My sad story started this morning around 10am. I have a couple of Gmail accounts for work, personal stuff, and testing. Yes, testing. If I'm doing mail forwarding or out of office, I like to verify that things are working the way the documentation says it supposed to.
My test account gets an email from my personal account with a link to what appears to be Hotel Gloria in Italy. I say appears to be because at first, I have no idea if the link is going to take me to a web page filled with trojans, worms, and assorted bits of nastiness meant to clean out my bank account. I was sitting by myself at the time but still said double you tee eff very quietly to myself. Shortly thereafter, somebody in my Gmail contacts sends me an email inquiring if I was recommending the hotel. Oh, oh.
I had heard of people having their Gmail hacked but how exactly? I remembered the recent kerfuffle with Java but had removed the insecure version 6 and replaced it with the more secure version 7.10 and had then disabled Java in all browsers. To double check, I opened the Control Panel and looked at my list of installed programs. Facepalm! There is Java version 6 installed along with version 7. What!?! How the hell did that get there? I had removed it. Did some automatic update put it back?
Then it starts, emails from other people in my contacts asking me about the email I had sent them. Oh boy, somebody has gotten into my Gmail account. But how and what are they doing?
Google has all sorts of information about security so I ploughed through it looking for clues and looking for what to do about this. Tip number one, natch, is to change my password. Done. Detective clue number one turns out to be quite startling.
In Gmail, scroll to the bottom and look on the lower right hand corner. You see "Last account activity: xx minutes ago" and a link called "Details". Details gives you a popup report showing the last ten times my Gmail account has been accessed. I see my IP address but guess what? I see another IP address from the United States (166.205.67.200). The service "What is my IP Address" tells me the host is "mobile-166-205-067-200.mycingular.net" part of AT&T and its geolocation map shows something just outside of Wichita, Kansas.
At the moment I first see this, there are seven entries (Gmail just shows you the last ten entries) all showing the same IP. Is this a mobile device? Is it from Wichita or close-by? Whatever the case, I now know my Gmail has been accessed by somebody else. The question remains: How did they get my password? The only thing I can think of is that an insecure Java version 6 must have given somebody a means to get at me.
By now, I have had a number of people writing to me about an email I supposedly sent them about this Hotel in Italy. I apologise profusely and set about investigating the problem.
So, step number one was to change my Gmail password. Secondly, I removed all of Java: the insecure Java 6 and the newer Java 7. I have no idea if anything needs Java or not but I am going to run without it and see what happens. When I first installed version 7, I used their new security feature of disabling Java in all browsers. I didn't notice anything not working. Now that I have removed Java completely from my machine, I can see if any apps don't work but I doubt it. At least none of the apps I currently use have failed, Microsoft Office for instance.
Google's 2 Step Verification
I decided to follow Google's advice and use this feature. It connects your Gmail account (well, your Google account) to your cell phone. You log in the Google sends a code as a text message to your phone. You must then enter the code into the browser to complete the login process. As Google points out, hackers can get your name and they can get your password but they don't have your cell phone. While this seems inconvenient, Google has added an option to qualify your computer as a trusted machine. This means you can log in at that computer (I'm assuming they are tracking the IP address) without having to put in the code. Of course, a hacker doesn't have your cell phone so when he tries to access your account, he can't get a code. Actually, this makes a great deal of sense. If you decide to access your Gmail from an Internet café, you will have to have your cell phone with you to get a code.
Don't have your cell phone on vacation or you lose it? Google has thought of that too. You can add alternate phone numbers like a work number or the number of a relative. You can create a list of codes to print out and use while you're on vacation and don't have access to a phone at all. Ah, the hoops we have to jump through to stop those nasty hackers but at least Google has come up with a way to stop them.
My apologies
To anybody who got an email from me about the Hotel Gloria in Italy, I am sorry for the inconvenience. The DELete key is, in this instance, your favourite key. Certainly it is a reminder to all of us to look out for out of character emails. Unless Hotel Gloria is going to pay me a stipend, I wouldn't be recommending them to anybody.
Final Word
Man, these little f**kers would rob me blind and not think twice about it. Of course with the anonymity of the Internet and remote access, this may be easier than picking pockets down at the market.
My advice here is to immediately review your own security. This is the second time in eight months I've had my machine compromised and if I can get hacked, anybody can get hacked. Just because you haven't yet had to face the misery of trying to get your machine cleaned up, don't think you are totally secure. No matter what new lock hits the market, there is somebody out there figuring out how to pick it.
References
Google: Adding recovery options to your account
Losing access to your emails, your documents and photos can be frustrating. To make sure you can get back in to your account quickly, easily and securely, add recovery options. A few minutes now could save you hours of frustration and waiting later.
Google: A guide to staying safe and secure online
Explore quick tips and how-to’s that explain what you can do to stay safe and secure on the web.
Safer Internet Day: February 5, 2013
The idea started in Europe with the objective of promoting safe, responsible use of the Internet to young people. However Google celebrated the day with their own promotion of safety tips for all of us regardless of age. The Internet, like real life, has its share of nefarious villains and we could all do well to heed the advice of the experts by practising some common sense.
my blog: Adobe Flash Update: I'm infected! And I'm an idiot!
Infection? Okay, this isn't another of my postings on my health. Nope, this time I'm talking about my computer. If I ever get my hands on the techno-nerd computer genius who wrote this little gem of a contagion, I'll first shake his hand impressed by his programming proficiency then bash him over the head about his inability to comprehend the havoc he's wreaking on unsuspecting and gullible idiots like me. I hope you're reading this, you little f**ker.
Here's a video of me when I found out my Gmail was hacked
2013-02-10
Site Map - William Quincy Belle | Follow me on Twitter |
1 comment:
Same exact thing happened to my Wife last night. She didn't have 2-step authentication, but I enabled it for her after changing her password. I would like to report the IP address to Google so they can look into it further, but haven't been successful in finding where to do that. Great article and thanks for the tips!
Post a Comment