Broke Up, Hi-jacking, and Deception

Once in my peaceful days, a friend rang me up. She said that a friend of her got a problem with email. This friend got her email hi-jacked by her ex-boyfriend. So she couldn’t login to her email. That’s just for the start. The bigger problem is this ex also hi-jacked her Facebook account and start doing nasty things with her account. Pretty scary huh?

From her information, the method of this hi-jacking was apparently because of the victim gave the password to the ex. So the ex didn’t need to hack the password and just login easily. My curiosity led me to search some informations about hacking an email password. Are there any people who wrote any methods about it in the Internet?

Letting Go (courtesy of Randall Munroe)
Letting Go (courtesy of Randall Munroe of xkcd.com)

In my search, I found a site that wrote an article about how to hack email account from. Before you read my quote from the site, I warned you not to think about trying it. Okay, I’ve warned  you, this is some parts from the article:

STEP 1- Log in to your own mail account. Note: Your
account must be at
least 30 days old for this to work.
STEP 2- Once you have logged into your own account,
compose/write an e-mail
to: RETRIVE_PASS_KEY@xxx.com This is a mailing
address to the xxx
Staff. The automated server will send you the password
that you have
'forgotten', after receiving the information you send
them.
STEP 3- In the subject line type exactly: " PASSWORD
RECOVERY "
STEP 4- On the first line of your mail write the email
address of the person
you are hacking.
STEP 5- On the second line type in the e-mail address
you are using.
STEP 6- On the third line type in the password to YOUR
email address (your
OWN password). The computer needs your password so it
can send a JavaScript
from your account in the xxx Server to extract the
other email addresses
password. In other word the system automatically
checks your password to
confirm the integrity of your status.
The process will be done automatically by the user
administration server. STEP 7- The final step before
sending the mail is,
type on the fourth line the following code exactly:
cgi-bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&amp;login=passmachine&
amp;f=(password)&amp;f=27586&amp;javascript=ACTIVE&amp;rsa#>
{simply copy and paste above.}

First of all, I wanna ask you a question. My question is, “Do you wanna try it?”. Well, if you want, then you’re fall for it. The instruction above told you to obtain your target email password, you need to send your own email password. Get it now? Instead of hacking your target, you’ll end up being hacked yourself. Congratulations! You just lost your email account. So, don’t try this at home (and anywhere you are).

413983Bn9XL._SL160_
The Art of Deception


This trick reminds me about a book that I read some years ago. The title is The Art of Deception: Controlling the Human Element of Security written by Kevin D Mitnick (yes, the legendary hacker). In this book, he wrote some stories about deception that can be used to have critical information of the system. This book highlights the weakest link of system security: the human factor.

It’s not a secret anymore that sometimes you could find root passwords carelessly written on a piece of paper in admin room. The worst part is any people just can enter that room with ease. I’m not telling you to become a paranoid, but hey, it’s better preventing than curing, right?

Another interesting part of the book told a story about how people can be deceived. Just using impersonation phone call, access to the main system could be acquired. If someone telling you that he’s from another division, got a problem with accessing the system, you’ll more likely to help him right?

Okay, back to the main topic. The email is hi-jacked by her boyfriend. What we can do about it? I asked my friends opinion about it. These are we can came up with.

  • Be nice with your boyfriend. A mad man can be really dangerous and hard to deal with. Also try not to broke up with him.
  • If you really have to broke up with him, please broke up nicely. Don’t let anger filled the broke up process.
  • If he successfully hi-jacked your email, go and talk to him. Talk carefully with him, who knows that he will give back your email account. (this was Danu’s suggestion)
  • If it didn’t work out, try to retrieve your email account by using the Forgot your Password or secret question password retrieval. This method only counted if he didn’t change the email and question password retrieval.
  • Still didn’t work? Try to start a new life. Create a new email account, change its password regularly, and never told your password to anyone (including your boyfriend).

Like the old saying preventing is better than curing. If right now your boyfriend or anyone else knew your password, go and change it immediately. And don’t forget: be nice to the people and they will be nice to you. People are just like a wall, they will throw back what you’re throwing them.

See you around and have a nice day.

Resources:

  • Letting Go webcomic is a courtesy of xkcd.com
  • The Art of Deception cover is a courtesy of Amazon.com

4 thoughts on “Broke Up, Hi-jacking, and Deception

  1. Hehehe… Canggih juga yah…

    Jadi intinya, si penulis artikel itu juga berusaha mendapatkan username & password orang lain dengan cara menyamar sebagai Customer Service-nya perusahaan e-mail.

    Dia membikin account di banyak mailserver dengan username "retrieve_pass_key". Dan menunggu apakah ada korban yang terkecoh dengan artikelnya.

    Nice inpoh Gan…

    Have a nice weekend…
    :bobo:

What's in your mind?