What should she do (Security Advice)

0

1

I have a friend I speak to over IRC. Let her name be X. X is quite security conscious, but not tech-oriented. Her email password would have taken 4 quadrillion years to crack according to https://howsecureismypassword.net It was 26 characters. She also used double authentication with her phone. She received a code on her phone to log in. Her email Provider, was hotmail.

X got into a flame war with a guy named Y. She apparently rejected him.

Some while later, her IRC account was jeopardised, and he posted some stuff through her account.

Apparently, Y hacked into her email and then used it to change her IRC password. He said he traced her IP, found her email address and cracked it. She insists that her email account was compromised.

I gave X some advice based on my limited security knowledge.

  • Use a proxy server
  • Use an app to connect to the IRC like IRCCloud
  • Run a deep scan using an Antivirus
  • Run a rootkit scan on her PC
  • Run an antispyware scan
  • Change Email Address
  • Make sure her router uses WPA2 encryption.

I'm not sure if I should suggest changing router, since he knows her IP.

I wanted to get professional advice, on what security steps she should take.

Edit: She said that apart from the double authentication using her phone they're other Emergency methods, like security question and sending the code through another email

Edit: She lives In Ireland, and when she checked recent activity from her hotmail, she saw this:

enter image description here

She said that her Rootkit scan, and Virus Scan came up Empty.

Tobi Alafin

Posted 2016-07-24T17:01:31.320

Reputation: 221

1Don't use the same password for everything. – Fund Monica's Lawsuit – 2016-07-24T17:04:14.490

2if she is using dual factor authentication with her phone to access her email, i *hightly& doubt her email was hacked. even if this person knew her password, he would not have the 2nd authentication method. – Keltari – 2016-07-24T17:08:04.363

2...also, how do you get an email from an IP address? Unless your friend surfs the internet through her mail server, and somehow it's broadcasting the username, that's impossible. – Fund Monica's Lawsuit – 2016-07-24T17:08:19.790

She uses different passwords for most things. She uses a password generator. We play an RPG together, her password for that was 13 characters, and was a string of completely random upper and lower cse letters, numbers and symbols. – Tobi Alafin – 2016-07-24T17:09:54.470

@QPaysTaxes Can't he retrieve her email and password from her IP, through packet sniffing if he knows it. – Tobi Alafin – 2016-07-24T17:13:09.130

@Keltari I was on the IRC, when her account got jeopardised, and I witnessed their fight. I'm actually friends with Y as well X. They both said he hacked her account. Y boasting about his skills(he said he traced her IP, and didn't need to crack her password to lo gin to her email account), X asking for help. She said she had to beg him not to mess up her email account. – Tobi Alafin – 2016-07-24T17:15:47.970

@Tobi No. Just knowing an IP isn't enough to even intercept packets; he'd need to either trick her computer into talking to him instead of her email provider, or place himself physically in the path of the packets and sniff the wire. Neither of which can be done with just an IP. – Fund Monica's Lawsuit – 2016-07-24T17:18:23.080

@Keltari, She said that apart from the double authentication using her phone they're other methods, like security question and sending the code through another email – Tobi Alafin – 2016-07-24T17:20:49.997

@Keltari She sent me this Screenshot: http://prnt.sc/bwxg0y She lives in Ireland, and said that wasn't her.

– Tobi Alafin – 2016-07-24T17:40:05.737

best guess is she was phished, not hacked. Socially engineered into giving her details to an unauthorised party. – Tetsujin – 2016-07-24T18:29:58.413

1@Tetsujin, doesn't dual factor authentication prevent this?

Assuming she went to a fake Hotmail website, would they be able to replicate the authentication method? (Sending a code to her phone)?

They'd need her phone number, and some way to make the sender of the message look like Hotmail. – Tobi Alafin – 2016-07-24T19:17:08.947

"I'm actually friends with Y as well X." Then solve it already...! – Arjan – 2016-07-24T20:05:32.053

Answers

0

Update her computer programs, maybe the IRC client she is using has some kind of vulnerability and that is how she got hacked. Tell her to check for SSL (green lock - https://www.example.com) every time she inputs her password in a website. (Maybe someone send her a link to a clone of hotmail and stole her password that way).

I think hotmail should have a way to see last log ins (who logged - what time- where did she log in from). She can check to see if there an IP address from a foreign country, or if someone logged in from a different computer etc..

EDIT check this https://www.microsoft.com/en-us/Account/Security/recentactivity.aspx

John.Doe

Posted 2016-07-24T17:01:31.320

Reputation: 11

She followed the step:http://prnt.sc/bwxg0y She lives in Ireland, and said that wasn't her.

– Tobi Alafin – 2016-07-24T17:35:52.463

Asked: 2016-07-24T17:01:31.320

Viewed: 86 times

Active: 2016-07-25T08:23:47.323