1

In the past week and a half, I've had two good friends of mine text me to ask if I'm trying to log into their online accounts. One was an iCloud account, and the other was Facebook Messenger. I recently moved to NYC, and both friends are currently living in Iowa. They both received alerts from iCloud and Facebook, respectively, saying that someone from NYC was trying to log into their account. Luckily, it appears neither attempt was actually successful. I have no reason whatsoever to access their accounts, and I definitely did not try to log into them myself.

Could this just be a coincidence, or is there actually a strong possibility that I'm being used to assist these attempts? Am I able to tell if my network or any of my accounts have been compromised? And is there something I could be doing to inadvertently allow an attacker get to my friends' account information?

I'm concerned about the possibility of this continuing to happen in the future, and I'm a little worried about how many of friends this has actually happened to that I don't know about. I also cannot confirm whether or not these attempts are coming from my home network.

For what it's worth, here are some more points of information that may or may not be relevant:

  • My home network is (and always has been) WPA2-AES encrypted and is hidden from the public (it will not show up in a standard wifi dropdown list).
  • Neither of my friends have ever used any of my devices to log into any of their accounts before. One of them came to my house and used my wifi once before, however.
  • The Facebook alert said the attempt was done on an iPhone 7 Plus, which no one in my household owns.
  • At the time of the iCloud attempt, I was the only one at my home. At the time of the Facebook attempt, no one was at my home.
  • I use two-factor authentication on my major accounts that support it (Google, Facebook, Amazon, etc.), and I have not seen any evidence of anyone else trying to log into my own accounts.
  • I work remotely and frequently visit coffee shops in the area to do work. Obviously, most of their networks are open, but I always, always connect to my work's secure VPN if I'm using an open network like that. Even at home I use the VPN a lot of the time. The VPN I connect to is located in Iowa.
  • Having said that, my phone does not use a VPN. Although a lot of the time I'm using LTE, there are still some times when it may get connected to an open wifi network.
seane
  • 111
  • 2
  • This can indeed be coincidence. Let's say you have a circle of 150 friends and acquaintances (you say 'good friends' but you would have remarked this with anyone in your circles). How large is the chance that in a random group of 150 two people experience something strange in 10 days? *It has nothing to do with you*. I'm especially saying *random group* because another group of 150 around another person would have resulted in that person wondering ;-) However, still worth checking everything on your side. You may want to send out an request to your other 148 people te report similar things. –  Feb 10 '17 at 19:32
  • So... one of the thirty million IPs in NYC (I guessed that number) is conducting large-scale attacks on iCloud. At the same time, some other person using an IP based in NYC is doing an attack on Facebook. Both attacks are likely automated and touching a huge number of accounts. And because you live in NYC, your friends assume that it is you? Seems like faulty logic at work. – Out of Band Feb 10 '17 at 21:03
  • @Pascal, my friends don't come from a technological background, so they're thinking about this at very much the surface level. They just thought it was an accident on my part, and that was that. However, coming from a technological background (albeit not so much in information security), my concern is that perhaps my account is being exploited to access their information. I think the timing is just unfortunate, being that I just moved to NYC, I'm the only one they know who lives there, and they've never had this happen before. I guess I'd like to know for sure that this is just a coincidence. – seane Feb 10 '17 at 21:46

1 Answers1

1

Let's, for fun's sake, assume that the hugely likely answer, that this is pure coincidence blown out of proportion by selective perception, is wrong.

Let's also assume that you're innocent of any wrongdoing.

The most likely explanation (but orders of magnitude less likely than the coincidence theory) then becomes that someone who knows all three of you, lets make her a gal named Mal, is trying to create conflict between you three.

Now, since your friends immediately thought of you as the culprit, and you don't mention anyone else you suspect, Mal must be incredibly devious, because she managed to conceal her dislike of you and your relationship with your friends from all of you, while investing criminal energy to damage you.

Mal either owns an iPhone 7 Plus, or is motivated to camouflage as an iPhone 7 Plus and capable of doing so. None of these options make sense. More on why later on.

If Mal really wants to create conflict between you, trying to access your friends accounts from some random place in NYC seems an awfully roundabout way to go about it. If you can't think of anything more likely to succeed than that, you're probably a stock fish. Be that as it may, framing you would work much better if the login attempts could be shown to come from one of your IP addresses (your phone or your home network). Still, there'd be no easy way to prove that a given IP address was held by you without contacting the police, who certainly wouldn't waste their time and act on a complaint about attempted logins on the internet, so this whole framing business is not just hugely unlikely, but, again, completely stupid.

But let's say that Mal, being almost as stupid as she was devious, didn't realize the whole idea was stupid, and so would be someone you knew, and who had access to your home wifi network, one of your devices that connected to it, or your phone, without you realizing so.

She could either be physically present in NYC, but hiding from you (since otherwise you'd probably have noticed her hanging around your place) or, in addition to being devious and stupid (for thinking up this harebrained scheme that won't work and actually wasting time on it), she would also need to be a talented hacker who managed to hack into one of your devices, again without any of you knowing about her hacking talents.

Now if Mal lived in NYC and didn't own an iPhone 7 Plus, OR if she hacked into your devices, she would also need to camouflage as an iPhone 7 Plus. You'd have to wonder why she would want to camouflage as a device you don't own if the motivation was to frame you and she was going through the trouble of using your network or one of your devices to accomplish it.

If she did own an iPhone 7 Plus, you'd need to wonder why she went through the trouble of attacking your friend's accounts from that. She'd need to know that pretty much the only thing iCloud, Facebook, Google etc tell you about strange login attempts is the perceived location, time and the device of the attacker. If she didn't do her account hacks from your network, she'd have to realize that an attack that came from an iPhone 7 Plus, which you don't own, at a time when you weren't home, wouldn't plausibly frame you if the only other piece of information was that it came from the same city you happened to live in; a city that has, apart from you, a fair number of other people in it.

I take it you don't know anyone who fits Mal's profile.

As you can see, this whole train of thought derails at pretty much every curve. I'm aware this isn't a rigorous ad absurdum proof, but you have to admit that it makes the other explanation, that this is simply a coincidence, look much, much better.

Out of Band
  • 9,150
  • 1
  • 21
  • 30