Online Accounts Hacking

julie_carlsonjulie_carlson Chicago Ridge, IL
edited May 2009 in Science & Tech
My live in boyfriend stated that he has a "computer expert" in Chicago "monitoring" an online account I have. It's on a silly site called MyYearbook. I only use it to track my daughter's activities so I don't really care.

What concerns me is that he stated that this expert has the ability to trace, break into and read or manipulate any web based account knowing only the IP address of the computer being used to access the account. In the absence of any keylogger type of programs, is he being truthful? I do my banking online....

Without having my password info, this guy was able to produce a printout of a web based email conversation from my account. I used to work closely with IT, taught classes on pc security, etc. and I am stumped. What steps can I take to protect my privacy? I've already changed passwords to a random alpha numeric format and am very careful about logging out of anything I use.

Sincerely,
Julie

Comments

  • kryystkryyst Ontario, Canada
    edited February 2009
    He could be running a man in the middle attack.
    He could have set your computer up to proxy through another server.
    He could just be BSing you.

    Knowing a computer IP alone isn't enough info to do specifically what he's saying he can do.

    But by the same token if your BF threatening you with this level of crap probably time to boot him to the curb.
  • julie_carlsonjulie_carlson Chicago Ridge, IL
    edited February 2009
    Thanks!!! If I call my internet provider, can they check the proxy stuff?
    kryyst wrote:
    He could be running a man in the middle attack.
    He could have set your computer up to proxy through another server.
    He could just be BSing you.

    Knowing a computer IP alone isn't enough info to do specifically what he's saying he can do.

    But by the same token if your BF threatening you with this level of crap probably time to boot him to the curb.
  • kryystkryyst Ontario, Canada
    edited February 2009
    No but the proxy settings are either going to be set on your computer or on a router that they are going through.
  • Gate28Gate28 Orlando, Florida Icrontian
    edited February 2009
    Without having my password info, this guy was able to produce a printout of a web based email conversation from my account.

    A lot of those silly parental control have the ability to send IM conversations and e-mails sent either to or from their children to their mailbox in addition to being sent to whoever was supposed to receive it. Perhaps this expert or your BF is using parental control software to do this.

    It seems unlikely that he would be able to do this without installing something on your computer. Did you actually see this printout of your conversation? If you didn't I'm going to call BS. If you did, look closely at it. Does it say that the emails are from you and your friend and to you and your friend? are there any Bcc's or cc's? If there are timestamps, do they match when the conversation took place? What e-mail client do you use?
  • airbornflghtairbornflght Houston, TX Icrontian
    edited March 2009
    Why the hell you would you put up with someone like that? He is obviously batshit crazy.
  • trolltroll Windsor, Nova Scotia Icrontian
    edited March 2009
    Bingo...
  • edited March 2009
    do u using any router at ur home ?? i think he has the public IP address for ur gateway router .
    the best way try to change ur ISP.
  • MrTRiotMrTRiot Northern Ontario Icrontian
    edited March 2009
    I highly doubt he'll be able to do very much, if anything at all with your IP address. I'm not sure about the states but 99% of Canadian ISP's use Dynamic and not Static IPs :canflag: .

    Just make sure he's not watching over your shoulder when you're putting your bank info in

    Oh...and dump him to the curb. You gotta be atleast a little loopy to say stuff like that to your girlfriend
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited March 2009
    Dear Julie:

    Your live-in boyfriend is a controlling, manipulative dickhead.

    Love,

    Brian
  • RADARADA Apple Valley, CA Member
    edited March 2009
    Dear Julie:

    Your live-in boyfriend is a controlling, manipulative dickhead.

    Love,

    Brian

    Couldn't have said it better myself...


    ...other than there should be a BIG, HUGE EX in front of boyfriend....


    x2 - kick his sorry ass to the curb!!
  • NLichtmanNLichtman Spring Valley, CA
    edited March 2009
    Like most have said here, he can't do much of those things he claims to be able to do with just your ip. This sounds like a proxy-server is involved. You would want to check all of your ports and make sure they are as secure as possible, too. Check for any odd programs that you don't recognize or viruses. Uninstall and destroy them. Good luck with your problem.

    Primesuspect, where are links for downloading the Pocket Killbox?
  • GrayFoxGrayFox /dev/urandom Member
    edited March 2009
    First thing, If you use internet explorer 6 upgrade to at minimum IE7. Or download firefox.

    Visit a site that has ssh, Such as gmail.com or your banking site (Don't login).

    Most tools that allow you to do man in the middle attack by default spoof ssl as well. This makes them easy to detect since the certificates will be invalid.

    Also ensure your wifi is secure if you use it. Use at least WPA encryption at a minimum, Don't use something he can guess for the password.

    If your wifi is insecure he can literally just show up with his laptop switch his wifi card to monitor mode and listen in on all your traffic that isn't encrypted.

    Most likely hes full or shit or put at most put Trojan on your computer.

    If your really concerned and the first test was ok, (No error message and the picture of the lock was there).

    Format your computer put a fresh install of windows on your computer, Then change all of your passwords, Don't use the same password for everything and don't write it down.

    Then dump your boyfriend he clearly has some major issues and should see a psychiatrist or something.

    edit: From what you have described it sounds like hes doing a man in the middle attack (probably arp cache poisoning). If the ssl certs are valid, your using a browser that doesn't suck at verifying certificates (Firefox,chrome,IE7+). And the picture of the lock is still there you should be good. There are few ways to have the session between you and the attacker in http and the session from the attacker to the site in https. But you won't have the picture of the lock in the right spot of your screen. (In firefox bottom right of your screen).

    For a man in the middle attack he would have to be sitting on your lan either wired or wirelessly. Or he would have to have compromised a host on your lan.
  • VicarVicar Icrontian
    edited March 2009
    Julie, dump him and run. You can do better.
  • phuschnickensphuschnickens Beverly Hills, Michigan Member
    edited March 2009
    He is obviously batshit crazy.

    well said. i just booted my batshit crazy gf
  • edited May 2009
    Probably what is really happening is that his friend can't do all he says he can. But in the case that he can. You probably are going to need to search your computer for bugs or spy ware and update your virus program daily.
Sign In or Register to comment.