Slashdot Mirror
Ask Slashdot: How To Track a Skype Account Hijacker?
An anonymous reader writes "My Skype account was hijacked, which I discovered after Skype suspended it for suspicious activity, including a number of paid calls and an attempt to debit my card. Now that I've secured the account again, I can see the call history — there are several numbers called in Senegal, Mali, Benin and Philippines. Obviously I could call them myself and create a bit of havoc in their lives, but ideally I'd like to trace the hijacker himself — perhaps with some kind of 'social engineering' approach. Or is it just a waste of time?" How would you do this, and would you bother?
Sadly there's no point in bothering. It could be that the numbers they called are 'premium' numbers and its possible that your account is gonna get charged a whole ton of money from those 'services' that were set up specifically for this kind of thing.
Reddit seems to be fantastic at finding people on the internet given the flimsiest leads to their identity... sure they may get it wrong now and then, but hey... them's the breaks.
Set the password back to what they knew, wait for them to login and hijack it (another account friended) and use one of the sites that use the debug version of skype to obtain their ip. Then contact the ISP and say that either this illegally hijacking accounts or their IP/systems have been compromised. Don't forget to disassociate any cards prior.
1] Post the numbers dialed to 4chan
2] Wait for the onslaught of harassing calls
3] ???
4] Profit
Won't Skype tell you the IP that was used by the thief?
Is it possible that the hijacker was selling calls to other people, possibly immigrants, maybe even illegals. If so, the numbers called may have no direct connection to the hijacker, rather each olne of them may know a different someone who knows the hijacker. So you could be looking for the common factor between the people who made the calls to the numbers that you have. I'm not sure that it will be easy to find that common factor. After all, you have Jim and Bill and Fred's numbers; Sue called Jim, Anne called Bill, Jenny called Fred; Sue, Anne and Jenny all know Henry .... so if you have Jim and Bill and Fred's numbers, and don't even know whether Henry exists or not, how do you find Henry?
The account was possibly being used for voip fraud. Voip fraud is typically the practice of hijacking a VOIP account (sip/skype) and then calling some foreign country exchange that has a stupid high per minute rate (that the called party gets a cut of). The called party is usually in on the scam but good luck getting any realistic amount of cooperation due to local corruption at the called party end (almost always third world countries).
Do you think someone broke into your Skype account to call 5 random countries? They're all toll numbers in Africa. The damage is done and you lost
-Bucky
Just let it go. It's not worth the time or the hassle.
You need to use the same kind logic as when buying a used car.
1. Do not assume you can outsmart them or that they have made glaring mistakes
2. Realize they do this professionally, that is, spend years eating and breathing this type of activity
3. Realize if there was some way to retaliate or gain an advantage, they wouldn't be doing this for a living.
4. Re-evaluate your position.
while(1) attack(People.Sandy);
If you are the type of person who get satisfaction out of revenge - well,hell yes, then go for it. In that case, even trying may get you some. Otherwise - forget it. You are not going to get any gain or benefit out of such an action. And forget about the author(s) being punished or even getting into mild trouble with the police or justicial apparatus of any country whatsoever.
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
Look at the places they called. Likely the hijacker is somewhere in a developing country. Unlikely to be the same country where the poster lives. The ISP will not care, as long as their bills are paid.
Enjoy life! This is not a dress rehearsal.
Which part of "Microsoft product" did you not understand?
If you have a problem, if no one else can help, and if you can find them, maybe you can hire the A-Team.
"I am a lawyer representing a senior banking official in Nigeria, who recently died leaving $10 million untraceable... and I am able to pay you to help me find the rightful heir..."
"Cock Up Your Beaver" does not mean what you think. This sig is intended to clog filters and annoy do-gooders
I had a similar experience - my account was emptied of its five GBP of credit.
I emailed Skype - "there have been fradudent calls, I've changed my password".
Their reply? (slightly paraphrased)
"You must have been responsible for the breach, as our security is perfect. We do not refund fraudulent calls due to customer error. We've locked your account, so you'll need to send us proof of ID (passport copy, etc) for it to be unlocked."
The key problem with this reply is that a *customer* asserting an event is a fraudulent call does not make it a fraudulent call.
What if they have bugs in their billing software?
Skype only cared about not issuing compensation. Needless to say, I've never told anyone my skype password and my laptop at the time of the calls was in for repair, where I had removed the SSD drive before sending the unit off. Also needless to say, I've never unlocked that account or spent another cent with Skype. Thankfully, GoogleTalk came out just at the right time. Thank God for choice.
The hacker may have been involved in drug smuggling or terrorism or what not. Do not get involved. Be happy you got your Skype account back and move on.
They're most likely either (1) disconnected numbers, (2) toll numbers that will rack up massive charges, OR (3) Numbers that the thief sold innocent 3rd parties "cheap long distance minutes" to, through fraudulent schemes.
Don't engage yourself in placing international harassing phone calls to "create havoc" in random people's lives; that would be you committing a crime. ,
How would he be breaking the law? And where is he suggesting hacking?
I think the thought was he could somehow use the numbers the thief called (ie people the thief knew), but it sounds like those were scam toll numbers or something else that wouldn't be helpful.
I stole this Sig
Or is it just a waste of time?
That, at best.
Old saying: There's always a sucker in a game of poker. Look around the table. If you don't see him, it's you.
Never play criminals on their home turf. They are doing this for a living, you don't. Guess who's better at the game?
Assorted stuff I do sometimes: Lemuria.org
Minority report, precrime, congratulations.
delete me
If you knew enough to solve this problem you wouldn't have this problem. Since you don't any attempt is just going to give you more new problems you are unable to resolve until you find yourself clad in latex and wearing a ball gag. Give it up.
Help stamp out iliturcy.
Seriously
Surely you have better things to do in your life than troll around here and issue such nonsense. On that note, I'm going to get back to my life and go to sleep. You may continue to troll along as you choose.
It's really quite a simple choice: Life, Death, or Los Angeles.
Was to on sell your Skype out credits, by social engineering some random pstn endpoints your just increasing the bad karma noise floor, and because we all live in a closed ecosystem, your only throwing it in your own face. Just be good johnny
Look on this as hard earned experience to use better passwords in the future.
The tubes are the wild wild west, and anyone who thinks otherwise is delusional.
Just move on, and don't waste your time.
I recall many years ago being hacked by someone. Reformat, learn from the experience, and move on.
Seems like a lot of people agree with this "troll" if he's already gotten Score:5.
Apparently being anti-Steam is grounds for insults, even if there's basis. I shall learn to keep my mouth shut.
Myself included. There's almost certainly nothing to be gained from embarking on some CSI inspired e-detective work.
If AC is a troll, fair enough but by such a broad definition the same is true of Mendax. The only difference I see is that the AC opted for humour over Mendax's calling card for why he/she probably doesn't get invited to many parties - at least not a second time.
-- Using the preview button since 2005
Right, because nobody ever.. oh, I dunno... tricked a 419er into hand-carving them a wooden C64 or anything like that?
game theory, tit for tat. furthermore, it's at this stage a thought experiment which plenty of people are happy to engage in so there is expansion of the mind, exchange of ideas.
"get a life" was incredibly rude, and pure hypocrisy from a slashdot surfer. i would love to hear what you and the AC do with your sorry bitter lives...
i'm not joking. i would love to hear it, please spill for us
airchile doesnt exist.
You've have to be pretty short-sighted to believe that telling someone to "get a life" means that the accuser is a bitter person. Some people need to be put in their place, even the nicest people know when to put their foot down and tell it like it is.
Apparently being anti-Steam is grounds for insults, even if there's basis. I shall learn to keep my mouth shut.
call the numbers. in each case, social engineer a meeting. travel to meet them, surprise them, and torture out of them what they know about the original caller. take their contact list, lather, rinse, repeat. it's not guaranteed success, but will be a hell of a lot of fun along the way.
bonus: you might get to meet kevin bacon.
OP's plan is exactly what the long distance companies did when phreakers would use found phone numbers to call friends around the country. You needed to have forgetful friends because the company would call them up and ask who called. Phreakers would usually use payphones, which were plentiful back then.
he said "seriously", don't leave that out, but yes, we agree, that's why i put my foot down and told it like it is.
the best most famous magicians today started as kids with goofy magic tricks. there is nothing wrong with somebody being violated and thinking through how to crack the case and hunt down the perpetrator, even to the point of obsession as he might be able to figure it out. there is nothing wrong with that.
I'm still waiting to hear activities that you consider to be a life. Whatever you say is going to either sound silly or ridiculously lofty, and we'll make fun of you and ask you why if you have such a "life" you are prowling around slashdot, but you won't tell us will you, you bitter loser.
First ask yourself " What do I have to gain from this?" The answer I am sure is an overwhelming, Nothing. Be safe my friend.
File a report with the FBI or police. With the bombing in Boston, you never know. Let the authorities look into it.
Which part of "Microsoft product" did you not understand?
This perpetual motion machine Lisa made is a joke, it just keeps getting faster and faster. - Homer
Get a job at the F.B.I., and then go out at night dressed like Batman. The rest I think you can figure out for yourself.
Then , to ensure no one will ever sex you up, put your glasses on over your underwear so you can wander around Slashdot flailing your arms and making noise like Jerry Lewis.
Rule 1 of /. -- if you're posting drunk, post anonymously.
Seriously, where are mod points when you need them?
> "I can see the call history — there are several numbers called in Senegal, Mali, Benin and Philippines."
Don't bother -- you'll just be hassling some expat's grandma or sister. The account was probably hacked and immediately rented out on the black market. Now, the expat certainly realizes it was hacked, and would deserve it, but the hacker is long gone, probably hundreds of victims down the road already.
(ring ring)
"It's Queef calling from America!"
(answers)
"Hello?"
"You asshole hacked my Skype!"
"Oh no! Queef's account has been hacked! It's some fat American yelling something."
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I'm still waiting to hear activities that you consider to be a life. Whatever you say is going to either sound silly or ridiculously lofty, and we'll make fun of you and ask you why if you have such a "life" you are prowling around slashdot, but you won't tell us will you, you bitter loser.
Oh noes! AC, with his Wikipedia-provisioned psychology degree and at least one foot on the floor is well on truly on to us. Help ma boab - better scarper!
-- Using the preview button since 2005
My cellphone was stolen from my car and then recovered (it was found in the middle of the street). I called the long-distance numbers, pretending that I found the phone and wanted to return it to the owner. The people called (teenagers) were surprisingly helpful and I got the name and local address of the teen that called them who was staying with his uncle. I turned the info over to the police who told me that the loss was actually incurred by the phone company (charges had been refunded) and I was not "harmed" so there were no charges to press, plus the kid could claim that he "found" the phone and did not break into my car. But the detective did talk to the uncle and told me he thought the uncle was going to beat the kid's ass and send him back to Louisiana since the kid had been a problem since he got here. Good enough for me whether true or not since it was all that could really be done.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Where you using a weak password or something?? Otherwise, can someone please explain how a Skype account can just get "hijacked". Or was it some undocumented hack/exploit (meaning anyone is vulnerable at random).
Life is not for the lazy.
A quick check of VIATALK rates to Philippines $0.2693
Nigeria $0.1905
Nigeria Cell typical, varies.. $0.1966 - $0.2505
The truth shall set you free!
Someone brought a subscription to call Jordan, burned through it (you don't get many minutes to jordan) brought $10 credit, used that, then that was the end of it. Both were debited from my paypal account.
Skype were horrendously unhelpful, insisting my account hadn't been hacked, but I needed to reset my password multiple times on their insistence anyway, and refused to entertain the idea of a refund because I had allready "used" the credit. Thankfully paypal stumped up the refund, I got some BS boilerplate from skype about breach of terms, and nothing has happened since. My assumption to this day is that it was a fault their end, there used to be some sort of bug where you could log into the user forums with your credentials, only to find out you were on someone elses account, so security doesn't seem to have been their strong point.
I still use skype, and I still pay via paypal, however as soon as I'm done shopping I log back into paypal, and imediatly remove skype from my preapproved merchants list (its hidden under "my money" or something similar, I had to google it)
take a bounty hunter course or something.
game theory, tit for tat
But I thought tit for tat with forgiveness beats pure tit for tat.
And not only creepy, but possibly illegal.
Regardless of additional modifiers: tits always beat tats.
Unequivocally the realest of the realz...
They don't give drunks, mod points, you sot!
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
The original poster has not stated that he knows how his account was hijacked.
His first priority should be to understand the how the hijack happened and take measures to makes usre that it won't happen again. Regaining control of the accoount again is not sufficient.
The real "Libtards" are the Libertarians!
Regardless of additional modifiers: tits always beat tats.
Man boobs.
William of Ockham had no beard. The most likely explanation is that it was chewed off by squirrels every morning.
Want some food? I'm your best friend.
Play time? I'm your best friend.
Any other time? FU, GTFO
I love 'em :-)
It gripped her hand gently. 'Regret is for humans,' it said.
If you were stupid enough to allow your account to get hijacked in the first place the best thing you can do is stay off the Internet until you've learnt proper security measures
Why are you still using Skype, then?