My girlfriend thinks she may be a victim of identity theft. She has dial-up at home, so she decided to use someone else's wireless. This morning she found out her password to her school account and aim were changed. She also bought some things over the internet, so she thinks this guy may have her credit card numbers. My guess is that whoever's network this is is the guy who stole her shit. My question is, would it be overly difficult to connect to his network, sniff it, and see if I can recover it using Etehreal or something like that? Are Aim passwords encrypted when sent over the network?
So let me get this straight, she used someone elses wireless and she lost her passwords and shit. Well no shit. What the hell was she using someone elses wireless for, and what was she expecting to happen because of it?
So let me get this straight, she used someone elses wireless and she lost her passwords and shit. Well no shit. What the hell was she using someone elses wireless for, and what was she expecting to happen because of it?
I agree, it's not generally the smartest thing to do, but that doesn't give him the right to compromise her accounts like that. If anything, he needs to encrypt his network. Either way, I'd like to help her get her stuff back. And perhaps change the asshole's router password or something after setting encryption on it so he can't use his own router.
1.) It might be apathy. My network was unencrypted for quite a while, though from what Mantra told me Aim passwords are Md5 encrypted, so I doubt whoever this was he got her password from her Aim account. I guess she uses the same password for aim as she does for other things.
2.) She's 2 and a half years older than me. She's in college. However, I do have a credit card...
I know a person with an open router and a redirect for unauthorized MAC addresses to a page of viruses. Just because someone doesn't secure their network doesn't mean they don't know how. If this person is in a place where they are likely to get a lot of random connections, they very well may have a sniffer and data miner because they derive pleasure from causing others pain. On the other hand, if the network was in the middle of nowhere and there were lots of secure networks in the area, I doubt even the most depraved would go to the trouble.
As far as Singapore goes, there, you can get cained for spitting your gum out on the ground; I wouldn't use them as a judge of sane judiciary process.
2.) She's 2 and a half years older than me. She's in college. However, I do have a credit card...
Well, that's a little creepy unexpected.
WetWired said:
If this person is in a place where they are likely to get a lot of random connections, they very well may have a sniffer and data miner because they derive pleasure from causing others pain.
As far as Singapore goes, there, you can get cained for spitting your gum out on the ground; I wouldn't use them as a judge of sane judiciary process.
they very well may have a sniffer and data miner because they derive pleasure from causing others pain.
IMO if someone is using someone elses wireless connection without permission and the owner of the wireless connection does something malicious, the person using the wireless connection without permission deserves it.
It kind of reminds me of the stories you hear about a burglar breaking into someone's house, hurting himself by tripping on something or what have you, and then suing the owners of the house for his injury. Pretty damn stupid.
More like, if you come in my house without permission, whether I've got my door locked or not, you deserve anything that happens to you because of it. It's you're own damn fault for coming in.
Hmm, I'm using my neighbor's wireless connection I believe. It's somebody on my block, that's for sure. I have no idea how I can just connect to it without any problems. It's sweet not paying for internet though.
So this leaves me vulnerable for anything he/she may try to do?
Well, the site should be using SSL if they handle credit card info, but with enough computing power and free time, sure, why not? More likely, it starts with using an unsecure service like webmail. From there, they can reset your paypal password and find out your bank account number and so forth.