:: News Plus

They all pry... lovers, bosses, husbands

A Hacker

Bengaluru

The most common request that amateur hackers get is for someone’s email account to be broken into. Such demands often come from suspicious spouses, disgruntled lovers, angry ex-employees or paranoid bosses. There are also, often, corporate espionage requests, but those requests are usually made to top-notch hackers — crackers, criminals or unethical hackers.

Hacking a free Web-based email service — such as Hotmail, Gmail, Indiatimes mail, etc — is pretty easy. Those requesting the hack job sometimes give us access to the computer used by the target. All that is required then is for the hacker to install a keyboard logger — software that records all keyboard strokes, so when the target types in the password, we know what it is. And once we know the password, to either the victim’s computer or to email account, we can remote control the computer. And, oh! We do a thorough clean-up of our job so that the average user will never know his/her computer had been hacked into.

In most cases, however, hackers don’t get access to the target’s computer. Then the slightly more "professional" hacker kicks in, with tools and methods matching the level of complexity. The most common loophole in email systems is the password recovery option. The standard password recovery option in most email systems is to answer a secret question or one from a drop-down list of questions. These questions — "What is your mother’s maiden name?" or "Which is your first school?" — are quite straightforward and especially easy for close friends, a lover or spouse. Remember, if someone wants to specifically hack your free email account, then chances are that that person is someone you know.

Recently, a man contacted me to hack into his wife’s email account (offered by a global search engine company). The password had to be obtained from the email service provider and to do that a drop-down question had to be answered. It took 10 minutes to break into the account because the password recovery question and its answer were very easy to guess.

The more security-conscious email service providers do not store the password, but an encrypted version of it. But there are email services in India, such as one offered by a powerful media house, that will let you see the password, almost immediately. If you are using such email services, you are at risk.

Better email service providers send the password or password change link upon request to an alternative email account registered with them at the time of signing up to the account. That makes hacking a tad difficult.

There are several nifty tools that help hackers guess answers to password recovery questions or even crack passwords directly using brute-force algorithms that are out there on the Web.