hacked email retribution

Hey guys,

So my and Lindsey’s joint gmail account (not this one) got hacked today and a ton of spam went out. I happened to be logged in when it happened and was able to sign out all the other sessions, change the password, and institute 2-step verification. After doing that I pulled up the recent account activity and found a few IP addresses, some mobile some browser, that clearly weren’t myself or Lindsey. One was from Georgia and a few from New York…

Two questions:

  1. If I posted the IP addresses in this email, is there anything anyone could (or would be willing to) do to find them and get me some revenge? haha.

  2. Is there a way to find out HOW it got hacked or where they got my password from to begin with so I can avoid using that service in the future?



To answer 2:

There have been a LOT of java exploits recently, and google’s always a prime target for phishers and other online miscreants.

I’m a BIG fan of google’s two factor authentication and use it almost 100% of the time. I keep my desktop at home permanently authenticated (no token needed) and my laptops require it to log in to gmail.

To answer #1: The IP’S are probably exit nodes of some kind, like TOR or a compromised host, rather than the spammer’s server. You could always scan them and see :slight_smile:

Yeah when on windows and you get hit with a Trojan or exploit (PDF, IE, etc) they typically inject code into the system DLLs to harvest all passwords that use SSL or contain keywords.

My guess is one of the machines you use is compromised or you use the same password on another site that got compromised.

As someone who’s job is to deal with these things, I strongly recommend against retribution. Chances are that the person(s) you are dealing with have a life dedicated to trying to cleverly thwart your system and do other nasty things. You, on the other hand, have a life dedicated to something other than playing silly games against crackers.

Chances are you got attacked from legit IP’s and don’t know how to hide yourself from the legit sys admin, which means you’ll only be putting yourself into the position of getting blamed for everything the attacker did.

If you want “revenge”, I recommend turning over what you did get to the local FBI office. I can pass it over on your behalf, if you wish.