Tags:




someone's reading my email!!!
March 24, 2005 2:23 PM   RSS feed for this thread Subscribe

stop reading my email filter; I type an email, I send said email to person X, I immediately delete said email from sent folder, and I delete said email from the deleted folder. I can no longer see said email. Now the fun begins! Fast forward 24 hours. Person Y tells me that he is looking at my screen and said email and can quote from email.

My info; logged into company network on a Win XPpro machine. Email and my screen seen by person Y outside my company's network. At one point in time this person did have access to my login information to network and my email password.

multipronged question; how could this have been done, how are they looking at deleted files, how hard was this for them to do, and can I prevent this from happening again?
posted by busboy789 to computers & internet (21 comments total)
Serves you right for giving away your email password.

Go and humbly report yourself to your network admin for a new password (possibly a new account). And make sure than anything else you log into (remote desktop, etc...) that had same password as your email account also gets a new password. Also, there may be legal ramifications concerning person Y.
posted by furtive at 2:31 PM on March 24, 2005


When they had rights to it, they could have installed something to let them in the back door? Have you changed your password to over 8 characters with caps, numbers, and characters? Was this person an admin in the company so they could have pointed your email account to them so they could put in any number of back doors? Have you downloaded all the recent security patches from MS for both the OS and the email program (if it's office)? What is your email client and server application? Does your company have a firewall?

Is this person a friend or just some annoying guy who's hacking your machine? Talk to your firewall people and see if they can block him from coming in (if you know IP address he's coming from.)

have no idea how this would happen.
posted by aacheson at 2:32 PM on March 24, 2005


I can recover my deleted email messages by clicking "Tools" and then selecting "Recover Deleted Items." They are in a big deleted items folder on a server. So this person had you login and password, they logged in as you, and recovered the message. You could prevent this by changing your password.
posted by fixedgear at 2:33 PM on March 24, 2005


There's loads of different ways for people to get into your computer if they once had an admin account in your domain and/or network and/or physical access to your PC. The best thing you can do is reset your password (possibly a new account like furtive said), and report him to your administrator (also like furtive said.)
posted by aacheson at 2:34 PM on March 24, 2005


They could also have control the account you sent the email to.
posted by fake at 2:34 PM on March 24, 2005


Just as a FYI, if you hold down the SHIFT key and at the same time hit delete, the message doesn't go into the deleted items nor recover deleted items bin.
posted by aacheson at 2:37 PM on March 24, 2005


You probably access your e-mail via "IMAP" which supports the idea of marking something deleted, but not actually instructiong the server to remove the item until the mail folder is "purged". Usually you'll have a command hidden somewhere in your mail client to "purge deleted items" or something along those lines. So that will get rid of the messages, but not change the fact that this person either has your mail password and is reading your mail, or has spyware installed on your PC.
posted by Voivod at 3:05 PM on March 24, 2005


There are so many diffrent variables here it's really hard to tell you what really happened. Maybe he installed a back door, maybe someone forwarded the mail to him, maybe the mail is stored on an IMAP server. etc, etc, etc.
posted by delmoi at 3:45 PM on March 24, 2005


Then there's the relatively low tech possibility that person Y set it up so that everything you send gets BCC'd to him. Again, your admin could fix that.
posted by cali at 3:51 PM on March 24, 2005


Or person X replied to said email and attached the full body of the original text at the bottom; person Y merely opened it and read it.
posted by rhapsodie at 4:24 PM on March 24, 2005


Y was never an admin. X did not reply.
I know nothing about IMAP, I'm relatively sure that Y does not either (let me change that to I didn't think Y would no anything about IMAP)
cali; how could Y set up everything being BCC'd to him?

this is of a personal nature, so I would like to keep my admin out of this if possible. I am able to change my password and have done that. Any more suggestions?
posted by busboy789 at 5:26 PM on March 24, 2005


In order of increasing paranoia: Run a good anti-virus scan, which will at least have some chance of catching the more popular back-door programs. Port-scan it (check, from some other machine, for unexpected listening ports.) Sniff the network connection to listen for any unexplained outgoing packets (which can be easily done on windows with one of those "personal firewall" programs.) Or just find a way to fuck up windows so badly that your admin is forced to do a fresh install on the machine.
posted by sfenders at 5:46 PM on March 24, 2005


Is Y (your attacker) computer savvy? How much so? There are so many ways that a person could "read" an email you sent.

* It's possible it was not truly 100% deleted. I'd rather not go into the details but there are many levels of "deleted" each one really meaning that it's more difficult to obtain the data than the one before. True deletion is a rare thing. There are a bajillion variables here.

* It's possible he or someone else is sniffing network traffic, either on a large scale basis (all or part of your network) or just your computer. In this case it's easy for him to get all the emails you send, as you send them, and it does not matter what you do to the sent mail folder.

* It's possible that he has installed a program on your computer that logs your keystrokes or otherwise monitors system activity. As such he could obtain the text of your email as you type it. This is extremely dangerous as it also means he'd have access to pretty much anything you typed, including passwords.

* It's possible that someone else has done one of the above, or that the recipient of your email has sent him text from the email.

There are probably many more possibilities and endless variations on those. I would not stop short of a full re-install, new passwords, the whole caboodle. Maybe you don't have to tell your company sysadmin everything, maybe just tell him you think you've been hacked and see what he can do. Although, for all you know, he's in on it. Who can you really trust? No offense, but you don't sound like someone who might be able to take care of this himself.
posted by RustyBrooks at 5:52 PM on March 24, 2005


Whatever it is person Y is doing, its probably illegal in the US.
posted by Good Brain at 7:09 PM on March 24, 2005


I agree with RustryBrooks, EXCEPT:
I do not think is it smart to tell your company sysadmin that you "think you've been hacked." Working in tech support has taught me that many users attribute mistakes they are making, or have made, to "being hacked." Thus, unless you know you've been hacked, don't stress the sysadmin out like that :-)
You can even say "my system has been compromised" or something nerdy like that...hacked is just so...dramatic. :-)

posted by michaelkuznet at 9:35 PM on March 24, 2005


As a (former) network admin, I can tell you that I'd much prefer that you tell me what's going on -- without using fancy words, just tell them what you said above -- and let me figure out the how. The broader company network could be at risk, and the sooner I know, the better. Of course, the admin's manager might be a little less easygoing about it -- but imagine the reaction should they find out about the break-in themselves, and that you knew but didn't inform them. In many companies this would be a firing offense, and could even conceivably bring criminal charges.

There are a few major variables here you haven't clarified. First, is this XP system company property? Is it located on company property? This makes a difference. If they're looking at your home system, for instance, that's not the same as looking at you across the LAN. Second, is the interloper also a company employee? and did he have the passwords you note for a legitimate reason? even temporary convenience? If so you should have changed those passwords immediately afterward -- although Bog knows such things are shared around plenty within workgroups. In any case if this person is also an employee they could themselves be subject to disciplinary action. Again this points to informing the admins.

The way you said "looking at my screen" suggests to me a screenshot trojan, btw -- which would transmit periodic screenshots to a specified location -- but you weren't detailed enough to be sure.

Also, why were you deleting this e-mail? Something you'd rather be private? Be aware that nothing you do or send via your company's network is private, practically or legally. Just ask Harry Stonecipher. At a former company, a person I knew barely escaped firing just for exchanging e-mails with a woman having an affair with another employee about the affair. When it was discovered, they went back through an entire year-and-a-half of Lotus Notes correspondence.
posted by dhartung at 11:57 PM on March 24, 2005


what dhartung said. users are idiots. you've been an idiot, but that's normal. just admit it, get shouted at, apologise, and it will get fixed.
posted by andrew cooke at 5:35 AM on March 25, 2005


PS: WinXP accepts spaces in passwords. A sentence rather than a one-word password is insanely secure (from a windows perspective) because the whole thing needs to be guessed at once, can't be broken into sections. When picking a new password, keep this in mind. Something like "Email is not secure, and now back to Metafilter" would be impossible to brute-force crack in a reasonable amount of time (read: years) with existing technology, and yet remain easy for you to remember.

Good luck.
posted by caution live frogs at 6:09 AM on March 25, 2005


dhartung- I was going for "has been hacked" not being a symptom, but the user jumping to conclusions. no worries.
posted by michaelkuznet at 10:37 AM on March 25, 2005


An add on:

It's virtually impossible for a user to delete a message from some email systems. The message gets stored and logged in multiple places. The servers are generally backed up on a regular basis, and backup tapes tend to be retained for some period of time, sometimes, a certain percentage of tapes is retained indefinitely.

Often, email exchanges are requested as part of legal proceedings, and all email currently on the server and on all retained backups are fair game. If you don't want something circulating, for god's sake, don't send it in an email.

For what it's worth, I work for a large public institution in the state of Iowa. We have a very broad "open meetings" law that gives anyone in the state the right to read my email (or anybody else's who works here, too). This has been quite embarrassing/frustrating for us as an institution because any party that we negotiate with has nearly unlimited access to our internal deliberations. So, if you think you've got it bad, it could be a lot worse.
posted by idlemind at 11:44 AM on March 25, 2005


You said you don't want to bring it to Sysadmin attention because it's a personal matter. You should know then, that your Sysadmin can (and in some companies is instructed to) read empoloyee's outgoing email.
Personal email sent at work was never private to begin with. If you wish for privacy on someone else's equipment, you'd have to encrypt your emails or something. PGP has free-for-personal-use encryption tools, but I'd suggest simply not expecting privacy at work - save the delicate emails for when you're on your own system.

That said, my guess is that X simply forwarded it to Y. Neither hi-tech, nor anything that hi-tech could prevent.
posted by -harlequin- at 12:16 PM on March 25, 2005


« Older My husband and I want to take ...   |   I want to buy a 35mm camera an... Newer »
This thread is closed to new comments.