"Getting Hacked"

The internet sure is a fine institution.  You can meet all sorts of lovely people, like me!  Unfortunately you can also meet some unlovely people like the ones who thought it would be a good idea to hack into my live.co.uk email account and start sending some messages advertising some shopping place.

Having your email account hacked is very annoying and I was very curious as to who did hack my account, where they were and how they did it.  How they did it was particularly important to me as I don’t want to find out that I know have some malware somewhere that’s bent on taking down my computer.

The first place to look when tracking down emails is in the headers.  Each email client and server will produce quite different sets of headers, so if some virus was telling my Outlook to send a load of emails, I’d soon know.  The good news is that the headers from the spam mails were very different from the headers of a typical outlook mail (which helpfully include the ‘X-Mailer: Microsoft Office Outlook 12.0’ header that was absent from the spam messages).

The second giveaway header was the X-Originating-IP header that appears to be added by Hotmail’s servers.  A typical email from me will have an X-Originating-IP header of 94.8.208.208, my public IP address at the time of writing, which a lookup at ripe.net’s database will confirm belongs to Sky.  The spam messages have an X-Originating-IP of 213.233.93.241, which is quite different from the block allocated to Sky.  In fact RIPE confirms that 213.233.93.241 belongs to a Romanian ISP going by the name of Mobifon, which Wikipedia suggests is mostly owned by Vodafone Romania.

So it looks like the panic is over.  Some Romanian hacker managed to fiddle my password (which given my password policy was never going to be difficult, and which I’ve now changed) and send a load of emails.  From the looks of things all the URLs point to hacked servers hosted all over the world that redirect to a site selling viagra that, you guessed it, is hosted in Romania.

The moral of the story then is passwords, passwords, passwords.  Unlike me you should do the right thing and have a complex password that is different on at least your main accounts so you don’t end up entering the same short password into all your online accounts and giving up your secrets to anyone with sneaky access to a server.