Jump to content

Targeted Attack..........am I Missing Something?


tabath
 Share

Recommended Posts

Had some issues last night with my wifes gmail account,had somehow been hacked and emails sent out(containg links) to all contacts in her gmail address book AND all contacts in her work Outlook address book. Obviously the work related stuff is quite serious as she works for a large multinational............BUT none of her work contacts are saved in her gmail contact list and in fact she has only ever sent email to 2 of her work contacts from her gmail account.

She has access to her works email and intranet by way of a citrix VPN using a security keyfob number generator. Our home network is behind a router with all ports in and out nailed down and monitored, I regularly run all the usual anti stuff and all the usual security precautions are taken. Shes just been on the phone to me from work having had her help desk bod with her and he said it must have been from our end ( the companies) and happened when you were logged into the intranet from home! I said to the wife I thought that very unlikely, if the companies network has been compromised internally why then hack her google account to send emails instead of just sending them from her company email account -the only other option I can see is the company has standardised on blackberries for mobile access to email, maybe theres a weakness there. Just before the emails were sent from her account google recorded a login from a mobile device in france - obviously not my wife.

anyone had anything siilar or any thoughts? Cheers

Link to comment
Share on other sites

How does your wife access the gmail account (web interface, Outlook etc.)?

Web interface - however she can't access it through her works laptop as its blocked, she always accesses it from home computers.

She uses outlook at work

Link to comment
Share on other sites

Web interface - however she can't access it through her works laptop as its blocked, she always accesses it from home computers.

She uses outlook at work

I would also make sure she has the option for always using HTTPS instead of HTTP. It's possible her credentials were sniffed: See here.

Link to comment
Share on other sites

Guest Deleted_Account
I would also make sure she has the option for always using HTTPS instead of HTTP. It's possible her credentials were sniffed: See here.

Just recently this happened to a client of mine sure enough someone used sslstrip on their network (WEP at the time) and got their Gmail credentials and of course used their account to spam all their contacts :( just change passwords and always check for HTTPS:// in the URL!

Link to comment
Share on other sites

Best thing would be is to change the password.

Use a stronger password (letters, numbers, and characters) and always make sure HTTPS is turned on. Furthermore ensure that the digital certificate is actually from Gmail. If its not from Gmail, there is a big chance that someone may have altered the connection.

Edited by Infiltrator
Link to comment
Share on other sites

Use a stronger password (letters, numbers, and characters) and always make sure HTTPS is turned on. Furthermore ensure that the digital certificate is actually from Gmail. If its not from Gmail, there is a big chance that someone may have altered the connection.

Thaks guys, I had changed the password to something a bit stronger and have gone through the check https things with her , I knew gmail can be easily hackeable but I've still mystified how they gained access to work contacts that never were never emailed form her gmail account or put in her gmail contacts list.

The only thing I've come up some a software keystoke logger that could monitor the vpn when she logged on to the companys server from the home pc but I can't see with the security I have in place how that happened.

Link to comment
Share on other sites

Thaks guys, I had changed the password to something a bit stronger and have gone through the check https things with her , I knew gmail can be easily hackeable but I've still mystified how they gained access to work contacts that never were never emailed form her gmail account or put in her gmail contacts list.

The only thing I've come up some a software keystoke logger that could monitor the vpn when she logged on to the companys server from the home pc but I can't see with the security I have in place how that happened.

Exploits, viruses, trojan horse anything is possible.

Link to comment
Share on other sites

Exploits, viruses, trojan horse anything is possible.

Yeah anything is possible but I drive my familly nuts with the way i ghave the network setup. Browsing is done in virutal machines unless you are on the sacrificial pc which is nailed down with firewalls monitoring incoming and outgoing traffic, email is all web based and VM'd as well.MS steady state installed and pc blitzed once a month with Dban and fresh install.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...