Sunday, April 26, 2009

Set a Trap for Email Hackers and Snoops

Is There a Hacker in the House?

Your e-mail account is a gold mine of personal and financial data and information. In PC World online magazine, one phisher claimed he could make thousands everyday by hacking into private e-mail accounts and reselling the information he found there.

Often you can't tell anyone has been snooping your account. After reading a juicy tidbit, the interloper simply marks the e-mail as unread and you are none the wiser. Fortunately, with just a little bit of knowledge you can set an electronic trip wire that will notify you when someone has read your carefully rigged e-mail. You are going to learn how to build the trap, bait it with a particularly juicy morsel, and then set the trap where they won't miss it or be able to resist the delicious snack.

It must be pointed out that this will not work against a real hacker or someone who has a strong knowledge of computers. They would never fall for something so simple. This is meant for the casual snooper. The nosy husband, wife, boyfriend, girlfriend, lover, roommate, parent, siblings, or even a friend. So why not just change your password? Absolutely, you should. But we don't always pick the strongest password because we don't want to forget them, or we store it in file on our computers or on paper, all of which are easily discovered. It may also be a matter of trust. If your spouse has always known your password and you change it and won't tell them, you have planted a seed of suspicion in their mind. This lets them break the trust first. Whoever it is, we hate meeces to pieces.


Computer Protection

I must emphasize once again that you should not feel complacent about your computer security. There are more viruses, spyware, and hackers than ever before, and you must have excellent virus protection, a superior firewall, and a top-notch anti-hacker/anti-trojan horse programs. It's one of those things that many people will get to “tomorrow,” but do yourself a favor and do it today. When your computer crashes and burns, when you lose your bank accounts and your identity to scoundrels, you will regret not having taken precautions. You're not paranoid if they're really out to get you...and they are out to get you.

Build a Better Mouse Trap

I came across this while looking for information on a suspected hacker, a real one, so it was not useful to me. However, I could see how it could be useful to many people in a variety of circumstances. I did test the system though and it does work.

Our first step is to build the trap to catch your nosy mouse. This system was created by Eric Larkin of PC World and Jeremiah Grossman of WhiteHat Security. The idea of it is to put a message in your e-mail account that includes the code for a Web hit counter. When your mouse opens the attachment, they spring the trap, which alerts you that you have caught you mouse. Don't worry. It's a humane trap and no mice were harmed in the testing of this system.

Here's what you do:

1. First get a disposable e-mail address. There are many such services, but I used Mailinator.com.

2. Go to OneStatFree.com and register for a free Web hit counter account. Where you are asked for your URL, enter anything you wish (again, this comes from PCWorld.com) and use the disposable e-mail address you already set up.

3. Now go back to your disposable e-mail account for the OneStat mail. It should come with an attached file named OneStatScript.txt. If it's not there, click on the link provided to see it. Save that file (it gives you the directions) and write down your account number. Then delete the e-mail, which has your account details.

4. Here is where you bait the trap. Decide who it is who may access your account and what they would be looking for. If you think they would be most interested in seeing communications between you and a member of the opposite sex, name the file something like “Bambi's pics and letters.” If it's financial information, something like “Bank Passwords” should do the trick. Also make it an .htm file when you save it, so it will open automatically in a Web browser (thereby springing the trap.)

5. Send an e-mail to the account you want to place your trap with your file as an attachment. Put a similarly tasty subject line, such as “Bambi's pics!”

Now just sit back a wait for your mouse to take the bait. If someone opens your rigged attachment, the hit will be recorded, as well as information about them including their IP address. Just log into your account at OneStatFree.com and check the counter. It will show you that you've caught a mouse, and how many mice you caught



Then on the sidebar, choose Visits – Last visitor, and you'll see the screen below. If the IP address matches your own, you've got them. If it doesn't, compare it to the IP address of your friends who might have been in a position to steal your password.
As I said, don't let your cute little trap lull you into a false sense of security. It may work against a common household mouse, but you don't stand a chance against a professional rat. For that reason I urge you to invest in good computer security programs as soon as possible, change your passwords regularly, and do not store any sensitive data on your computer.