Site(s) and lots of other things hacked. Need advice

[CompleteTech]

So a very very long story short. My hosting, domain accounts, social media, and various other sites were taken over. And what I am hoping to do as it seems as though this person is now trying to contact me via my only other gmail mail account /IM (holding hostage my domains as GoDaddy is taking their sweet time doing anything about my domains getting back to me) and trying to extort money from me.

So my question being. I have found some basic (probably fake) info from who is query and some look ups. Seems as thought this person is in romania. Thats about as far as I can get. Wondering what I can do to try and track him down as well and show a little force so to speak or at least try and show him that I also can find out about him as well. Cat and mouse. Although I feel like a mouse against a lion right about now as my main source of income (domain name) is gone and can not receive any emails ect as of now.

I know I am a n00b here and in this realm in general. But would really like the chance to after watching so much of the show, finally doing a little something.

Thanks for reading,

Nathan

Edited November 20, 2012 by CompleteTech

[ihackforfun]

Did you file a police report/complaint? It might not do any good but it cannot hurt either ...

What country are you in? If in the EU or US there should be a police branch that specialises in cases like this.

Do your domains actually contain value like an online shop or something like that? If not then why are they holding it hostage?

Take note that if you pay them, there is no guarantee you get your stuff back not that you will not be hacked again the next day ...

Unless you are working with the governement/police you should not try to go after him/her/them, there is a very small chance that you are victim of organised crime, you cannot take these guys down yourself. If it is a kid doing it from home you will not be able to do anything either, you might even get arrested yourself.

[digininja]

I'd say that if you are having to ask that type of question here then you are not skilled enough to safely go after someone like this (not an insult, just a fact) so report it to the companies who control the services and possibly the police, but I doubt they will care unless there is risk of harm or large financial loss.

For the future, if they managed to get all of that from you I'd guess you either:

reused a password on all services - so don't do that again

had them all linked back to the mail account for resetting passwords - create a separate account just for password resets and only access it when required

they had a keylogger/malware on your machine which allowed them to gain access - wipe your machine and start again, the only sure fire way to remove all nasty stuff

[digip]

Just want to add also, if any of your service allow two factor auth, use it, and like mentioned, don't reuse passwords more than one place, and use separate email, for all places you login. One for banking, one for friends, one for business, and one for each social network, etc. Sounds redundant, but also limits chance of reuse and collateral damage. if they gained root to your machine though, you coming here, was also probably monitored, so be careful what machine you use online at this point, because may be more than a simple site hack if they got enough info on you. A phone alone these days, is as bad as any pc, so goes without saying, even your phone can't be trusted 100%.

[CompleteTech]

all very good points.

As of now. I have done the following.

IC3 Request.

Contacted numerous time Godaddy,

hostgator,

person I found doing this that seems to be extorting (or wanting to) money from me.

Had all paperwork filled out and sent back to godaddy and waiting for return of my domains. According to them there is a lock and can not be transfered by anyone while this dispute is in progress.

What seems crazy about this is the fact that the domains there were stolen were all originally purchased by me, with any account that has been opened with them since like 2004. And renewed with them ever since then for like 2 years at a time. I do have to say that I caught my Domain.com account being hacked quicker then he could really do much damage. They were the most helpful people I think I have ever dealt with. The person on the Phone at Domain.com actually said he would help me out and change everything back by hand for me so I didn't have to as he understood I had a lot to deal with with all the other companies. He even went as far as to suggest even more security measures that I should take like CC info and different passwords new email contact address ect.

So in short I am still without my primary domain that I use for business day to day which is costing me a lot of money and "Customer Rating", (i.e. making sure we are staying in touch with them.

I appreciate all of the comments and suggestions. I think that what I really need to do is brush up on my skills on being able to track down people like this. Not sure exactly what I am saying. NOthing of course malicious. But informational purposes and to be able to head off things in the future. Any suggestions on things like this would be very helpful for me to research.

[ihackforfun]

Hey CompleteTech,

Instead of "brushing up" on your skills to track them I think you have a better change of learning skills to defend yourself against criminals like this. First of all I doubt that you will find this "person" unless you can work with the police and even if you did, what then? I doubt thay will give you back your domains, it might even lead to an escalation of the situation.

Preventing this from hapening is going to be easier, digininja already gave sound advice in that area and at least it ill make sure this never happens again, if you get your domians back now somebody else might again steal them tomorrow ...

I know this is costing you money but I think in time it will be clear the domains are yours and you will get them back. Just count this as "learning money", I know it sucks but I think most of use had to pay it one way or the other ...

If you really want to annoy these people then advocate good practices to prevent them to the people you know (e.g. also your customers), this might prevent these people to keep doing this to a couple of others and thus you make sure there business model breaks and they will go away and find something else to do ;-) (in a perfect world that is, I know they will probably find some other wau to extort people)

[Life like Opossum]

You say you use type’s domains for business correct? Do you keep ANY personal information from your customers on ANY machine or domain? If so, you have an obligation to let all your customers know that their information may have been compromised. Ensure this is done on a clean machine so as not to cause any more issues. From the scale of the attack and how you say the infiltrators accessed all the accounts you have owned with service providers it is obvious to me that you yourself are compromised. Take every percussion and ensure you are protected. Use clean installs on all of your equipment that is used to connect to your domain services. Change your passwords (ensure they are unique for all accounts). I know this can be hard to do as multiple passwords can be hard to remember. I find it easiest to set a pattern in the password that you remember and to use things in your passwords that are memorable. For example, you can incorporate the names of your favorite video games, movies, TV shows or pieces of software as base components. Then add on special characters and include numbers and capital letters. An example could be duK3NuK3M&&0. So, the pattern in this example would be; a video game, common "1337"iffication of the numbers, Capitals before and after each number, two dollar signs and a 0 (the amount of money the newest duke nukem’ is worth).

Do something similar for each of your accounts, and you should be all right. You can re-use a pattern, just ensure each password is entirely unique.

So say this is my password for one email, I could also have my next email’s password follow the same pattern rules to make it easier to remember.

Something you like - numbers in place of vowels - Capitals before and after numbers - special characters - worth of the item to you

B10SH0CK1NF1N1T3$$thelifeofmyfirstbornchild Yes, that will work quite handsomely.

You can spice it up more if you want to be ever more secure, just ensure you remember you passwords. DO NOT write them down and NEVER EVER keep your passwords in a file on any digital device. You will be one compromise away from losing all your accounts again.