be careful about what you install on your computer.....there is a lot of spyware out there......an you really would not be expected to know what is what...............GO SLOW!!!


ok, would suggest that you install this program:


MRUBLASTER


MRU-Blaster is a program made to do one large task - detect and clean MRU (most recently used) lists on your computer.

These MRU lists contain information such as the names and/or locations of the last files you have accessed. They are located ALL OVER your registry, and for almost ANY file type. By looking at these MRU lists, someone could determine what files you opened/saved/looked at, what their file names were, and much more! (And, in many cases, the lists are displayed in drop-down menus automatically.)

With additional plug-ins that allow you to clean out your Temporary Internet Files and Cookies, MRU-Blaster enhances the protection of your privacy!



http://www.javacoolsoftware.com/mrublaster.html

*********************************************


A person can
obtain a trememdous amount of info by accessing certain files on your computer.....to you these files are hidden.....but in time you will learn how to see them.....for now lets just take it one step at a time.....install the above program in order to clean those files....thereby preventing anyone
from obtaining certain info.

************************************************
In reply to your question: scan those files with Ewido and your anti virus program................they should catch most trojans if any are present...........make sure your anti virus is set to scan ALL FILES...it takes longer.....just be patient.....its worth the time spent.

**************************************************


would suggest that you get rid of "BT modem protection"

***************************************************


computer security is a new world to you.....give yourself time to learn and grow into it........otherwise you will make costly mistakes...........

 

By the way......which Browser are you using...internet explorer?


if so......be open minded to changing.......others here may offer their suggestions........in the mean time....DISABLE JAVA APPLETS AND INSTALL ON DEMAND..........thats an absolute.

 

Suggested install:


Eraser


Eraser is a secure file deletion tool that allows you to completely remove sensitive data from your hard drive by overwriting it several times with sophisticated patterns (Gutman, USDoD and others). You can simply drag and drop files and/or folders onto the on-demand eraser, use the convenient Windows Explorer right-click extension or use the built-in scheduler for automated wiping of unused disk space, browser cache files etc. Easy to use and secure


http://www.snapfiles.com/get/eraser.html

 

Hi Snowie,

I'm using the AOL browser and IE6. Have done the above in IE. AOL however is a bit trickier but have set controls always with al applications to ask first before downloadind updates.

btw I'm based in London which might explain the time difference in my replies.

 

Suggested Install:


Script Defender


***
I'm sure that by now everyone has heard about email viruses; most people probably have either experienced one themselves or know someone who has. The latest batch of viruses have become more adept than ever at getting people to execute them unintentionally - that's where AnalogX Script Defender comes in!
AnalogX Script Defender will intercept any request to execute the most common scripting types used in virus attacks, such as Visual Basic Scripting (.VBS), Java Script (.JS), etc and can even be configured to intercept new script extensions as needed! It's very simple to use and helps to ensure that you do not inadvertently run a script no matter what email program you use, or even if you get it via another method.**********



http://www.analogx.com/contents/download/system/sdefend.htm