Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How To Track a Skype Account Hijacker?

Posted by timothy on from the hi-from-indonesia dept.

An anonymous reader writes "My Skype account was hijacked, which I discovered after Skype suspended it for suspicious activity, including a number of paid calls and an attempt to debit my card. Now that I've secured the account again, I can see the call history — there are several numbers called in Senegal, Mali, Benin and Philippines. Obviously I could call them myself and create a bit of havoc in their lives, but ideally I'd like to trace the hijacker himself — perhaps with some kind of 'social engineering' approach. Or is it just a waste of time?" How would you do this, and would you bother?

41 of 152 comments (clear)

  1. No point by Anonymous Coward · · Score: 2, Interesting

    Sadly there's no point in bothering. It could be that the numbers they called are 'premium' numbers and its possible that your account is gonna get charged a whole ton of money from those 'services' that were set up specifically for this kind of thing.

    1. Re:No point by BrokenHalo · · Score: 5, Interesting

      Sadly there's no point in bothering.

      In this instance, I might disagree. Given that those calls were (according to TFS) made to Senegal, Mali, Benin and Philippines, that in itself might be construed as suspicious. You could pass the information on to the FBI and tell them you are concerned your account could have been used for terrorist activity. Let them come down on the perps.

  2. Ask Reddit... by JJJJust · · Score: 5, Funny

    Reddit seems to be fantastic at finding people on the internet given the flimsiest leads to their identity... sure they may get it wrong now and then, but hey... them's the breaks.

  3. get their ip by ZeroNullVoid · · Score: 3, Informative

    Set the password back to what they knew, wait for them to login and hijack it (another account friended) and use one of the sites that use the debug version of skype to obtain their ip.  Then contact the ISP and say that either this illegally hijacking accounts or their IP/systems have been compromised.  Don't forget to disassociate any cards prior.

  4. Post numbers by Anonymous Coward · · Score: 5, Interesting

    1] Post the numbers dialed to 4chan
    2] Wait for the onslaught of harassing calls
    3] ???
    4] Profit

    1. Re:Post numbers by Anonymous Coward · · Score: 3, Insightful

      Neither is my cat. It still catches the mice though.

    2. Re:Post numbers by Gadget_Guy · · Score: 5, Funny

      Actually your cat IS your personal army.

      It may seem like the cat belongs to you, but if it really was your personal army then it would actually have to obey your orders.

      In reality, you are more like a squire to your cat; you attend to the cat's personal needs when it isn't off doing heroic battle against a mouse or bug.

    3. Re:Post numbers by symbolset · · Score: 4, Insightful

      Cats don't belong to people. People belong to cats.

      --
      Help stamp out iliturcy.
  5. I wouldn't start that journey from here by realitycheckplease · · Score: 5, Insightful

    Is it possible that the hijacker was selling calls to other people, possibly immigrants, maybe even illegals. If so, the numbers called may have no direct connection to the hijacker, rather each olne of them may know a different someone who knows the hijacker. So you could be looking for the common factor between the people who made the calls to the numbers that you have. I'm not sure that it will be easy to find that common factor. After all, you have Jim and Bill and Fred's numbers; Sue called Jim, Anne called Bill, Jenny called Fred; Sue, Anne and Jenny all know Henry .... so if you have Jim and Bill and Fred's numbers, and don't even know whether Henry exists or not, how do you find Henry?

    1. Re:I wouldn't start that journey from here by Anonymous Coward · · Score: 3, Funny

      The answer is clear: The hijacker is Kevin Bacon.

    2. Re:I wouldn't start that journey from here by tftp · · Score: 4, Insightful

      Sue called Jim, Anne called Bill, Jenny called Fred; Sue, Anne and Jenny all know Henry .... so if you have Jim and Bill and Fred's numbers, and don't even know whether Henry exists or not, how do you find Henry?

      It's pretty much impossible; not mathematically but practically. First, Jim, Bill and Fred live in different foreign countries. They have no obligation to tell you anything, even if you are a police officer in your own country. But if for some reason they choose to endanger their relatives, they may not know where Sue, Anne and Jenny live. But if you manage to find them, those three are not required to tell you anything (if they are in the USA, at least.) But if you manage to make them talk and they point at Henry, Henry can always say that he used his own Skype account, but the OP "hacked" it to "frame him" because he is "raysis." (Well, that story is being tried by the Boston bomber's mother.) The OP may find himself on the receiving end of a counter-suit, if not of a criminal complaint (doesn't matter if it has merit or not - justice is not based on such trivial things.)

      The OP should pick better passwords, write the loss off, and take this experience as a valuable lesson.

  6. voip fraud by Anonymous Coward · · Score: 3, Informative

    The account was possibly being used for voip fraud. Voip fraud is typically the practice of hijacking a VOIP account (sip/skype) and then calling some foreign country exchange that has a stupid high per minute rate (that the called party gets a cut of). The called party is usually in on the scam but good luck getting any realistic amount of cooperation due to local corruption at the called party end (almost always third world countries).

  7. You're a fucking idiot by bucky0 · · Score: 3, Insightful

    Do you think someone broke into your Skype account to call 5 random countries? They're all toll numbers in Africa. The damage is done and you lost

    --

    -Bucky
    1. Re:You're a fucking idiot by macraig · · Score: 4, Informative

      The last time I checked the Philippines was an island chain, not a territory in Africa. Don't you just sound credible?

  8. Let it go. by six025 · · Score: 4, Insightful

    Just let it go. It's not worth the time or the hassle.

  9. Use better logic by O('_')O_Bush · · Score: 5, Insightful

    You need to use the same kind logic as when buying a used car.

    1. Do not assume you can outsmart them or that they have made glaring mistakes
    2. Realize they do this professionally, that is, spend years eating and breathing this type of activity
    3. Realize if there was some way to retaliate or gain an advantage, they wouldn't be doing this for a living.
    4. Re-evaluate your position.

    --
    while(1) attack(People.Sandy);
    1. Re:Use better logic by dkf · · Score: 5, Funny

      3. Realize if there was some way to retaliate or gain an advantage, they wouldn't be doing this for a living.

      I'm waiting for SIFPTP (Simple Internet Face-Punch Transfer Protocol) to be implemented.

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    2. Re:Use better logic by AHuxley · · Score: 4, Informative

      Yes, in Australia a "Bell" public phone would be taken over and a line of people would form to make at the time very expensive international calls.
      This might be the same digital effort - an account with 'cash' is passed/sold around until it fails.

      --
      Domestic spying is now "Benign Information Gathering"
  10. Only revenge by vikingpower · · Score: 2

    If you are the type of person who get satisfaction out of revenge - well,hell yes, then go for it. In that case, even trying may get you some. Otherwise - forget it. You are not going to get any gain or benefit out of such an action. And forget about the author(s) being punished or even getting into mild trouble with the police or justicial apparatus of any country whatsoever.

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  11. Their ISP won't care by bradley13 · · Score: 3, Insightful

    Look at the places they called. Likely the hijacker is somewhere in a developing country. Unlikely to be the same country where the poster lives. The ISP will not care, as long as their bills are paid.

    --
    Enjoy life! This is not a dress rehearsal.
    1. Re:Their ISP won't care by Joce640k · · Score: 5, Funny

      First become fluent at harassing people in African-French and Filipino.

      --
      No sig today...
  12. Re:What about the IP by ccguy · · Score: 4, Interesting

    Won't Skype tell you the IP that was used by the thief?

    No, they won't. In general companies tell you to contact the police, etc and go out of their way to be useless.

    Some months ago I had someone purchase a plane ticket using my credit card. My bank sent me a SMS when the charge was made (usual alert system, they SMS each time there's a charge). I had the phone with me so I could do something instantly. This is what happened:

    - The charge was made for a plane ticket on Airchile according to the SMS.
    - I called the bank *inmediately* (as the SMS said) to notify them of the charge. Well, guess what, it was a Sunday at 23:00 or so and they were closed. So the bank couldn't help.
    - I drove to the airport to talk to Airchile, which happened to be opened at the time because they was a flight leaving from Madrid to Santiago in a couple hours (I was hoping that the bastard was there). They couldn't help.
    - I went to the police station in the airport and they couldn't help because I needed a bank statement before they could do anything. Really? I have to wait until the end of the month before I can file a report with the police?

    You see - even if you are really willing to track things down and not demand your money back, the other parties involved rarely assist.

    Eventually I got my statement, filed the report (useless at the time of course) and got my money. But I great chance to catch the guy was lost.

  13. You need professional help by tlambert · · Score: 2

    If you have a problem, if no one else can help, and if you can find them, maybe you can hire the A-Team.

    1. Re:You need professional help by DigiShaman · · Score: 2

      The A-Team, always hire the A-Team.

      --
      Life is not for the lazy.
  14. Call the numbers in Africa and say... by CaptainOfSpray · · Score: 5, Funny

    "I am a lawyer representing a senior banking official in Nigeria, who recently died leaving $10 million untraceable... and I am able to pay you to help me find the rightful heir..."

    --
    "Cock Up Your Beaver" does not mean what you think. This sig is intended to clog filters and annoy do-gooders
  15. Customer defined fraud by Anonymous Coward · · Score: 3, Interesting

    I had a similar experience - my account was emptied of its five GBP of credit.

    I emailed Skype - "there have been fradudent calls, I've changed my password".

    Their reply? (slightly paraphrased)

    "You must have been responsible for the breach, as our security is perfect. We do not refund fraudulent calls due to customer error. We've locked your account, so you'll need to send us proof of ID (passport copy, etc) for it to be unlocked."

    The key problem with this reply is that a *customer* asserting an event is a fraudulent call does not make it a fraudulent call.

    What if they have bugs in their billing software?

    Skype only cared about not issuing compensation. Needless to say, I've never told anyone my skype password and my laptop at the time of the calls was in for repair, where I had removed the SSD drive before sending the unit off. Also needless to say, I've never unlocked that account or spent another cent with Skype. Thankfully, GoogleTalk came out just at the right time. Thank God for choice.

  16. Dont get involved. by Anonymous Coward · · Score: 2, Informative

    The hacker may have been involved in drug smuggling or terrorism or what not. Do not get involved. Be happy you got your Skype account back and move on.

    1. Re:Dont get involved. by Psyborgue · · Score: 2, Insightful

      This. And contact the authorities. Those countries do have a lot of terrorist activity.

  17. Don't call the numbers by mysidia · · Score: 4, Insightful

    They're most likely either (1) disconnected numbers, (2) toll numbers that will rack up massive charges, OR (3) Numbers that the thief sold innocent 3rd parties "cheap long distance minutes" to, through fraudulent schemes.

    Don't engage yourself in placing international harassing phone calls to "create havoc" in random people's lives; that would be you committing a crime. ,

  18. scamming a scammer by Tom · · Score: 4, Insightful

    Or is it just a waste of time?

    That, at best.

    Old saying: There's always a sucker in a game of poker. Look around the table. If you don't see him, it's you.

    Never play criminals on their home turf. They are doing this for a living, you don't. Guess who's better at the game?

    --
    Assorted stuff I do sometimes: Lemuria.org
    1. Re:scamming a scammer by Technician · · Score: 2

      You can tie up scammers on their home turf. It is called scam baiting. The scammer gets to spend time and money playing games with your bait instead of victims. I regularly write scammers back. I am most interested in my inheritance of 10.5 million.

      I question my eligibility, write with a fake first name, no last name, and a bait email account with a free US DID phone number. They can email me, text me, call me, etc, while I continue to find out the name of the deceased before I fill out their form to file a claim. (the form is used to make a deceased you could be related to) By not filling it out and probing for the name of the ceceased first, you make them waste time trying to get your info first so the lawyer, barrister, etc can be hired..

      Waste their time, if you have the time to waste on them. You can get free resources. A free email accout, a free VOIP SIP account, and a free DID phone number is a good start to make a fake persona.

      Never send them any money.

      --
      The truth shall set you free!
    2. Re:scamming a scammer by geoskd · · Score: 2

      Never send them any money.

      If you're really serious about messing with one of these guys, sending ten bucks can be well worth the money. If you play it right, even that small an amount of money can keep one of these guys hooked for months, wasting huge amounts of time trying to get more. With a little skill you can sometimes even cause them to spend far more than you have sent (certified mailings, long distance charges. Set up a 900 number for them to contact you, etc...). Its just another variation on the gamblers addiction.

      --
      I wish I had a good sig, but all the good ones are copyrighted
  19. Agree with everybody who said "give it up." by symbolset · · Score: 3, Interesting

    If you knew enough to solve this problem you wouldn't have this problem. Since you don't any attempt is just going to give you more new problems you are unable to resolve until you find yourself clad in latex and wearing a ball gag. Give it up.

    --
    Help stamp out iliturcy.
  20. Re:get a life by mendax · · Score: 2, Insightful

    Seriously

    Surely you have better things to do in your life than troll around here and issue such nonsense. On that note, I'm going to get back to my life and go to sleep. You may continue to troll along as you choose.

    --
    It's really quite a simple choice: Life, Death, or Los Angeles.
  21. Re:get a life by sdreader · · Score: 2

    Seems like a lot of people agree with this "troll" if he's already gotten Score:5.

    --
    Apparently being anti-Steam is grounds for insults, even if there's basis. I shall learn to keep my mouth shut.
  22. Re:What about the IP by markus_baertschi · · Score: 4, Insightful

    Your Bank/Credit card company has no 24h service number for such this ?

    Time to change credit card company.

  23. Easy Solution by LifesABeach · · Score: 2

    Get a job at the F.B.I., and then go out at night dressed like Batman. The rest I think you can figure out for yourself.

  24. I did this by hduff · · Score: 3, Informative

    My cellphone was stolen from my car and then recovered (it was found in the middle of the street). I called the long-distance numbers, pretending that I found the phone and wanted to return it to the owner. The people called (teenagers) were surprisingly helpful and I got the name and local address of the teen that called them who was staying with his uncle. I turned the info over to the police who told me that the loss was actually incurred by the phone company (charges had been refunded) and I was not "harmed" so there were no charges to press, plus the kid could claim that he "found" the phone and did not break into my car. But the detective did talk to the uncle and told me he thought the uncle was going to beat the kid's ass and send him back to Louisiana since the kid had been a problem since he got here. Good enough for me whether true or not since it was all that could really be done.

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  25. How did your account get hijacked? by DigiShaman · · Score: 2

    Where you using a weak password or something?? Otherwise, can someone please explain how a Skype account can just get "hijacked". Or was it some undocumented hack/exploit (meaning anyone is vulnerable at random).

    --
    Life is not for the lazy.
  26. Re:get a life by libtek · · Score: 2

    Regardless of additional modifiers: tits always beat tats.

    --
    Unequivocally the realest of the realz...
  27. Wrong priorities by whoever57 · · Score: 2

    The original poster has not stated that he knows how his account was hijacked.

    His first priority should be to understand the how the hijack happened and take measures to makes usre that it won't happen again. Regaining control of the accoount again is not sufficient.

    --
    The real "Libtards" are the Libertarians!