Scams

by Mike Masnick




Ransom Scam Moves To Webmail; Highlights Risk Of Giving Others Your Data

from the your-money...-or-an-empty-inbox dept

Stories of malicious hackers attacking people with ransomware are pretty common. Basically, they get you to download an app that gives them control of your hard drive and they either lock up your content or threaten to delete it unless you pay. However, it seems that the latest round of attacks is even easier. Rather than getting access to your computer, they're just getting access to your webmail, deleting all of the messages other than the one demanding ransom, and waiting for you to login. Considering just how much some people rely on email, and their willingness to trust all that email to a single webmail hosted solution, this could present a pretty serious problem for many people. What's particularly interesting here is that one of the benefits discussed when it comes to webmail or other web-hosted apps is the fact that the content is available from anyone on any machine. However, that same accessibility can work against it as well, because others can more easily access it as well. And, even though it's accessible anywhere at any time, it may mean that users are even less likely to back it up and have alternate sources to get or use their email system. While some are already working on such solutions, it seems like it's only going to become more valuable to have ways to backup and secure the data that you've trusted to various online service providers so that if their security (or business!) fails, you still have access to your data.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Baal, 13 Dec 2006 @ 8:23pm

    Be a smart user

    Here's an idea for those who rely on web based aps like email. Change your password often and use complex passwords with upper, lower cased letters with numbers and symbols if the site allows it. Doing this on a frequent basis will keep it some what secure, provided you don't give your information away to people phiishing for it.

    reply to this | link to this | view in chronology ]

    • identicon
      Wizard Prang, 14 Dec 2006 @ 6:00am

      Re: Be a smart user

      Also... do NOT use the same password for everything!

      One idea is to use one for low-security sites such as forums, another for medium-security sites such as retailers where no financial info is available, and a high-security password for banks and credit cards.

      That way an unscrupulous form operator can't get into your bank account.

      reply to this | link to this | view in chronology ]

  • identicon
    STJ, 13 Dec 2006 @ 8:31pm

    I've had my hotmail account for 10 years now, never been hacked, had my yahoo mail account for 6 years, never been hacked. I think I own some of the longest running webmail based accounts, shouldn't I have been hacked at least once by now?

    reply to this | link to this | view in chronology ]

  • identicon
    Pat, 13 Dec 2006 @ 8:48pm

    not worth hacking

    Good for you! Being so proud of your web mail accounts - sounds like you're not interesting enough to bother hacking.

    reply to this | link to this | view in chronology ]

  • identicon
    Paul, 13 Dec 2006 @ 9:25pm

    Wha?

    Ok, lets say a hacker takes over my gmail account and starts deleting all my emails except for the one demanding ransom. Wouldn't the logical response be to immediately change my password to prevent further unauthorized usage?
    If the ransom is to get back the deleted emails, well if they were important you should have had backups somewhere. If the data in your emails is sensitive and the unauthorized user is threatening to use the information somehow then the damage is already done and shame on you for using webmail for sensitive documents.

    reply to this | link to this | view in chronology ]

  • identicon
    misanthropic humanist, 14 Dec 2006 @ 12:26am

    can't see how this works

    This doesn't add up. There are no webmail servers I know of that allow the option to encrypt existing, received mail in situ.
    To do such a thing you would have to have a properly privilaged shell account on the machine in question. At which point you would have
    the option to hold everyone on the server to ransom.

    The only methods available to someone who "hacked" your account by obtaining the password is possibly to irrevocably delete the mails, which isn't much of a plan to hold a ransom is it? In other words, it has nothing to do with protecting your passwords and everything to do with the security at the system level which is out of your control.

    Nobody who has done this would ever risk "returning to the scene of the crime" to fix the problem (remember, the notion that they would give you a password to restore your data is bogus since that capabiliy does not exist), ergo - you are never going to get your data back anyway and it would be foolish to pay the ransom with that belief.

    reply to this | link to this | view in chronology ]

  • identicon
    Makes NO sense..., 14 Dec 2006 @ 12:43am

    I agree with misanthropic humanist on this one -- This seems like a pretty pathetic little "hack". Nothing different from any other hack that just goes in and destroys stuff. Whoopie, some old e-mails got deleted. ANYtime you're doing something on the internet, there's the chance of "hackers" getting into your data.

    reply to this | link to this | view in chronology ]

  • identicon
    The infamous Joe, 14 Dec 2006 @ 4:09am

    Speaking of hackers...

    ...I blame Angelina Jolie.

    This is even MORE pathetic than hacking myspace.

    But not quite as pathetic as asking people to check out your mysapce page to hack it. That's really sad. :-P

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Dec 2006 @ 9:04am

    Re: I Challenge You!

    L-A-M-E. Spam somewhere else.

    reply to this | link to this | view in chronology ]

  • identicon
    Sergey Brin, 14 Dec 2006 @ 12:16pm

    Re: I Challenge You!

    Done.

    The bill for 3 month's worth of hosting google.com is in the mail. Thanks for the great offer!

    reply to this | link to this | view in chronology ]

  • identicon
    Fresh, 10 Mar 2007 @ 1:55pm

    Hackers

    How do I get a hold of a good hacker ?
    gonefresh@hotmail.com

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.