Help please with identity hijacking

XPatriot · #1 21st Sep 05, 07:35 AM

Hello folks...

I was wondering if anyone could possibly tell me how someone could have discovered not only the passwords to numerous hotmail accounts when some of them are not only unknown to anyone other than me and when all are unrelated to one another... used in separate identities in Outlook express?

Also if possible is there anyway that I could connect to a ip address (of the suspected hijacker)? I know the IP address as they have sent me an email from one of my accounts..

I have sent numerous emails to Hotmail without any assistance..

Thanks..

Dudelive · #2 21st Sep 05, 12:05 PM

If you have their IP number you need to contact the ISP that handles that IP number. There will be a way to report it to the abuse dept. Thatmay be a long shot but about the only one I would attempt.

You will want to do a through scan of your system to check for trojans, viruses and spyware. It is possible there may be a "keylogger" on your system.

Thanks
Dudelive

JacKDynne · #3 21st Sep 05, 01:29 PM

Yep, I am thinking a keylogger may be there also - you should maybe also back up your critical data then wipe the box; reformat and reinstall

/JD

DoG · #4 21st Sep 05, 08:38 PM

Contact hotmail and tell them you want to cancell your accounts, tell them that the accounts have been hijacked and that you can no longer access them. If all goes well a hotmail technician will contact you and you can arrange to have the passwords changed. Worked for me a few months back when a trojan slipped through the defenses- they even posted messages on this forum. Thats the quickest way to get them to help you

Get a decent virus scanner and firewall- you can download free trials from most of the big name virus hunters now. Install the firewall and antivirus, use the firewall to kill all traffic and after the antivirus has been updated then run a scan. you can choose to allow only certain applications acess to the internet- start with just internet explorer and check the list of services running in Taskmanager by googleing for them- if anything is suspicious then kill it.

Don't take any ilegal actionagainst the IP addy you have found- it could be a proxy or dynamic IP in wich case it's you that will be up sh*t creek without a paddle. As mentioned above contact the ISP and provide them with all the details you have- a copy of the email sent to you showing the full headers will help.

If all else fails the it's time to wipe the box and start againjust remember to back up only the critical information. It's best if you compress all the files you back up, that way you can scan them for trojans/worms/virus's before you restore them.

And the most important thing are:
Don't open anything you get sent to you in an email before you scan it with AV
Block any suspicious net traffic
Get an Antivirus and prefferably an Internet security suite that contains a firewall.

Good luck!

Dudelive · #5 21st Sep 05, 11:01 PM

As was stated you most assuredly need a firewall that will ASK do you want this app to access the net or sometimes will only ask if it can contact a certian IP address and depending on which one and the way your system is secured as to allow or not.

If you follow what DoG stated you will be in good shape to start with. Above all do NOT destroy all files with formatting till you find the source of the problem. If you don't find the source it just may be back. Go slow and think things through and ask questions. Good Luck

Thanks
Dudelive

XPatriot · #6 23rd Sep 05, 06:34 AM

Thank you all for your advice... Microsoft has finally got back to me and it looks like i will likely get my email back... As for keylogging? Can someone send a trojan to my IP address or gain access through my an IP portal??

Dudelive · #7 23rd Sep 05, 12:23 PM

There are many ways for that exact thing to happen. The most likely is you accidently downloaded something that had it inside. Warez sites are very famous for these things happening when downloading compressed files. The other way involves port scanners which act as tattle tales reporting back to the owner letting the owner know it found a certain type of port number at a specified location to be open.

There are several methods in which you can use to secure your system.
The first thing you need is a firewall that will report what is going OUT from your computer while at the same time letting you know what is trying to come in. The methods that work for me may not work for you, depemnding on your setup.

Thanks
Dudelive

XPatriot · #8 28th Sep 05, 06:26 AM

Ok... I retrieved the hijacked email account with Microsofts help. A few days before that I recieved an email from this person that at least gave me an impression of how and why they would be interested in attacking my personal information..

The situation... Armed with only an IP address from one email that was sent to this person (from a Yahoo account not using O.E), this person was able to figure out my wifes email address and content on O.E., my personal email address and content in separate XP login using O.E. and a very, very personal email and content using O.E. but using a separate O.E. identity with a O.E. password to access it?

So three emails, within three very distinct separate places on my computer?? All from I assume from an IP addy in my original Yahoo email sent to this person ?

First off...does this sound possible? with IP keyloggers?, or am I dreaming?

If its possible how do I find a IP keylogger??, and prevent it when i'm using a software and hardware based firewall. What is the name of such a keylogger?

Any explaination would be greatly appreciated?

BearCat · #9 11th Oct 05, 08:53 AM

@XPatriot:
A quick Q: How do you connect to the internet ?
Wired ?
Wireless ?
Dialup ?

XPatriot · #10 12th Oct 05, 09:50 AM

Adsl wireless/wired..started using it in Oct, 2004, before that ADSL only.

As an update I have been able to better identify the offending person, but I'm still confused as to their ability to find out so much with just my IP address. I sent an email to this person back in January of 2004 with my Yahoo account (I know this because they sent me a copy of that a few weeks ago from their hotmail acount, luckily with an Telus IP address attached). I'm positive I didn't open up any attachments from them via that account, in fact I don't remember sending them or recieving another email after that one, and their is zero chance that this person knew my id, my wife, from one anonymous email from my yahoo account.

The absolute only way I can think of that this person was able to find out so much about our email usage was via a keylogger of sorts, I scoured the internet and no such luck.

I've been able to convince my IP provider to send them a "Stop harrassment" notice. I don't know if that will put an end to the hassles, or the know hassles. It doesn't mean that they can't keep attempting to guess at my passwords on the accounts that she/he is aware of.

Does anyone know of an IP keylogger?, such as I've suspected? I can't seem to find anything.