An Encounter With A Hacker

An Encounter With A Hacker

Ahhh. Days went by and no new posts from goldfries.com – I blame myself for not having prepared any backup articles.

I wanted to write some articles though, I thought of having some articles written and even finalize some of my half-finished articles on 24th March (Monday) as I was having more projects coming in and I also had planned to go on a vacation during the later part of the week.

Things went all awry and my plans for article writing on that day came to a halt when I got a phone-call from Nicole on Sunday night (ok, more like Monday morning, since it was after midnight) claiming that someone was using my Windows Live Messenger account and asking for money!

Crap! How da heck did that happened? Before I went to sleep that day (23rd March 2008, Sunday), Windows Live Messenger suspiciously logged me out of their service and I can’t seem to log in after that. I thought it was another one of those Microsoft’s doings so I hit the sack as I was too tired to do anything else anyway. Now it all made sense, I was logged out because someone gained entry to my account! Damn!

What Did I Do Wrong

Being a person who’s aware of security hazards and all, I’ve always had my systems patched. I don’t browse nonsense sites. I don’t download stuff from unknown source. I don’t install things for fun (yeah, like how some people love to install cute things on their computer). I made sure my anti-virus patterns are updated and that there are no malware / spyware on my machine that could lead to key-logging. Heck I even had my Windows Live Messenger to not remember my password, even my password was not related to anything in my life or even anything else in this world!

So what could I have done wrong? I thought hard on this one. While doing so, I also did another scan of my system just to make sure the confidence of my “best-practices” had not clouded me – sure enough there wasn’t any malicious application running on my machine.

Fair enough – where did I go wrong? The only thing I could think of was that my Hotmail account that was old and unmaintained. I didn’t like hotmail, it deactivates after a period of not logging in to it. I just couldn’t be bothered with it; I pay attention to the security settings on it to begin with. All I ever used it for was for my Windows Live Messenger log in and I had never thought anyone would be interested to break into it.

My assumption was flawed – I failed to realize that my status over the Internet has boomed within the past 8 month. I was a nobody once and now I have a site that commands couple of hundred visitors a day and even my status over at the local tech community forum Lowyat.net (LYN) had skyrocketed. I failed to realize that my once useless Windows Live Messenger contact now carries a huge reputation on it as my activities at goldfries.com and Lowyat.net (LYN) had garnered so much trust and respect from the people that I’ve helped and made friends with. ๐Ÿ™ Even a notice was issued.

How Bad Could It Be?

To make it worse, the hacker wasn’t someone who was not aware of my status. It wasn’t just a simple entry-gained thing, the hacker abused the status on my account as much as he could.

The thing about my account was I had grouped my contacts. Those that are from LYN, those that are in the moderating crew of LYN. and those that are just labelled as FRIENDS.

So what did the hacker do? He attempted to borrow money from my friends and also the moderating crew (obviously my friends too) while attempt to sell PayPal funds to those he could find from the forum.

Damages Done

To my record, so far he did manage to swindle about RM 4,000.

Like what I told my friends –

It’s quite scary to know the amount of trust people have on me. I feel the burden now. it’s like woah my MSN contact alone can get $$$. It’s like shit, I have a money making machine there!

I also lost a day of productivity as I now had to pay visit to the bank to highlight that some bank accounts were clearly used in con attempts. My work got piled up and this led to the lack of time to churn out more articles. Arrgghhh!

Reputation = Damage Reduction!

I always did my best to carry myself in the best possible manner wherever I visit, in real-life and on over the Internet.

What I didn’t know about was how my friends, even those who never met me actually took note of who I am and how I behaved. ๐Ÿ™‚ This saved them from being duped by the conman!

Here are some of the feedback that I got from my friends……

I also kena…. Luckily i notice not like u…. bcoz he scold me at msn!

to be honest i dun even know u personally. and i’m not even sure u r who u r now

when he said “its me goldfries”…. then i noticed already!

I noticed the pattern too. He asked me for RM 850 and I told him I don’t have so much. I know it wasn’t Brian because his English sucks.

More details here! – what’s even more amusing is that some of my friends actually made up a bunch of stories to confuse or at least make themselves an annoyance to the hacker and it was HILARIOUS!

Unfortunately there are also those who lacked common sense but I’m not going to elaborate here.

Recovery

Microsoft was slow but I couldn’t blame them either. They were being careful before attempting to return the account to me since I could be a conman. ๐Ÿ™‚

I was hoping to get my account back soon. I had a rest on Monday evening, this time to be awaken by my friend Vi King – I was told that the hacker wishes to speak to me. Since there’s nothing much left to do, I decided to give it a go. To add to my amazement, Vi King also mentioned that the hacker wanted to return me my account. Thank God for that. ๐Ÿ™‚

So yeah I did spend quite a while chatting with him. He did expressed that he found it pointless to go on (yeah, he could’ve done it but he didn’t) and he just wanted to return me my account and that he’s done his part to prove that my MSN account lacked security. I did give him a piece of my mind (in a polite manner) that he could’ve done so to me without causing harm to others.

Later I asked him how he managed to gain entry to my account. I was pretty sure it wasn’t done by key-logging, password guessing (which takes forever) and brute force hacking (going up against Microsoft’s security system).

Eagerly I awaited his answer, and he did let me in on how it was done and I was right – he didn’t use any of the above! So how did he do it? All he did was using Microsoft’s password retrieval option. ๐Ÿ™ Was it that easy? He declined to give me the details (no hacker would!)

Nevertheless, the chat session came to an end – he logged off and I got my account back.

The Aftermath

Most of the $$$ swindled were recovered – however the conman / hacker still roams free.

I’m sure as you read this article – it does make you realize how powerful the Internet can be and how we must take caution in our online activities.

goldfries rated this product :

20 Comments

  1. Well apparently I kena also in another forum where I have mod privileges. I srsly don’t know how on earth he can get mine.

    The weird thing is, when the admin banned my mod account, he tried to use password reset form (provided by forums). Hmm. =__=||

  2. This incident happened quite sometime ago if I’m not mistaken. Created a big Hu Ha in LYN Forum. Anyways I’m glad the whole ordeal is over for you.

    Cheers and Happy Blogging!

  3. Author

    It was just 2 weeks back! I mentioned the date in the first few paragraphs of the article. ๐Ÿ™‚

  4. woah terror!
    and you manage to talk to him????

    My facebook had been hack once (I think it is loh). Because the person send numerous wall message to other people. Is that possible?

    Good thing I’m reading back your article. Its been awhile since I log back here and read. Good thing you have such article, to remind me of situation might happens.

  5. Could you or perhaps have an article (or tell me now) how to avoid ourself from being in the same situation on what had happened to you?

  6. Author

    Well he requested my audience. ๐Ÿ™‚

    Anyway, I’ll see if I can come up with some article on how to better protect yourself. ๐Ÿ™‚

  7. Luckily at the end nothing big issue happened, I think for this I deserve a teh tarik right? ๐Ÿ˜›
    Anyhow, glad that everything is over! You wouldn’t want to know how “excited” was that time and to add more excitement, I was threatened by the hacker that my account is his next target as I kinda like busted his con activity. =.=”
    Well, this incident teaches us a big lesson, Internet ain’t safe!

  8. Author

    Either that or next time I just give you some business. ๐Ÿ™‚

  9. Woah.. Scary man.. Luckily the hacker was kind to giv back ur account.. Huhu.. I would not wan to experience such things… Sure gonna be hard to clear up the mess.. Like fruitie says Internet ain’t safe but nowadays much of our life depends on it..

    Damn hackers.. XD.. What they kno can do so much for good but instead use their power to con ppl…

  10. Author

    I think what I face is considered small matter when it comes to Internet abuse.

  11. @eXPeri3nc3,
    they have skills. perhaps you should visit the hacking competition and you will know how skillful they are. of course, they have to know of computer language.

  12. freaking scary.. wonder where the hacker hacked into and managed to get all your details. got hacking competition and exhibition coming up, go participate lol.

  13. @Spammer,
    I bet the one that hacked goldfries hotmail acc got it by luck and maybe reverse engineering. Yes I admit they have skills, but doesn’t mean that they can get what they want.

  14. @eXPeri3nc3,
    there are too many possibilities that goldfries accidentally provided the password. One of them is keylogger

  15. @Spammer,
    We discussed it before. It’s almost impossible for goldfries to be keylogged. He’s quite cautious.

  16. virus malware? maybe goldfries surf porn ๐Ÿ˜›

  17. Lolz I bet he’s clever enough to use torrents and scan them before watching them LOL =P

  18. never notice this post until recent scam case in lyn. IMO, if u using WLM 2009 that time, u will be notified by WLM that ur account being accessing from another pc. I’m not sure if it works for lower version on opposite.


Comments are closed.