by Reb Akiva @ Mystical Paths
A number of people responded with questions about my experience on getting my Google account hacked and what I learned about it. This article is going to be computer oriented and a bit technical, but I’ll do my best to keep it as understandable to everyone as possible.
I am a computer expert. I’ve been working with computers since I was a child (and as my teenagers frequently remind me, the grey in my beard indicates that was a long time ago). I can program, build a web site or build a computer from parts. I can administer databases and networks.
I don’t say any of that to impress anyone (G-d forbid) but rather to point out I’m about as well informed and educated on computer security matters as anyone who’s not a specific expert on computer security can be.
On the same day, at the same time, my Google account and my wife’s Google account were stolen – taken over by hackers. I use my Google account for personal email (Gmail), documents (Google Docs), operating this blog (Blogger), posting videos for this blog (Youtube), pictures for this blog (Picassa), the feed for this blog (Feedburner), operating a blog for my synagogue, and operating a professional career blog. Naturally it (was) my destination for bank statements, credit card statements, my connecting email for Facebook, Twitter, domain hosting (GoDaddy), web hosting accounts, and more. I’d been using Gmail since 2004, so basically my whole electronic life was linked to the account along with an archive history of that life.
Losing access to my account was devastating, opened me to potential identity theft, and lost me access to this blog and others.
So how’d a computer expert get hacked and what can you do to avoid it?
Let’s start with the simple and surprising. My computer was NOT infected. I did not have a virus OR spyware. That is the first level of protection everyone must have, anti-virus and anti-spyware (spyware doesn’t try to take over your computer or steal data on your computer – instead it watches what you do and gathers passwords or account numbers as you do things).
Here’s my recommended free anti-virus and anti-spyware programs…
Anti-Virus – Microsoft Security Essentials is free if you have a legal copy of Windows and rated as providing good protection. It’s also very easy to use. Another alternative that’s actually hacker recommended is Avira.
Anti-Spyware – Spybot Search & Destroy offers good free anti-spyware detection & prevention. It is a bit complicated to use though.
One way people can get hacked without their computer being infected is “someone else” listening in on their network. This could be a neighborhood teenager or someone intentionally driving around the neighborhood hooking into your wireless network. This is avoided by activating the security on your wifi network router. When turning on such security there are usually multiple options. Note the first option, called WEP, has been cracked and is no longer considered secure. Use a WPA2 setting if it’s offered and you are using Windows Vista or 7 (older Windows may not be able to connect to WPA2).
But this is NOT what happened to me. My network is secure on the highest setting.
This can also happen to you VERY EASILY if you’re connected to a wifi hotspot that’s not secure. Say at the local Starbucks or coffee bar or even using your neighbor’s unsecure network. It can even happen to you if you are on a secure network that’s public, say at a hotel or airport. Meaning anyone on the same network as you can “watch” and “listen in” to everything you do on the internet! If you “secure” your connection you can prevent them from listening to what you are doing – but they will ALWAYS be able to see where you are going (so they’ll see you went to Hotmail, but not what happened once you connected).
It’s even possible to “listen in” to your internet activity from other places on the internet. This requires a hacker to have control of a computer at your internet company (like at Comcast or Bezek), but it’s possible.
Both problems are avoided by making sure your important connections are using a “secure” connection (https). Some sites, like banks, do this automatically. But others, like Facebook and Gmail have options and DO NOT (or did not in the past – Gmail recently changed their default to do so). Here’s how you turn on a secure connection for Gmail and Facebook… [ Note turning on a secure connection for Facebook will make some Facebook game apps not work. I’d rather have the security! ]
But this is NOT what happened to me. My accounts were stolen while I was on my secure home network on a secure (https) connection to Gmail. So while what I’ve told you so far will stop my 13 year old son from hacking you, it didn’t stop the Egyptian hacker who hacked me.
And that freaked me out! I scanned and re-scanned my machines for a hidden virus or one that isn’t known yet. I checked and rechecked my network security. I checked my connection history. All was secure but my accounts where stolen.
I consulted multiple tech experts until I reached a top information technology security consultant, who explained to me how it happened. And that will be the topic of part 2.
Picture of a hacked account…