Lockdown hacking, blackmail and security

Covid-19 discussion, bring your own statistics
tom p
Snowbonk
Posts: 481
Joined: Mon Nov 11, 2019 1:14 pm
Location: the low countries

Re: Lockdown hacking, blackmail and security

Post by tom p » Tue May 05, 2020 1:32 pm

Little waster wrote:
Thu Apr 23, 2020 4:25 pm
My rarely used Amazon account got hacked last month and the hacker locked me out of it and as it very conveniently stores your card details someone has been having a jolly time ordering random things and signing up to Dutch Netflix accounts.
It was definitely jaap

User avatar
Little waster
Snowbonk
Posts: 434
Joined: Tue Nov 12, 2019 12:35 am
Location: About 1 inch behind my eyes

Re: Lockdown hacking, blackmail and security

Post by Little waster » Tue May 05, 2020 1:34 pm

tom p wrote:
Tue May 05, 2020 1:32 pm
Little waster wrote:
Thu Apr 23, 2020 4:25 pm
My rarely used Amazon account got hacked last month and the hacker locked me out of it and as it very conveniently stores your card details someone has been having a jolly time ordering random things and signing up to Dutch Netflix accounts.
It was definitely jaap
I wonder if he'd share his password with me?
Shamelessly recycling old jokes since 1952.

tom p
Snowbonk
Posts: 481
Joined: Mon Nov 11, 2019 1:14 pm
Location: the low countries

Re: Lockdown hacking, blackmail and security

Post by tom p » Tue May 05, 2020 1:36 pm

bagpuss wrote:
Fri Apr 24, 2020 1:22 pm
I use a formula for creating pretty much unique passwords for any purpose which I'm fairly sure I saw someone suggest on a previous forum and I shamelessly nicked the idea.

I have a sentence, the password is then made up of the first letters of this sentence with the addition of a special character/number or two and then a number of other letters and numbers interspersed, which are all derived from the website/software/whatever that the account is for.

The result is an almost always unique password that is nonetheless completely memorable/work-out-able without needing any password manager or writing anything down. The only downside is that I have, so far, come across 2 websites which don't permit the resulting password - in one case because it doesn't like special characters, in another case because the resulting password is too long (WTF?). Neither is a website I use terribly often, in fact I can't currently recall which they are, so I just reset my password when I come across a situation where my formula doesn't work.
I do the same. It was nefibach, I believe, who first mentioned that way of doing it.

User avatar
jaap
Clardic Fug
Posts: 166
Joined: Mon Nov 11, 2019 2:05 pm
Location: Netherlands
Contact:

Re: Lockdown hacking, blackmail and security

Post by jaap » Tue May 05, 2020 7:22 pm

Little waster wrote:
Tue May 05, 2020 1:34 pm
tom p wrote:
Tue May 05, 2020 1:32 pm
Little waster wrote:
Thu Apr 23, 2020 4:25 pm
My rarely used Amazon account got hacked last month and the hacker locked me out of it and as it very conveniently stores your card details someone has been having a jolly time ordering random things and signing up to Dutch Netflix accounts.
It was definitely jaap
I wonder if he'd share his password with me?
Sure, you seem the trustworthy kind. It's FlixyMcFlixface1234.

I've just received a new credit card from my bank. They've switched from Mastercard to Visa, so the card number has changed, and I've had to log in to every site that needs my card and update it. I was a bit surprised at how many there were. At least the old number is invalid now so it's a fresh start.

User avatar
sTeamTraen
Snowbonk
Posts: 508
Joined: Mon Nov 11, 2019 4:24 pm

Re: Lockdown hacking, blackmail and security

Post by sTeamTraen » Sun May 10, 2020 12:24 am

I have three passwords. A long complex one for sites that I trust not to store it in plain text or any other way that could be stolen (Amazon, Google, etc); a medium-strength one for everyday sites that is easy-ish to remember; and a single word that is in the dictionary, which I use for sites that insist I create an account even though I will never visit it again and don't care if someone else uses my account on there. (I remember a nice comment on social media from someone who was going through the World's Most Secure Password Creation Procedure for a site where the only thing a hacker could do if they broke into your account was to pay your water bill for you.)

I looked at password manager software, but as far as I can see, all of the popular ones have been hacked at least once, which kind of defeats the point. Mostly I let Chrome and Firefox remember which password is which, but I also keep a record in an Excel sheet that is buried somewhere in my files. It has nearly 500 entries in it. I also need that for the 30 or 40 sites that don't accept any of my passwords, often (cf. bagpuss above) because they insist that you make a less-secure one. In all cases, the full password is censored in this file. I also keep things like product keys and other identifiers in here. I have a read-only copy of this Excel sheet on my phone, which has saved me a lot of hassle on a few occasions.

(Another, mostly unrelated, thing that has saved me hassle is keeping scanned PDF copies of all our major bits of paperwork in Google Drive. When you lose your passport, a PDF copy of that and your birth certificate won't necessarily get you onto the plane, but it certainly speeds up the process of applying for emergency travel documents.)
Sitting in a sleazy snackbar sucking sickly sausage rolls

User avatar
Giroliddy
Fleury White
Posts: 10
Joined: Wed Nov 13, 2019 8:01 am

Re: Lockdown hacking, blackmail and security

Post by Giroliddy » Sun May 10, 2020 6:59 pm

I'm not sure if this relates specifically to COVID issues, but I'm hoping the more tech-savvy folks on here might be able to assist.

On Wednesday night I went to bed and left my iphone 6 charging. On Thursday morning I checked phone and found half-a-dozen or so random webpages opened in Safari (typically Guardian, Wikipedia), plus a gibberish imessage text message had been sent to one of my contacts.
Spent an hour talking to Apple support on Thursday (who to be fair were easy to get hold of and very polite and patient) being told that iOS devices can't be hacked, culminating in resetting iphone back to factory settings, changing iphone password and PIN, and re-instating from icloud.

Friday night, went to bed, left phone charging. Saturday woke up to find two draft messages created in my gmail account (one of which was saved in the Draft folder on both iphone and web Gmail, one of which only existed as a email in progress (i.e. not saved as a draft) only on the iphone, plus someone added to the VIP list in the iphone's Mail app, and a new window open on the iphone Settings.
Saturday morning immediately passed to a 'senior' Apple advisor, who was very adamant with the "iOS devices cannot be hacked/remotely accessed" mantra, but was sufficiently interested to remain on the phone for 90 minutes. His best suggestion was the random webpages being opened were the results of cookies, and that my Gmail account had been hacked to create the draft messages, though this fell down a little on the incomplete message that only existed on the iphone itself. Deleted mail app, restored and changed password to Gmail account (though nothing showing on Have I Been Pwned).

Possible explanations:
1. There is something on my iphone that allows remote access sufficient to create texts, emails, open windows etc; though apparently this isn't possible on iOS devices
2. Someone has hacked my gmail account, AND, cookies caused opening of random Safari pages; doesn't explain email message that only existed on iphone (not on web Gmail) or imessage sent
3. Someone in the household is accessing my iphone; possible, my wife and daughter both knew my original PIN, however after reboot on Thursday PIN was changed, and the draft email was created only 5 minutes after I went to bed, so wife and I were awake and I know daughter was asleep.
4. I'm sleepwalking and doing it myself; possible, but no history of this, and for second event, I was definitely awake.
5. Ghosts/Native American burial ground (though in our case would have to be ancient Briton or Romans)
6. Something obvious that I've missed

Apologies for the length of this, but would be very grateful for ideas as to what option 6 might be

User avatar
Fishnut
Snowbonk
Posts: 433
Joined: Mon Nov 11, 2019 1:15 pm

Re: Lockdown hacking, blackmail and security

Post by Fishnut » Sun May 10, 2020 7:07 pm

Giroliddy wrote:
Sun May 10, 2020 6:59 pm
I'm not sure if this relates specifically to COVID issues, but I'm hoping the more tech-savvy folks on here might be able to assist.

On Wednesday night I went to bed and left my iphone 6 charging. On Thursday morning I checked phone and found half-a-dozen or so random webpages opened in Safari (typically Guardian, Wikipedia), plus a gibberish imessage text message had been sent to one of my contacts.
Spent an hour talking to Apple support on Thursday (who to be fair were easy to get hold of and very polite and patient) being told that iOS devices can't be hacked, culminating in resetting iphone back to factory settings, changing iphone password and PIN, and re-instating from icloud.

Friday night, went to bed, left phone charging. Saturday woke up to find two draft messages created in my gmail account (one of which was saved in the Draft folder on both iphone and web Gmail, one of which only existed as a email in progress (i.e. not saved as a draft) only on the iphone, plus someone added to the VIP list in the iphone's Mail app, and a new window open on the iphone Settings.
Saturday morning immediately passed to a 'senior' Apple advisor, who was very adamant with the "iOS devices cannot be hacked/remotely accessed" mantra, but was sufficiently interested to remain on the phone for 90 minutes. His best suggestion was the random webpages being opened were the results of cookies, and that my Gmail account had been hacked to create the draft messages, though this fell down a little on the incomplete message that only existed on the iphone itself. Deleted mail app, restored and changed password to Gmail account (though nothing showing on Have I Been Pwned).

Possible explanations:
1. There is something on my iphone that allows remote access sufficient to create texts, emails, open windows etc; though apparently this isn't possible on iOS devices
2. Someone has hacked my gmail account, AND, cookies caused opening of random Safari pages; doesn't explain email message that only existed on iphone (not on web Gmail) or imessage sent
3. Someone in the household is accessing my iphone; possible, my wife and daughter both knew my original PIN, however after reboot on Thursday PIN was changed, and the draft email was created only 5 minutes after I went to bed, so wife and I were awake and I know daughter was asleep.
4. I'm sleepwalking and doing it myself; possible, but no history of this, and for second event, I was definitely awake.
5. Ghosts/Native American burial ground (though in our case would have to be ancient Briton or Romans)
6. Something obvious that I've missed

Apologies for the length of this, but would be very grateful for ideas as to what option 6 might be
No ideas I'm afraid but I'm definitely creeped out on your behalf. I sincerely hope it turns out to be 6, whatever that may be.

User avatar
Bird on a Fire
After Pie
Posts: 2033
Joined: Fri Oct 11, 2019 5:05 pm
Location: with the birds

Re: Lockdown hacking, blackmail and security

Post by Bird on a Fire » Sun May 10, 2020 9:34 pm

Gmail definitely syncs across devices. Does Safari?

If so, perhaps the issue is somebody using a different device logged into your accounts, rather than physically accessing your iPhone?

User avatar
Bird on a Fire
After Pie
Posts: 2033
Joined: Fri Oct 11, 2019 5:05 pm
Location: with the birds

Re: Lockdown hacking, blackmail and security

Post by Bird on a Fire » Sun May 10, 2020 9:36 pm

Other than that, the fact that it's all random/gibberish makes me suspect somebody doing it in their sleep.

Are your carbon monoxide detectors functioning?

Millennie Al
Stargoon
Posts: 123
Joined: Mon Mar 16, 2020 4:02 am

Re: Lockdown hacking, blackmail and security

Post by Millennie Al » Sun May 10, 2020 11:36 pm

Giroliddy wrote:
Sun May 10, 2020 6:59 pm
6. Something obvious that I've missed

Apologies for the length of this, but would be very grateful for ideas as to what option 6 might be
I predict that you do not lock your phone, but let it do so automatically from being idle and that when you left it it was unlocked on Wednesday and Friday.

There are three possibilities:
  1. There is a fault with the touch sensor and it is registering random touches
  2. You have changed something about your sleeping arrangements and something is brushing lightly against the phone when you leave it aside for the night.
  3. You have a pet or pest that is touching the phone when you leave it.
To check on the first, take your unlocked phone, put it down on a table (preferably exactly where you levae it overnight) and watch it carefully until it locks itself. If it's a faulty sensor you'll see it happen.

Regardless of the cause you should be able to stop it happening by ensuring the phone has locked before it leaves your sight.

It is pretty unlikely that the effect is caused by deliberate human interaction (whether by people in your household or by "hackers"). People do not generally do a bunch of random stuff. You may get some seemingly non-random stuff, but that will be from autocorrect or other forms of automated suggestions.
Covid-19 - Don't catch it: don't spread it.

User avatar
Giroliddy
Fleury White
Posts: 10
Joined: Wed Nov 13, 2019 8:01 am

Re: Lockdown hacking, blackmail and security

Post by Giroliddy » Mon May 11, 2020 6:23 am

If so, perhaps the issue is somebody using a different device logged into your accounts, rather than physically accessing your iPhone?
Hadn't thought of that. iphone syncs some pieces of information (e.g. calendar) with some of the other devices in the house, but I'm fairly sure that doesn't include Safari, and I've just been and checked those devices Safari history and there is nothing unusual there. Also, this wouldn't explain the Gmail message that only existed on my iphone?
Other than that, the fact that it's all random/gibberish makes me suspect somebody doing it in their sleep.
Though one of the draft messages was definitely saved when the two adults were awake (...unless the time stamp is somehow for a different time zone?)

User avatar
Giroliddy
Fleury White
Posts: 10
Joined: Wed Nov 13, 2019 8:01 am

Re: Lockdown hacking, blackmail and security

Post by Giroliddy » Mon May 11, 2020 6:35 am

I predict that you do not lock your phone, but let it do so automatically from being idle and that when you left it it was unlocked on Wednesday and Friday.
Hadn't thought of that. I don't lock phone at night, and will let it self-lock from idle. So I suppose that in the 10 (?) minutes before it self-locks, then there is the possibility that something is brushing across the screen, though the iphone has a cover which is generally (but I can't guarantee) closed when on charge (which is in the living room). If it were the cats, I'd expect for the iphone to be in a different place, though this wouldn't be guaranteed.

Will check by being more organised about closing cover and locking screen when leaving phone on charge. Thanks

User avatar
tenchboy
Fuzzable
Posts: 356
Joined: Tue Nov 12, 2019 5:18 pm
Location: Down amongst the potamogeton.

Re: Lockdown hacking, blackmail and security

Post by tenchboy » Mon May 11, 2020 8:39 am

How sensitive is the touch-pad and just how big is the spider that lives behind the head-board of the bed?

User avatar
Gfamily
Dorkwood
Posts: 1210
Joined: Mon Nov 11, 2019 1:00 pm

Re: Lockdown hacking, blackmail and security

Post by Gfamily » Mon May 11, 2020 9:08 am

tenchboy wrote:
Mon May 11, 2020 8:39 am
How sensitive is the touch-pad and just how big is the spider that lives behind the head-board of the bed?
Or might you have been speaking in your sleep (if in the same room)?

Edit - just seen it was in the living room , so maybe a radio or tv was on while it was charging and it gave a voice command? It seems unlikely though
My avatar was a scientific result that was later found to be 'mistaken' - I rarely claim to be 100% correct

bagpuss
Clardic Fug
Posts: 208
Joined: Tue Nov 12, 2019 12:10 pm

Re: Lockdown hacking, blackmail and security

Post by bagpuss » Mon May 11, 2020 9:55 am

Possibly a coincidence but I noticed that 2 of my FB friends both posted last week to say their phone had been hacked, in one case after I had received a clearly dodgy FB messenger message with link in it from one of them. I didn't get a message from the other but some people did.

One definitely has an iphone, the other I'm not sure, but it already seemed an odd coincidence to me that 2 people had claimed phone hacking on consecutive days (Weds and Thurs last week), and now you, Giroliddy.

Post Reply