Monday, 8 July 2013

Internet Accounts Hacked in Bangkok

This blog serves as a warning to any computer users, who use a public internet connection at coffee shops, restaurants, hotels, and libraries. Hackers can use clever methods to gain access to internet accounts. When I visited Bangkok, someone hacked into most of my accounts, except Skype and my bank accounts. The hacker gained access to my accounts for Hotmail, Yahoo, Facebook, Netflix, Amazon, Orbitz, Kohls, etc.

Hacking into internet accounts is extremely difficult, especially if users use strong passwords, such as "Conway@579#." The password is a mixture of numbers, upper and lower case letters, and symbols. Hackers are not likely to deduce the password correctly because it has too many variations. Thus, they steal passwords by relying on phishing and keyloggers. Phishing is a hacker tricks a user by directing the user to a fake webpage that looks genuine. The user enters his personal information, thinking he/she is at the correct website and sends the information to the hacker. The fake website then logs into the correct website , so the user suspects nothing is wrong. A keylogger is a hacker tricks the user into installing a program that records keystrokes from the keyboard. Then the program sends the keystrokes to the hacker. Of course, a relative, spouse, or friend could install a keylogger on the user's computer, joking around, stealing information, or creating mischief.

While in Bangkok, I inadvertently discovered another method hackers can use to gain control over internet accounts. Someone hacked into the hotel's computer network. The first day in the hotel, I checked my Hotmail, Facebook, Yahoo, and my private email accounts using the hotel's wi-fi and my personal laptop. When I returned later in the afternoon, someone changed the passwords to Hotmail, Facebook, and Yahoo. My private email accounts were fine because these accounts require an administrator password, and I never logged on as administrator. Thus, the hacker could not change this password, or at least, I thought he could not.

I recovered all my accounts immediately, using the hotel's wi-fi. Later towards evening, I checked some of my accounts again, and the hacker changed my passwords again. Consequently, I thought someone hacked into the wi-fi network, circumventing the signal's security. Usually people use WPA or WPA2 to encrypt their internet communications as their computers send information through the air. However, encryption fails if someone has hacked into the network.

I made a severe mistake. I should have left the hotel and gone to a computer club to recover my accounts. Instead, I used the public computers in the hotel's lounge that connected to the internet through a line connection. Thus, I recovered my accounts with no problems. I thought I was safe because I did not transmit anything through the air via wi-fi. Nevertheless, the hacker had access to the hotel's network including the computer I used in the lounge.

The next morning, I logged onto several email accounts, using the hotel's public computer, checking my emails. Everything was fine. Then an hour later, I started losing all my internet accounts, including my important account for managing my website. Although I never logged onto my personal website using my administrator password, the hacker found information in my Yahoo email account. The hacker changed the password to my personal website by doing a password reset – the user requests a new password by sending a confirmation email to Yahoo (that he controls, of course). Similarly, the hacker changed all my accounts for Kohl's, Orbitz, Netflix, Amazon, etc. by using the password reset.

I approached the hotel staff and complained to them. I explained someone has hacked into the hotel computer network, and he had changed my passwords. They thought I was crazy. Then I showed them my laptop, and I logged onto Facebook, where it showed someone changed my password by using my laptop or by accessing through the hotel's network. The staff refused to believe me as if I were wasting the staff's time with incredible stories.

After walking around, seeing the sights, I went to a computer club and created a new email account, using Hushmail. First, I recovered my Hotmail account and sent the reset link to Hushmail. Hotmail allows users to recover their email accounts by answering personal questions and sending a confirmation to a new email account. Some questions were subject lines of emails, folder names, and email contacts. Second, I reclaimed Facebook and Yahoo because I already linked those accounts to Hotmail. After recovering Yahoo, I reset all my passwords to my other accounts including the important account for managing my website.

What did the hacker gained by doing this? He did not delete anything or did not attempt to steal money from my bank accounts, but I did cancel my old debit cards and applied for new ones before I left the United State. I never updated the debit card information on most of the internet accounts. Luckily, I did not log onto my bank's website; otherwise, the hacker would have information to these accounts. Consequently, I am careful about checking internet accounts. I use the ATM for account balance inquiries and check one email account using a public wi-fi.

Unfortunately, I was an email hoarder and retained all my vital emails. The hacker read my emails and knew which websites to visit to reset and change my passwords. I still have a potential problem. If the hacker can remember enough account details, then he can recover accounts. After two weeks, all my internet accounts were fine, but I deleted emails that contained too much information to other internet accounts. I also used a different password for every internet account.

After some research, I deduced the method the hacker used. He used a program that identified my computer on the hotel network, and then he rerouted all communications between my computer and the network through his computer. I did notice the internet slowed down as he rerouted communications. Then the hacker saw all the websites I visited. He accessed the websites as if he were me, and he circumvented the encryption. Encryption only works when we send information onto the internet, sending pieces of information over time that travels through thousands of different channels randomly. An eavesdropper only would capture a nugget of encrypted information while the hacker has access to all information. Then he has access to your account and change the password. I was shocked by this method's ease because the programs are available freely in Linux, the choice for computer hackers. Thus, all you users out there, beware!

6 comments:

  1. your blog content is very nice ,I have read your blog your blog and information is very used full ,and way to represent the blog is also nice .information on you Skype Support and Call +1-800-231-4635 USA (Toll Free).

    ReplyDelete
  2. You should use password according to the rules, beware of hackers. In House Training

    ReplyDelete
  3. Someone hacked into the network itself and become the intermediary between my laptop and the internet. Next time, I must make sure the network is secure.

    ReplyDelete


  4. Hello all

    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the peoples with
    different ways and it’s a badly impact to real hacker now situation is that
    peoples doesn’t believe that real
    hackers and carder scammer exists. Anyone
    want to make deal with me any type am available but first I‘ll show the proof that
    am real then make a deal like

    Wire Bank Transfer

    Western Union,

    Money Gram

    SSN

    Hacking stuff

    Shipping product. serious /
    needy contact about it.

    lykovine@yahoo.com

    ReplyDelete
  5. My computer is hacked too. I have no idea how to get these people out of my computer. Any ideas would be greatly appreciated.

    ReplyDelete