Password Hackers Do Big Business With Ex-Lovers 197
Hugh Pickens writes "The Washington Post reports that disgruntled lovers and spouses considering divorce are flocking to services like YourHackerz.com that boast they have little trouble hacking into Web-based e-mail systems like AOL, Yahoo, Gmail, Facebook and Hotmail. The services advertise openly, and there doesn't appear to be much anyone can do about it because while federal law prohibits hacking into e-mail, without further illegal activity, it's only a misdemeanor, says Orin Kerr, a law professor at George Washington University. 'The feds usually don't have the resources to investigate and prosecute misdemeanors,' says Kerr. 'And part of the reason is that normally it's hard to know when an account has been compromised, because e-mail snooping doesn't leave a trace.' It's not clear where YourHackerz.com is located, but experts suspect that most password hacking businesses are based overseas."
Blaming the tools, instead of the behaviour... (Score:2, Informative)
"normally it's hard to know when an account has been compromised, because e-mail snooping doesn't leave a trace."
Well that's incorrect. I'd be fairly confident that most web-based email services have a way of telling when you logged into your account last (otherwise how would they know when to deactivate your account after X months of inactivity?) - they simply choose not to allow Joe Average to access this information.
Re:RTFS (Score:3, Informative)
and that's a good point.
It seems that passwords are kind of a terrible way to secure things.
Needs more OpenID, client certificates, and HTTPS
Re:compromised (Score:5, Informative)
Google Mail gives you an activity log: http://mail.google.com/support/bin/answer.py?ctx=gmail&answer=45938 [google.com]
It's pretty damn cool.
Re:So wait... (Score:4, Informative)
Re:Trivial. (Score:3, Informative)
Heh, you're over estimating the level of skill involved.
There are some interesting discussions of how these services work here:
crackpal.com [mcgrewsecurity.com]
crackmails.net [mcgrewsecurity.com]
Re:So wait... (Score:3, Informative)
And of course, this is missing the obvious point that a) most people have never heard of truecrypt, and b) most girlfriends/boyfriends/spouses won't know that such a thing as a keylogger exists. It's true that either situation *could* change (the girlfriend gets a new boyfriend, or just a friend, who teaches her about keyloggers, for example).
Still, I suspect setting up a TC volume for your email is better than nothing. I've done this on my laptop - mostly just to protect my files in case of theft/loss; I think it's probably pretty good for that particular scenario - I realize that TC won't protect me from a determined or sophisticated person/organization, but should protect against the random thief. But, even against someone like a girlfriend/wife, it provides at least some barrier for them to have to penetrate.
have tried this - it's a scam (Score:1, Informative)
when someone died and I needed to contact their relatives. I never heard back after the (british based) company accepted the 'case'. I assume that this means that the whole thing is some kind of scam - they want to know eg friends / lovers names and promise to send a screen shot before you have to pay. Why on earth would they need this info to hack a password? But they *would* need it to photoshop a 'screen shot'. I emailed again to ask if they were still trying or had no luck etc and never got a reply at all, and came to the conclusion that although they couldn't refuse such a legitimate-sounding request (they ask for the reason) without looking suspicious, they wouldn't dare to try to scam someone in such circumstances - and based in the same country - in case I followed up with further action (reporting them to eg trading standards).
Oh, and I didn't manage to find anything saying that this was illegal in britain either, although I assumed that it probably was. I still don't know for sure.