tabath Posted April 19, 2010 Share Posted April 19, 2010 Had some issues last night with my wifes gmail account,had somehow been hacked and emails sent out(containg links) to all contacts in her gmail address book AND all contacts in her work Outlook address book. Obviously the work related stuff is quite serious as she works for a large multinational............BUT none of her work contacts are saved in her gmail contact list and in fact she has only ever sent email to 2 of her work contacts from her gmail account. She has access to her works email and intranet by way of a citrix VPN using a security keyfob number generator. Our home network is behind a router with all ports in and out nailed down and monitored, I regularly run all the usual anti stuff and all the usual security precautions are taken. Shes just been on the phone to me from work having had her help desk bod with her and he said it must have been from our end ( the companies) and happened when you were logged into the intranet from home! I said to the wife I thought that very unlikely, if the companies network has been compromised internally why then hack her google account to send emails instead of just sending them from her company email account -the only other option I can see is the company has standardised on blackberries for mobile access to email, maybe theres a weakness there. Just before the emails were sent from her account google recorded a login from a mobile device in france - obviously not my wife. anyone had anything siilar or any thoughts? Cheers Quote Link to comment Share on other sites More sharing options...
Sparda Posted April 19, 2010 Share Posted April 19, 2010 How does your wife access the gmail account (web interface, Outlook etc.)? Quote Link to comment Share on other sites More sharing options...
tabath Posted April 19, 2010 Author Share Posted April 19, 2010 How does your wife access the gmail account (web interface, Outlook etc.)? Web interface - however she can't access it through her works laptop as its blocked, she always accesses it from home computers. She uses outlook at work Quote Link to comment Share on other sites More sharing options...
d1g1tal3nvy Posted April 21, 2010 Share Posted April 21, 2010 Web interface - however she can't access it through her works laptop as its blocked, she always accesses it from home computers. She uses outlook at work I would also make sure she has the option for always using HTTPS instead of HTTP. It's possible her credentials were sniffed: See here. Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted April 22, 2010 Share Posted April 22, 2010 I would also make sure she has the option for always using HTTPS instead of HTTP. It's possible her credentials were sniffed: See here. Just recently this happened to a client of mine sure enough someone used sslstrip on their network (WEP at the time) and got their Gmail credentials and of course used their account to spam all their contacts :( just change passwords and always check for HTTPS:// in the URL! Quote Link to comment Share on other sites More sharing options...
Charles Posted April 22, 2010 Share Posted April 22, 2010 Best thing would be is to change the password. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 22, 2010 Share Posted April 22, 2010 (edited) Best thing would be is to change the password. Use a stronger password (letters, numbers, and characters) and always make sure HTTPS is turned on. Furthermore ensure that the digital certificate is actually from Gmail. If its not from Gmail, there is a big chance that someone may have altered the connection. Edited April 22, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
tabath Posted April 22, 2010 Author Share Posted April 22, 2010 Use a stronger password (letters, numbers, and characters) and always make sure HTTPS is turned on. Furthermore ensure that the digital certificate is actually from Gmail. If its not from Gmail, there is a big chance that someone may have altered the connection. Thaks guys, I had changed the password to something a bit stronger and have gone through the check https things with her , I knew gmail can be easily hackeable but I've still mystified how they gained access to work contacts that never were never emailed form her gmail account or put in her gmail contacts list. The only thing I've come up some a software keystoke logger that could monitor the vpn when she logged on to the companys server from the home pc but I can't see with the security I have in place how that happened. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 23, 2010 Share Posted April 23, 2010 Thaks guys, I had changed the password to something a bit stronger and have gone through the check https things with her , I knew gmail can be easily hackeable but I've still mystified how they gained access to work contacts that never were never emailed form her gmail account or put in her gmail contacts list. The only thing I've come up some a software keystoke logger that could monitor the vpn when she logged on to the companys server from the home pc but I can't see with the security I have in place how that happened. Exploits, viruses, trojan horse anything is possible. Quote Link to comment Share on other sites More sharing options...
tabath Posted April 23, 2010 Author Share Posted April 23, 2010 Exploits, viruses, trojan horse anything is possible. Yeah anything is possible but I drive my familly nuts with the way i ghave the network setup. Browsing is done in virutal machines unless you are on the sacrificial pc which is nailed down with firewalls monitoring incoming and outgoing traffic, email is all web based and VM'd as well.MS steady state installed and pc blitzed once a month with Dban and fresh install. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.