Ahhh. Days went by and no new posts from goldfries.com – I blame myself for not having prepared any backup articles.
I wanted to write some articles though, I thought of having some articles written and even finalize some of my half-finished articles on 24th March (Monday) as I was having more projects coming in and I also had planned to go on a vacation during the later part of the week.
Things went all awry and my plans for article writing on that day came to a halt when I got a phone-call from Nicole on Sunday night (ok, more like Monday morning, since it was after midnight) claiming that someone was using my Windows Live Messenger account and asking for money!
Crap! How da heck did that happened? Before I went to sleep that day (23rd March 2008, Sunday), Windows Live Messenger suspiciously logged me out of their service and I can’t seem to log in after that. I thought it was another one of those Microsoft’s doings so I hit the sack as I was too tired to do anything else anyway. Now it all made sense, I was logged out because someone gained entry to my account! Damn!
What Did I Do Wrong
Being a person who’s aware of security hazards and all, I’ve always had my systems patched. I don’t browse nonsense sites. I don’t download stuff from unknown source. I don’t install things for fun (yeah, like how some people love to install cute things on their computer). I made sure my anti-virus patterns are updated and that there are no malware / spyware on my machine that could lead to key-logging. Heck I even had my Windows Live Messenger to not remember my password, even my password was not related to anything in my life or even anything else in this world!
So what could I have done wrong? I thought hard on this one. While doing so, I also did another scan of my system just to make sure the confidence of my “best-practices” had not clouded me – sure enough there wasn’t any malicious application running on my machine.
Fair enough – where did I go wrong? The only thing I could think of was that my Hotmail account that was old and unmaintained. I didn’t like hotmail, it deactivates after a period of not logging in to it. I just couldn’t be bothered with it; I pay attention to the security settings on it to begin with. All I ever used it for was for my Windows Live Messenger log in and I had never thought anyone would be interested to break into it.
My assumption was flawed – I failed to realize that my status over the Internet has boomed within the past 8 month. I was a nobody once and now I have a site that commands couple of hundred visitors a day and even my status over at the local tech community forum Lowyat.net (LYN) had skyrocketed. I failed to realize that my once useless Windows Live Messenger contact now carries a huge reputation on it as my activities at goldfries.com and Lowyat.net (LYN) had garnered so much trust and respect from the people that I’ve helped and made friends with. 🙁 Even a notice was issued.
How Bad Could It Be?
To make it worse, the hacker wasn’t someone who was not aware of my status. It wasn’t just a simple entry-gained thing, the hacker abused the status on my account as much as he could.
The thing about my account was I had grouped my contacts. Those that are from LYN, those that are in the moderating crew of LYN. and those that are just labelled as FRIENDS.
So what did the hacker do? He attempted to borrow money from my friends and also the moderating crew (obviously my friends too) while attempt to sell PayPal funds to those he could find from the forum.
To my record, so far he did manage to swindle about RM 4,000.
Like what I told my friends –
It’s quite scary to know the amount of trust people have on me. I feel the burden now. it’s like woah my MSN contact alone can get $$$. It’s like shit, I have a money making machine there!
I also lost a day of productivity as I now had to pay visit to the bank to highlight that some bank accounts were clearly used in con attempts. My work got piled up and this led to the lack of time to churn out more articles. Arrgghhh!
Reputation = Damage Reduction!
I always did my best to carry myself in the best possible manner wherever I visit, in real-life and on over the Internet.
What I didn’t know about was how my friends, even those who never met me actually took note of who I am and how I behaved. 🙂 This saved them from being duped by the conman!
Here are some of the feedback that I got from my friends……
I also kena…. Luckily i notice not like u…. bcoz he scold me at msn!
to be honest i dun even know u personally. and i’m not even sure u r who u r now
when he said “its me goldfries”…. then i noticed already!
I noticed the pattern too. He asked me for RM 850 and I told him I don’t have so much. I know it wasn’t Brian because his English sucks.
More details here! – what’s even more amusing is that some of my friends actually made up a bunch of stories to confuse or at least make themselves an annoyance to the hacker and it was HILARIOUS!
Unfortunately there are also those who lacked common sense but I’m not going to elaborate here.
Microsoft was slow but I couldn’t blame them either. They were being careful before attempting to return the account to me since I could be a conman. 🙂
I was hoping to get my account back soon. I had a rest on Monday evening, this time to be awaken by my friend Vi King – I was told that the hacker wishes to speak to me. Since there’s nothing much left to do, I decided to give it a go. To add to my amazement, Vi King also mentioned that the hacker wanted to return me my account. Thank God for that. 🙂
So yeah I did spend quite a while chatting with him. He did expressed that he found it pointless to go on (yeah, he could’ve done it but he didn’t) and he just wanted to return me my account and that he’s done his part to prove that my MSN account lacked security. I did give him a piece of my mind (in a polite manner) that he could’ve done so to me without causing harm to others.
Later I asked him how he managed to gain entry to my account. I was pretty sure it wasn’t done by key-logging, password guessing (which takes forever) and brute force hacking (going up against Microsoft’s security system).
Eagerly I awaited his answer, and he did let me in on how it was done and I was right – he didn’t use any of the above! So how did he do it? All he did was using Microsoft’s password retrieval option. 🙁 Was it that easy? He declined to give me the details (no hacker would!)
Nevertheless, the chat session came to an end – he logged off and I got my account back.
Most of the $$$ swindled were recovered – however the conman / hacker still roams free.
I’m sure as you read this article – it does make you realize how powerful the Internet can be and how we must take caution in our online activities.