I've never seen anything like this happen before!

[Spyro]

To make a long story short, I think that someone has been using one of our sbc accounts to email virus's to people. Although I've noticed that after a certain period of time all email addresses seem to get spammed pretty heavily. This is the first time that I've ever checked an account and noticed about 1586 messages from email servers saying that they recieved an email *from* this particular address, the only problem with that is that nobody has been sending illegitimate emails using my system because I'm behind a firewall, running linux, and I keep an eye on my email server's logs. And the person that uses this address has been using a palm VI to check his email for the past 5 years, so there is no way that he could have been responsible for this. What makes all of this really weird is that, he recently cancelled his account at palm.net because of a ridiculous spike in usage fees. It appears that he went from using 11 kilobytes per month (almost that same amount every month ever since he recieved his handheld) to using something in the neighorhood of 1,968 kilobytes per month during the last 3 months. His palm account was even being charged usage during a time period that it was siting on my desk, completely without power after running its batteries dry, waiting for me to get around to restoring the back-up.

My take on this is that somebody that he knows managed to get their hands on his sbc password and his palm.net password, but I'm not really sure about how this could have happened, since I'm the only person who knows both of them. Both the palm.net and the sbc accounts have been shut down, but I'm wondering. Has anyone else ever had anything like this happed to them? A claim has been filed with palm, but what is the possibility that they will actually refund the money? Would it be possible to have this investigated, to find out who's responsible? I probably already know the answer to this one , but is this a case of social hacking?

 

[FoBoT]

Originally posted by: Spyro
To make a long story short

i had to laugh/post when you start with that , but have a fairly large paragraph of text for us to read

hehe,

sounds like his account got hacked, good thing he cancelled it

 

[Spyro]

i had to laugh/post when you start with that , but have a fairly large paragraph of text for us to read

sounds like his account got hacked, good thing he cancelled it

But what was the possibility of getting both his palm.net and his sbcglobal accounts hacked into during the same time period. Due to the subjects of the viruses (90% of the time was health and fitness) and the fact that I could recognize most of the email adresses that the viruses were being mailed to as members of a running group. I think that whoever did this is pretty local, so would there be some way of tracking them down or something. Doesn't sbc keep ip adreeses of who conmects to their email servers or something like that?

 

[narzy]

Spyro, they could track what PALM was doing it, (each palm has a UID, you can log in to your palm.net account but your palm transmits that devices UID to palms server.) but that wouldn't tell you who owned that palm just that it wasn't your palm doing it. that also doesnt prove that it wasn't you on the other palm unless one palm is in a different state, and yours is in your home state, connecting at a rediculusly short amount of time from both locations. (ex hacked palm connect from Iowa disconnects and 1 minutes later YOUR palm connects from new york.) THEN that doesn't prove that you didn't intentionally give the other user your palm password to connect to the service. its really sticky to deal with a hacked palm account unless it was brute force hacked which is really easy for palm to see.

now you CAN track what IP the viri were sent from by looking at the header, if they wern't forged and seeing what server they originated from and what IP connected to taht server, but if they are any good at this kind of crap they used a anonymous relay server which can't easily be traced back to them. there is a saving grace however, more and more ISP's are using MAPS (mail abuse prevention system) to screen out open relay servers and this would block a lot of the bad E-mails being sent. MAPS has its own problems tho and alot of other ISP's stear clear of it.

over all I would say its going to take a fairly good amount of time to see if you can even trace this guy, but it can be done. he might have registered his palm w/ palm inc. and you would hit a jackpot, but how many people REALLY register their products. not many. who knows, you might get lucky. or that palm that the "hacker" is using is stolen.

in any event, good luck .

 

[Spyro]

Originally posted by: narzy
Spyro, they could track what PALM was doing it, (each palm has a UID, you can log in to your palm.net account but your palm transmits that devices UID to palms server.) but that wouldn't tell you who owned that palm just that it wasn't your palm doing it. that also doesnt prove that it wasn't you on the other palm unless one palm is in a different state, and yours is in your home state, connecting at a rediculusly short amount of time from both locations. (ex hacked palm connect from Iowa disconnects and 1 minutes later YOUR palm connects from new york.) THEN that doesn't prove that you didn't intentionally give the other user your palm password to connect to the service. its really sticky to deal with a hacked palm account unless it was brute force hacked which is really easy for palm to see.

now you CAN track what IP the viri were sent from by looking at the header, if they wern't forged and seeing what server they originated from and what IP connected to taht server, but if they are any good at this kind of crap they used a anonymous relay server which can't easily be traced back to them. there is a saving grace however, more and more ISP's are using MAPS (mail abuse prevention system) to screen out open relay servers and this would block a lot of the bad E-mails being sent. MAPS has its own problems tho and alot of other ISP's stear clear of it.

over all I would say its going to take a fairly good amount of time to see if you can even trace this guy, but it can be done. he might have registered his palm w/ palm inc. and you would hit a jackpot, but how many people REALLY register their products. not many. who knows, you might get lucky. or that palm that the "hacker" is using is stolen.

in any event, good luck .

Thanks narzy, I think I'm going to ask him if he ever told anyone his password. I *know* that there is atleast one person with his palm.net pass word but there is no way that she would know his sbc password, because he didn't even know that one himself

He was using gopherking to check his email though, which means that his sbc mail password could have quite possibly been stored on his handheld. He's had his bag stolen several times (from a locker), but the first time only his wallet was stolen (and it was empty except for five bucks ) and I'm not really to sure about the second time. Since his palm was usually kept in there is it possible that somebody could have gotten both his palm.net and his sbc passwords off of the device?

 

[Spac3d]

Cliff notes please?

 

[Spyro]

Originally posted by: Spac3d
Cliff notes please?

Sure

Somebody seems to have hijacked my friend's email account and palm.net account using his passwords. And was putting ridiculous amounts of usage on the palm account and was using the email account to mass email viruses to alot of people here in the houston area.

Most of the viruses weren't accepted by the recieving email servers and they bouncsed them back, after checking his email the other day and seeing over a thousand of the, I figured that something fishy was going on and closed both accounts.

Since he was using an email service called gopherking to check his sbc mail from his palm, I was wondering if it would be possible for someone to gain access to both accounts using his handheld, without taking it apart or anything like that.

 

[narzy]

Originally posted by: Spyro

Originally posted by: narzy
Spyro, they could track what PALM was doing it, (each palm has a UID, you can log in to your palm.net account but your palm transmits that devices UID to palms server.) but that wouldn't tell you who owned that palm just that it wasn't your palm doing it. that also doesnt prove that it wasn't you on the other palm unless one palm is in a different state, and yours is in your home state, connecting at a rediculusly short amount of time from both locations. (ex hacked palm connect from Iowa disconnects and 1 minutes later YOUR palm connects from new york.) THEN that doesn't prove that you didn't intentionally give the other user your palm password to connect to the service. its really sticky to deal with a hacked palm account unless it was brute force hacked which is really easy for palm to see.

now you CAN track what IP the viri were sent from by looking at the header, if they wern't forged and seeing what server they originated from and what IP connected to taht server, but if they are any good at this kind of crap they used a anonymous relay server which can't easily be traced back to them. there is a saving grace however, more and more ISP's are using MAPS (mail abuse prevention system) to screen out open relay servers and this would block a lot of the bad E-mails being sent. MAPS has its own problems tho and alot of other ISP's stear clear of it.

over all I would say its going to take a fairly good amount of time to see if you can even trace this guy, but it can be done. he might have registered his palm w/ palm inc. and you would hit a jackpot, but how many people REALLY register their products. not many. who knows, you might get lucky. or that palm that the "hacker" is using is stolen.

in any event, good luck .

Thanks narzy, I think I'm going to ask him if he ever told anyone his password. I *know* that there is atleast one person with his palm.net pass word but there is no way that she would know his sbc password, because he didn't even know that one himself

He was using gopherking to check his email though, which means that his sbc mail password could have quite possibly been stored on his handheld. He's had his bag stolen several times (from a locker), but the first time only his wallet was stolen (and it was empty except for five bucks ) and I'm not really to sure about the second time. Since his palm was usually kept in there is it possible that somebody could have gotten both his palm.net and his sbc passwords off of the device?

I don't know how gopherking stores its passwords, if their encrypted or not, or how well they are encrypted if they are. I know palm.net's saved password is encrypted, however I don't know if there are any tools that will unencrypt them, unfortunatly I would say there are tools availible that would unencrypt them but again, I myself don't know of them.

one other possiblity is that someone was scanning the airwaves for palm passwords from palm devices connecting and came across it, (I forgot if palm encrypted the password when its sent from the device or not...I think it is.) and wile sniffing also came across his E-mail password being transmitted, most likly in plain text (supprise, E-mail passwords are not encrypted when sent to the server...). so thats another way someone could have gotten it, but I find it pretty unlikely. I would think it would be more of a local job.

 

[Spyro]

Originally posted by: narzy

Originally posted by: Spyro

Originally posted by: narzy
Spyro, they could track what PALM was doing it, (each palm has a UID, you can log in to your palm.net account but your palm transmits that devices UID to palms server.) but that wouldn't tell you who owned that palm just that it wasn't your palm doing it. that also doesnt prove that it wasn't you on the other palm unless one palm is in a different state, and yours is in your home state, connecting at a rediculusly short amount of time from both locations. (ex hacked palm connect from Iowa disconnects and 1 minutes later YOUR palm connects from new york.) THEN that doesn't prove that you didn't intentionally give the other user your palm password to connect to the service. its really sticky to deal with a hacked palm account unless it was brute force hacked which is really easy for palm to see.

now you CAN track what IP the viri were sent from by looking at the header, if they wern't forged and seeing what server they originated from and what IP connected to taht server, but if they are any good at this kind of crap they used a anonymous relay server which can't easily be traced back to them. there is a saving grace however, more and more ISP's are using MAPS (mail abuse prevention system) to screen out open relay servers and this would block a lot of the bad E-mails being sent. MAPS has its own problems tho and alot of other ISP's stear clear of it.

over all I would say its going to take a fairly good amount of time to see if you can even trace this guy, but it can be done. he might have registered his palm w/ palm inc. and you would hit a jackpot, but how many people REALLY register their products. not many. who knows, you might get lucky. or that palm that the "hacker" is using is stolen.

in any event, good luck .

Thanks narzy, I think I'm going to ask him if he ever told anyone his password. I *know* that there is atleast one person with his palm.net pass word but there is no way that she would know his sbc password, because he didn't even know that one himself

He was using gopherking to check his email though, which means that his sbc mail password could have quite possibly been stored on his handheld. He's had his bag stolen several times (from a locker), but the first time only his wallet was stolen (and it was empty except for five bucks ) and I'm not really to sure about the second time. Since his palm was usually kept in there is it possible that somebody could have gotten both his palm.net and his sbc passwords off of the device?

I don't know how gopherking stores its passwords, if their encrypted or not, or how well they are encrypted if they are. I know palm.net's saved password is encrypted, however I don't know if there are any tools that will unencrypt them, unfortunatly I would say there are tools availible that would unencrypt them but again, I myself don't know of them.

one other possiblity is that someone was scanning the airwaves for palm passwords from palm devices connecting and came across it, (I forgot if palm encrypted the password when its sent from the device or not...I think it is.) and wile sniffing also came across his E-mail password being transmitted, most likly in plain text (supprise, E-mail passwords are not encrypted when sent to the server...). so thats another way someone could have gotten it, but I find it pretty unlikely. I would think it would be more of a local job.

A local job...... Hmmmmm....... Yup, that sounds possible. As much as I hate to admit, though, we'll probably never figure out who dit it

 

[Spyro]

bump

 

[narzy]

how much money are you out as a company?

 

[Skyclad1uhm1]

Check whether the mails came from an IP used by your company. Name an email address and I can send mails as that user, whether it be president@whitehouse.gov or ubersatan@microsoft.com.
The IP will still show my machine though.

If they did hack into the system, steal his account, or abuse a bug/open relay you will see your own IP number in the header.