SIGforum.com    Main Page  Hop To Forum Categories  What's Your Deal!    Hacker Emailed Me To Say That S/He Recorded Me "Pleasuring Myself"
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
Hacker Emailed Me To Say That S/He Recorded Me "Pleasuring Myself" Login/Join 
אַרְיֵה
Picture of V-Tail
posted
I just took a casual look at the "junk" folder in my email client, looking for an email that I was expecting but had not received. I saw something that did not look right, and it took me a minute or so to figure out what was going on. Before I go any further, let me emphasize: For security, do not use the same password for multiple different websites! Make sure that each website that you use, if it requires an user-ID / password combination, has a unique password.

Yes, a lot of passwords might be difficult to manage and nearly impossible to memorize, but you need to do it. My wife keeps a small notebook with all her information written in it. Eek I have not been able to convince her to use a password manager. I use 1Password, but there are other good password managers out there, too.

OK, warnings out of the way, here's what happened. I'm sure that many of you have received the blackmail type emails, stating that the sender has a) hacked into your computer and has all your passwords, and b) has remotely taken control of your computer's camera and has recorded you "pleasuring yourself." The blackmailer demands payment in bitcoin, or the captured videos will be made public.

I always laugh at these; no one has recorded me "pleasuring myself" because age (82) and prostate cancer treatment, so that part is not possible. However, the blackmailer did refer to a password that I recognized. I do follow my own rule and use a unique password for each website, so it was easy enough to identify -- it was a password that I used ONLY on myFitnessPal.com.

That made me a little more curious, so I did a bit of internet searching and found that myFitnessPal.com was hacked in March, 2018: https://www.theguardian.com/te...p-users-under-armour.

Then, almost a year later, it was reported that the stolen data was being sold -- apparently, you can buy a copy for less than $20,000.00! https://fortune.com/2019/02/14...web-one-year-breach/.

Fortunately, there is nothing on my account at MyFitnessPal that can be used to damage me, and the password that I use there won't work on any other website, so other than irritating me, no harm was done. But this is a heads-up: If you use the same password on two or more websites, you are creating a crack in your security shield. Fix it now!



הרחפת שלי מלאה בצלופחים
 
Posts: 31599 | Location: Central Florida, Orlando area | Registered: January 03, 2010Reply With QuoteReport This Post
Member
Picture of erj_pilot
posted Hide Post
That would be rather difficult, since my "computer" or "monitor" doesn't have a camera. Guess they'd have to lurk outside my window and take physical photographs and then they'd better be quick about it or risk a bullet sandwich ala .40 S&W.

My mom got hacked and I got an e-mail that said her niece needed money for iTunes or something like that. Of course with how click-happy my mother is (84 years old, BTW) and probably responds to the Nigerian Prince on a weekly basis, I'm surprised it took her this long to get hacked...astonished, actually. Eek



"If you’re a leader, you lead the way. Not just on the easy ones; you take the tough ones too…” – MAJ Richard D. Winters (1918-2011), E Company, 2nd Battalion, 506th Parachute Infantry Regiment, 101st Airborne

"Woe to those who call evil good, and good evil... Therefore, as tongues of fire lick up straw and as dry grass sinks down in the flames, so their roots will decay and their flowers blow away like dust; for they have rejected the law of the Lord Almighty and spurned the word of the Holy One of Israel." - Isaiah 5:20,24
 
Posts: 11066 | Location: NW Houston | Registered: April 04, 2012Reply With QuoteReport This Post
אַרְיֵה
Picture of V-Tail
posted Hide Post
quote:
That would be rather difficult, since my "computer" or "monitor" doesn't have a camera.
They can always get you via your phone! Eek



הרחפת שלי מלאה בצלופחים
 
Posts: 31599 | Location: Central Florida, Orlando area | Registered: January 03, 2010Reply With QuoteReport This Post
On the wrong side of
the Mobius strip
Picture of Patrick-SP2022
posted Hide Post
I get those emails regularly.
Linked In was the source of the password provided.
I had changed it out years ago when they were hacked and multiple times since then.

Although, if someone hacks my camera, this is what they would see.





 
Posts: 4168 | Location: Texas | Registered: April 16, 2012Reply With QuoteReport This Post
Freethinker
Picture of sigfreund
posted Hide Post
A question about password managers: Aren’t they an online thing? If so, how secure are they? We have seen countless examples of data breaches of what should be some of the most secure business and government sites in existence. Why do we believe they cannot be hacked at some point? How are they more secure than the written records some of us maintain? As has been noted in more than one book on cryptography, the most secure method of written communication of all is a handwritten note slipped under someone’s door. Put it in the ether or cyberspace, and it’s there for anyone to grab and attempt to use.

Not a challenge, BTW, because I am in no position to do that, just a genuine attempt to understand.




6.4/93.6
___________
“We are Americans …. Together we have resisted the trap of appeasement, cynicism, and isolation that gives temptation to tyrants.”
— George H. W. Bush
 
Posts: 47833 | Location: 10,150 Feet Above Sea Level in Colorado | Registered: April 04, 2002Reply With QuoteReport This Post
Member
posted Hide Post
AFAIK, password managers keep heavily encrypted versions of your passwords on whatever local machine the PM software runs on, not the cloud (unless you deliberately post them online - not recommended).
 
Posts: 1241 | Location: NE Indiana  | Registered: January 20, 2011Reply With QuoteReport This Post
Page late and a dollar short
posted Hide Post
My password was too taken from Linkedin. The last couple of years while working I never opened it because despite others successes using it I never found it to be of any value. I left it open after retirement but due to getting constant offers for out of state full time employment outside of my area of expertise I finally closed it out.


-------------------------------------——————
————————--Ignorance is a powerful tool if applied at the right time, even, usually, surpassing knowledge(E.J.Potter, A.K.A. The Michigan Madman)
 
Posts: 8447 | Location: Livingston County Michigan USA | Registered: August 11, 2002Reply With QuoteReport This Post
אַרְיֵה
Picture of V-Tail
posted Hide Post
quote:
Originally posted by sigfreund:

A question about password managers: Aren’t they an online thing?
There might be some that keep their data online, I don’t know for sure.

1Password, which is the one that I use, keeps your data file on your local computer or mobile device.



הרחפת שלי מלאה בצלופחים
 
Posts: 31599 | Location: Central Florida, Orlando area | Registered: January 03, 2010Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by sigfreund:
A question about password managers: Aren’t they an online thing? If so, how secure are they? We have seen countless examples of data breaches of what should be some of the most secure business and government sites in existence. Why do we believe they cannot be hacked at some point?

"We" do not. At least those of us who are, or used to be, employed in the tech sector and know what we're about do not.

quote:
Originally posted by sigfreund:
How are they more secure than the written records some of us maintain?

If you keep your written records on you, who's to say you won't be pick-pocketed? Fall in the water and they're destroyed? Keep them at home? What happens to them if your home burns down? What happens if you're <here>, your written records are <there>, and you need them now?

quote:
Originally posted by sigfreund:
Put it in the ether or cyberspace, and it’s there for anyone to grab and attempt to use.

True. That's why it's important to Chose Wisely.

I use a password manager that does not depend upon, much less require, cloud storage. I can share copies of it, manually, between as many different devices as I wish. It's also an open source standard. These choices mean I'm not limited to whatever platform(s) a particular author or company chooses, which gives me the freedom to choose the platforms upon which I allow my keyring to reside and shun platforms with a poor security history.

The encryption algorithm used by my password manager is "military grade" and the pass phrase has well over the minimum amount of entropy to ensure it's relatively difficult. I also occasionally, and irregularly, modify the pass phrase slightly in such a manner that it's easy to remember what the new pass phase is, but changes the keyspace in which it resides.

I do keep a copy or my keyring in cloud storage, but it's encrypted before it even hits that storage, then encrypted again when it's stored.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Peace through
superior firepower
Picture of parabellum
posted Hide Post
This kind of phishing is as common as dirt these days.
 
Posts: 109687 | Registered: January 20, 2000Reply With QuoteReport This Post
אַרְיֵה
Picture of V-Tail
posted Hide Post
quote:
Originally posted by parabellum:

This kind of phishing is as common as dirt these days.
Yes, unfortunately that is true.

The thing that really caught my attention on this one, was that they used one of my passwords, one that I had on only one site: MyFitnessPal.com.

I was pretty sure that they did not break into the password manager on my end, so a little bit of looking and I found that MyFitnessPal had been breached a year and a half ago, and the login data that had been stolen was being sold on the "underground" web for $20,000.00 / copy.

The links for the news articles on both the theft, and the sale of the stolen data, are in my original post.



הרחפת שלי מלאה בצלופחים
 
Posts: 31599 | Location: Central Florida, Orlando area | Registered: January 03, 2010Reply With QuoteReport This Post
Member
posted Hide Post
I got that same email . The funny thing is that it came from another gun forum that has a personal email address as one of it's perks for paid members . So essentially I sent the email to myself if that makes any sense . Scary shit . I took extensive measures to mitigate that from happening again .
 
Posts: 4373 | Location: Down in Louisiana . | Registered: February 27, 2009Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by selogic:
I got that same email. The funny thing is that it came from another gun forum that has a personal email address as one of it's perks for paid members. So essentially I sent the email to myself if that makes any sense. Scary shit.

Not really.

Look: The email protocol is fuller of holes than Swiss cheese. I could pick any email address in an SF member's profile and send them an email that would appear to have come from themselves in a New York heartbeat. It's trivial to do.

quote:
Originally posted by selogic:
I took extensive measures to mitigate that from happening again.

Good luck with that. Better people than me have tried to stop it, and I've been in the industry since before there was an Internet.

It will only be stopped when the email protocol is tightened-up. That's never going to happen because there are far too many vested interests that profit from it being as broken as it is, and that's the plain truth.

Hint: Many of the people with whom I used to work in the email anti-spam effort are now working for...

wait for it...


Email marketers. Bulk emailers. Or, as some of us like to call them: Spammers for hire.

The very same mechanisms that allow for the kinds of things described here also benefit the "legitimate" bulk email industry.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Freethinker
Picture of sigfreund
posted Hide Post
quote:
Originally posted by ensigmatic:
keyring


What is a keyring in this context?




6.4/93.6
___________
“We are Americans …. Together we have resisted the trap of appeasement, cynicism, and isolation that gives temptation to tyrants.”
— George H. W. Bush
 
Posts: 47833 | Location: 10,150 Feet Above Sea Level in Colorado | Registered: April 04, 2002Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by sigfreund:
quote:
Originally posted by ensigmatic:
keyring

What is a keyring in this context?

Electronic keyring. A repository for credentials. Typically user identities and passwords. E.g.: In my keyring record for SIGforum I have:

  • My SF handle
  • Password
  • SF's URL
  • The email address I list in my SF profile
  • Notes associated with SF

The URL may seem superfluous, but copy-n-pasting a URL from a keyring is a way to make sure you don't typo the URL and accidentally enter your credentials into a spoof site set up to collect legitimate credentials.

I also have records in there for things not Internet-related. Essentially every last bit of sensitive information in my life is in there. That is why I'm so careful with it Wink



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Go Vols!
Picture of Oz_Shadow
posted Hide Post
I posted similar here a while ago with a means to search Avast for leaked passwords.
 
Posts: 17944 | Location: SE Michigan | Registered: February 10, 2007Reply With QuoteReport This Post
Member
posted Hide Post
I've been using Lastpass (free) for several years. All the keyring type of data as ensigmatic describes is stored in the cloud. You can download backup copies of all your lastpass data and store it separately if you like.

"Data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass' servers, and are never accessible by LastPass."
 
Posts: 2381 | Registered: October 24, 2007Reply With QuoteReport This Post
I'll use the Red Key
Picture of 2012BOSS302
posted Hide Post
I just googled "V-Tail pleasuring himself" and man I will pay anything not to see that again. How many bitcoins do you need?




Donald Trump is not a politician, he is a leader, politicians are a dime a dozen, leaders are priceless.
 
Posts: 3820 | Location: Idaho | Registered: January 26, 2014Reply With QuoteReport This Post
Member
Picture of erj_pilot
posted Hide Post
quote:
Originally posted by V-Tail:
quote:
That would be rather difficult, since my "computer" or "monitor" doesn't have a camera.
They can always get you via your phone! Eek
All they'll see is the ceiling!! Big Grin



"If you’re a leader, you lead the way. Not just on the easy ones; you take the tough ones too…” – MAJ Richard D. Winters (1918-2011), E Company, 2nd Battalion, 506th Parachute Infantry Regiment, 101st Airborne

"Woe to those who call evil good, and good evil... Therefore, as tongues of fire lick up straw and as dry grass sinks down in the flames, so their roots will decay and their flowers blow away like dust; for they have rejected the law of the Lord Almighty and spurned the word of the Holy One of Israel." - Isaiah 5:20,24
 
Posts: 11066 | Location: NW Houston | Registered: April 04, 2012Reply With QuoteReport This Post
Member
posted Hide Post
You sure he didn't video you eating ribs?
 
Posts: 17294 | Location: Lexington, KY | Registered: October 15, 2006Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  What's Your Deal!    Hacker Emailed Me To Say That S/He Recorded Me "Pleasuring Myself"

© SIGforum 2024