Password skullduggery?
December 15, 2006 7:06 AM Subscribe
A friend of mine might be being spied on...
A friend of mine's Hotmail password mysteriously stopped working one day a few weeks back. After some concerted effort she got the Hotmail administrators' attention and got a new passord. She logged into the account once and after that the password again ceased working.
So she then opened a Gmail account this time while trying to sort out the ongoing hotmail account issues. The password on the Gmail account then promptly stopped working after logging in to it just once.
What's going on here? Could this be a technical snafu? Also, my friend is a not-unknown writer in Hollywood which is adding to my paranoia, what with the industry's not torious lack of ethics and the Anthony Pelicanos wiretap scandal. Could someone be using a keylogger program or some other underhanded trick to mess with her? Not that she has any enemies I know of...
A friend of mine's Hotmail password mysteriously stopped working one day a few weeks back. After some concerted effort she got the Hotmail administrators' attention and got a new passord. She logged into the account once and after that the password again ceased working.
So she then opened a Gmail account this time while trying to sort out the ongoing hotmail account issues. The password on the Gmail account then promptly stopped working after logging in to it just once.
What's going on here? Could this be a technical snafu? Also, my friend is a not-unknown writer in Hollywood which is adding to my paranoia, what with the industry's not torious lack of ethics and the Anthony Pelicanos wiretap scandal. Could someone be using a keylogger program or some other underhanded trick to mess with her? Not that she has any enemies I know of...
*I am not a computer expert* What if she opened a totally new email account, completely unrelated to her name, from someone else's computer (assuming that she used her home/work computer(s) for the above). And only used this new email account on the friend's computer for a while to see if the password stopped working. That would help to narrow down where the problem might be.
posted by iurodivii at 7:19 AM on December 15, 2006
posted by iurodivii at 7:19 AM on December 15, 2006
For what it's worth, someone trying to spy on her probably wouldn't change her password. Each time she goes to tech support and gets her password reset, they have to go to the trouble of stealing the new one all over again — and, as your post shows, each time it happens she'll get a little more paranoid. They'd want to leave it unchanged so that she could continue using the account in blissful ignorance and they could continue watching.
posted by nebulawindphone at 7:24 AM on December 15, 2006
posted by nebulawindphone at 7:24 AM on December 15, 2006
Yes, it seems more like someone is f*ing with her, assuming she isn't somehow screwing this up herself.
posted by caddis at 7:27 AM on December 15, 2006
posted by caddis at 7:27 AM on December 15, 2006
Did she tell you the password? Are you sure she wasn't just screwing it up?
I can imagine a situation where someone, being paranoid, comes up with a "new" password which they forget about entirely, and then think that that password was changed.
That seems like the most likely explanation. I suppose it's possible someone was messing with her, but if they really wanted to spy on her they wouldn't change the password...
posted by delmoi at 7:36 AM on December 15, 2006
I can imagine a situation where someone, being paranoid, comes up with a "new" password which they forget about entirely, and then think that that password was changed.
That seems like the most likely explanation. I suppose it's possible someone was messing with her, but if they really wanted to spy on her they wouldn't change the password...
posted by delmoi at 7:36 AM on December 15, 2006
If there is a spy in this story, it is the dumbest spy ever.
posted by Lame_username at 7:39 AM on December 15, 2006 [3 favorites]
posted by Lame_username at 7:39 AM on December 15, 2006 [3 favorites]
Is she accessing the email accounts from the same computer? Does anyone else (friend, SO, flatmate, co-worker) have access to the computer? Is she ticking the "keep me logged in on this computer" box and then leaving the computer switched on so someone else can get into her email while she's not there? Is her keyboard working properly?
Get her to install and run Spybot S&D in case there's spyware that's fucking with her computer.
posted by EndsOfInvention at 7:49 AM on December 15, 2006
Get her to install and run Spybot S&D in case there's spyware that's fucking with her computer.
posted by EndsOfInvention at 7:49 AM on December 15, 2006
Consider also the possibility that the keyboard may have a key that is sticky or bouncing (i.e., firing more than once when pressed only once).
My wife's PC's Num-Pad "4" key intermittently sticks, and resulting in lots of 4s when Num Lock is on, and backwards typing when Num Lock is off (because after each keypress, the left arrow moves you to the beginning of the field!)
Confusion for her. Five seconds of hilarity for me, followed by cold shoulder...
At least I know what to buy her for Christmas...!
posted by blue_wardrobe at 8:17 AM on December 15, 2006
My wife's PC's Num-Pad "4" key intermittently sticks, and resulting in lots of 4s when Num Lock is on, and backwards typing when Num Lock is off (because after each keypress, the left arrow moves you to the beginning of the field!)
Confusion for her. Five seconds of hilarity for me, followed by cold shoulder...
At least I know what to buy her for Christmas...!
posted by blue_wardrobe at 8:17 AM on December 15, 2006
Response by poster: A couple of details to add here:
It's NOT a caps lock issue
She lives alone and no one that she knows of has physical access to her computer
And as for the spying, maybe someone is just messing with her. She's never said she thinks she is being spied on -- that's my paranoia -- she's just confused.
Thanks for your help so far.
posted by Heminator at 8:19 AM on December 15, 2006
It's NOT a caps lock issue
She lives alone and no one that she knows of has physical access to her computer
And as for the spying, maybe someone is just messing with her. She's never said she thinks she is being spied on -- that's my paranoia -- she's just confused.
Thanks for your help so far.
posted by Heminator at 8:19 AM on December 15, 2006
Turn her computer off. Unplug it and leave it in the corner. Loan her a spare laptop with a clean, fully patched, OS on it. Tell her not to click "yes" on ANY INSTALL PROMPTS WHATSOEVER while she's browsing around.
Let her use it for a few days, see what happens.
posted by Myself at 9:07 AM on December 15, 2006
Let her use it for a few days, see what happens.
posted by Myself at 9:07 AM on December 15, 2006
If she's using wireless in her house make sure its WPA encrypted.
It doesn't take a great deal of technically knowledge to use a packet sniffer on a unsecure network or even a WEP encrypted one.
posted by aznhalf at 9:20 AM on December 15, 2006
It doesn't take a great deal of technically knowledge to use a packet sniffer on a unsecure network or even a WEP encrypted one.
posted by aznhalf at 9:20 AM on December 15, 2006
Either problem is in meatspace or in cyberspace. I think the best way to figure out which is to run an experiment.
First, this won't work if she's afraid of new things. Also, it will take several minutes every time she wants to check mail. That's the cost of finding out where the problem is.
Download the Ubuntu CD and get her to access webmail exclusively through booting with it. First time, change the mail password. Never use that password outside of Ubuntu!
Make sure she's using SSL to log-in to the place. Use "https://mail.google.com/", e.g.
After a little while, it will either happen or not happen. If it happens, then it's her in some way. (Or, unlikely: deep in the hardware.)
If it doesn't, then her software or network is the problem.
A note on Ubuntu: It's not hard to use, but it is different. Difference means that it's a good experiment, though, so try to embrace it.
posted by cmiller at 11:19 AM on December 15, 2006
First, this won't work if she's afraid of new things. Also, it will take several minutes every time she wants to check mail. That's the cost of finding out where the problem is.
Download the Ubuntu CD and get her to access webmail exclusively through booting with it. First time, change the mail password. Never use that password outside of Ubuntu!
Make sure she's using SSL to log-in to the place. Use "https://mail.google.com/", e.g.
After a little while, it will either happen or not happen. If it happens, then it's her in some way. (Or, unlikely: deep in the hardware.)
If it doesn't, then her software or network is the problem.
A note on Ubuntu: It's not hard to use, but it is different. Difference means that it's a good experiment, though, so try to embrace it.
posted by cmiller at 11:19 AM on December 15, 2006
Check and make sure she's not letting the browser save her (mistyped) password.
Sometimes we have that issue with users here at work. Internet Explorer saves their password for them, then next time they don't bother to retype it and they can't get in.
posted by denimflavored at 11:25 AM on December 15, 2006
Sometimes we have that issue with users here at work. Internet Explorer saves their password for them, then next time they don't bother to retype it and they can't get in.
posted by denimflavored at 11:25 AM on December 15, 2006
Tell her to stop using crappy passwords like "fluffy123" - pretty much every single time I've encountered a user that thought they were being spied on or the NSA was after them was using a really really simple and crappy (easily cracked) password.
As silly as this might sound.. uh, try another keyboard. It could be as simple as a sticky key.
posted by drstein at 12:19 PM on December 15, 2006
As silly as this might sound.. uh, try another keyboard. It could be as simple as a sticky key.
posted by drstein at 12:19 PM on December 15, 2006
Strong possibility: Have her check her "security question," the one that's used for account access / password recovery. Many people's are just bad: "When did you graduate from high school?" "Who was your first girlfriend?" Anybody who knows you personally will likely know or be able to find out the answers to these questions (and I, uh, have a friend or two who've used this very method to gain access to email accounts on a whim or a dare in their more youthful and exhuberant but perhaps less wise days).
The thing that makes me suspect this is when you go through password recovery, many systems will have you set a new password. This obviously locks the legit owner out (until they go through the recovery process or contact customer service). This appears to be what is happening to your friend.
It could also be someone with spyware or a keylogger or s00p3r l33t h4x0r skillz who's just messing with her, or it could be a fonky keyboard with issues, so all those issues are worth checking out. But the results you describe match the illegitimate password recovery process and most people's security questions are crap, and it's also really easy to test if this is the problem and do something if it is.
posted by weston at 12:20 PM on December 15, 2006
The thing that makes me suspect this is when you go through password recovery, many systems will have you set a new password. This obviously locks the legit owner out (until they go through the recovery process or contact customer service). This appears to be what is happening to your friend.
It could also be someone with spyware or a keylogger or s00p3r l33t h4x0r skillz who's just messing with her, or it could be a fonky keyboard with issues, so all those issues are worth checking out. But the results you describe match the illegitimate password recovery process and most people's security questions are crap, and it's also really easy to test if this is the problem and do something if it is.
posted by weston at 12:20 PM on December 15, 2006
yes, the security question is a good angle. If someone she knows is trying to mess with her and knows enough about her background they may know the answer to her security question.
posted by caddis at 11:36 PM on December 15, 2006
posted by caddis at 11:36 PM on December 15, 2006
This thread is closed to new comments.
posted by weapons-grade pandemonium at 7:15 AM on December 15, 2006