![Robin Blandford [ ByteSurgery.com ]](http://www.bytesurgery.com/blog/wp-content/themes/starkers/images/blank.gif)
01/07/08 CAO Application Hacked At Last Minute
CHICAGO, UNITED STATES - A more serious tone of post. Doing a last minute check before the closing of the CAO today a relative noticed their course options had been changed without them doing it. After changing them back to as they were set in January they rang the CAO for confirmation if it was a bug. CAO confirm the date/time of the last change was a week ago and an outbound email was logged to their address to confirm changes. This email had never appeared in the inbox.
With 15 minutes to go before closing of options today and while on the phone to the CAO the conversation went something like this… “did you just change them again?”, “no”, “well someone’s changing them now again”. And yet again, the change had been made again with just minutes to go. Malicious.
It’s too uncanny. The swap is very exact, putting a specific course at the bottom and raising another to the top - it’s done to look almost invisible without a keen eye. I don’t think the CAO is compromised, I think the person had my relatives web mail password and was using the ‘password-reset’ on the CAO site to get into that and then permanently deleting any incoming mail in the inbox to hide their tracks. Pretty well thought-out, eh.
So - questions…
- has anyone heard of this happening wider, could it be something at the CAO?
- or could it be once-off, as I expect, someone known who saw a password over a shoulder?
- if getting an IP address from the CAO fails, how would you identify them?
Oh, and it wouldn’t be so bad if this story got to the media tomorrow, lessons to be learnt from this.
-Robin.
8 Comments
If your cousin was willing to talk to a journalist then I think it might become a story alright.
That’s pretty frightening, hope they got it all sorted out in the end. I can’t believe someone would be so malicious like that. I’ve never heard anything like it.
2 questions spring to mind:
1) when your relative changed the options back to the correct ones before calling CAO, did they receive a receipt of change notice that time?
2) Has the webmail account been checked to see if any specific auto-forward rules have been set up on it?
1/ Yes.
2/ No forwarders. Looks like they had the password and were deleting all CAO correspondence they generated.
Well that’s good news at least, simply changing the webmail password will stop this - I’d suggest changing answers to security questions on the webmail account too, if that’s possible - but then Robin has probably already thought of that!
I can see this coming up as a future discussion topic at BarCamp - most people think passwords = bank/money issues, but the options for damage are much more wide-reaching…
That is really really horrible and a very nasty thing to do to someone.
Scary. Hopefully nothing like that’ll happen again. ;)
02/07/08 Theinconsoleableclosefriend
Well, Its amazing no world wars little tension’s and theres still absulote ass….. out there.
