Is it safe to hack email in a public wifi spot?

Discussion about hacker.org's server
Post Reply
plope0726
Posts: 826
Joined: Mon Dec 15, 2008 10:13 pm

Post by plope0726 »

123123 wrote:you're telling me if someone hacks an email account in a public wifi setting that they will be arrested if they go under for more than 30 mins? i find that hard to believe. the person getting hacked would at least need to contact authorities first, etc. i'm guessing authorities would come into place only after they have been notified and can build their own case.

Forget what koolpop said...

The gist of it is that you can be traced. Perhaps not in the amount of time it takes you to perform the act but as soon as you send a single packet to another network you send information about your computer that can be traced through a series of steps like those I listed previously.

Now as far as you question of would they even bother pursuing something like that, well it depends. An act passed in the 80s called the Computer Fraud and Abuse Act makes it illegal to enter a network without authorization (permission from the owner). So if you even log in to someone else's email without there permission it is considered a crime. Now that person would have to 1. know that it occured. 2. report it to there ISP which would investigate the situation internally and if they felt appropriate may or may not inform the authorities. 3. The authorities would go through the steps of a typical investigation to find the person who committed the crime. Of course depending on who's email was accessed, how often it was accessed, how persistent the owner of the email is and so on, would determine if the authorities would put much effort into finding you. The chances of being traced and caught in the act are slim to none unless the authorities looking for you are in the same location. Now keep in mind that the email server you would be logging into is probably not in the same state as you, therefore the crime has occurred across state lines and the FBI would be responsible for investigating the matter. To be honest, if the person who owns the email reports it to their ISP and say the ISP is hotmail (micrsoft) or yahoo or gmail, they may choose to report it to authorites simply on principle. Especially Microsoft since they aren't to fond of the hacking community anyway.

There would certainly be an investigation before they came to talk to you. But if it's a local thing and they wanted to they could pick you up if they can get to you before you leave the premises. Either way, regardless of whether you've messed with the account or emails in the account, you have still committed a crime according to the Computer Fraud and Abuse Act and depedning on the owner of the email, the ISP and the authorities, they may or may not track you down and try to press charges. It mostly depends on the ISP though since it was their network that you have illegally accessed.
Top
User avatar
koolpop0
Posts: 259
Joined: Thu Sep 20, 2007 11:03 pm
Location: In the binary of this system
Contact:
Contact koolpop0

Post by koolpop0 »

plope0726 wrote:
123123 wrote:you're telling me if someone hacks an email account in a public wifi setting that they will be arrested if they go under for more than 30 mins? i find that hard to believe. the person getting hacked would at least need to contact authorities first, etc. i'm guessing authorities would come into place only after they have been notified and can build their own case.

Forget what koolpop said...

The gist of it is that you can be traced. Perhaps not in the amount of time it takes you to perform the act but as soon as you send a single packet to another network you send information about your computer that can be traced through a series of steps like those I listed previously.

Now as far as you question of would they even bother pursuing something like that, well it depends. An act passed in the 80s called the Computer Fraud and Abuse Act makes it illegal to enter a network without authorization (permission from the owner). So if you even log in to someone else's email without there permission it is considered a crime. Now that person would have to 1. know that it occured. 2. report it to there ISP which would investigate the situation internally and if they felt appropriate may or may not inform the authorities. 3. The authorities would go through the steps of a typical investigation to find the person who committed the crime. Of course depending on who's email was accessed, how often it was accessed, how persistent the owner of the email is and so on, would determine if the authorities would put much effort into finding you. The chances of being traced and caught in the act are slim to none unless the authorities looking for you are in the same location. Now keep in mind that the email server you would be logging into is probably not in the same state as you, therefore the crime has occurred across state lines and the FBI would be responsible for investigating the matter. To be honest, if the person who owns the email reports it to their ISP and say the ISP is hotmail (micrsoft) or yahoo or gmail, they may choose to report it to authorites simply on principle. Especially Microsoft since they aren't to fond of the hacking community anyway.

There would certainly be an investigation before they came to talk to you. But if it's a local thing and they wanted to they could pick you up if they can get to you before you leave the premises. Either way, regardless of whether you've messed with the account or emails in the account, you have still committed a crime according to the Computer Fraud and Abuse Act and depedning on the owner of the email, the ISP and the authorities, they may or may not track you down and try to press charges. It mostly depends on the ISP though since it was their network that you have illegally accessed.
i was being breif -.-

i was saying 30 minutes to ensure that the "hacker" had confidence in what s/he was doing

i never said i was absulty positive i was right on all of this...
Image
Top
123123
Posts: 7
Joined: Tue Aug 11, 2009 4:46 pm

Post by 123123 »

plope0726,

thanks again for all this. it looks like i win the argument with my friend.
Top
MIKEJONES
Posts: 1
Joined: Wed Aug 19, 2009 4:54 pm

Post by MIKEJONES »

i have a solution to all this. plope0726, please let me know if this is correct.

the ipod touch is your solution around everything.

you can purchase an ipod touch with cash so there is no paper trail back to a retail store. you then log into a public wifi network with no cameras around so you won't be caught on camera (or you can log onto a public wifi network outside a building, etc).

you then can hack email accounts at yahoo, hotmail, gmail, etc. toss the ipod touch to eliminate any evidence.

the only issue i can think of is this: cameras that record you making the ipod touch purchase. this however is only an issue if your ipod touch can be traced somehow.

so my question is, can your ipod touch be traced back to you? is there anything regarding the serial code or anything else on the ipod touch where it can be traced back to the retail store you purchased it at?

my second issue has nothing to do with the ipod touch: hacking many accounts can be potentially traced back to one person via association. if someone hacks accounts of people they have worked with, gone to school with, friends with on social networking sites, etc. then the association is there. this however is only an issue if one person can be singled out in the first place as the culprit.

let me know what you guys think. is an ipod touch in a public wifi area totally safe?
Top
plope0726
Posts: 826
Joined: Mon Dec 15, 2008 10:13 pm

Post by plope0726 »

MIKEJONES wrote: is an ipod touch in a public wifi area totally safe?
Well no matter what there is always a risk of getting caught. As far as your ipod touch scenario goes, it once again depends. Well, the end result depends. It depends on how bad they want to catch you. There are ways that it can be traced back to you even with a little device like that. Anything that connects to a network gets an IP address, it has to otherwise it wouldn't be able to communicate. All devices also have a mac address, even small devices like ipods. MAC is the physical address, IP is logical. IP changes depending on where you connect but the MAC address is constant. You can spoof the MAC address but that doesn't actually change your MAC address.

Now just like with a laptop, when you connect to a LAN (a public wifi would be a LAN or MAN) you get a private IP address such as 192.168.1.5 and then there is the public IP of the default gateway. The gateway IP address can be traced back to the location of the wifi you connected to. From there, if logs exist, than the private IP assigned at that time can be traced back to the MAC address of the ipod. Every device has to have a unique MAC address and unless you spoofed your MAC on the ipod then logs would show that IP address assigned to your MAC address. Since MAC addresses are unique it is possible to be trace back to your device through the manufacturer, because you can be certain that they keep records of which device gets a certain MAC address. With the serial number they can then find out what store that device was shipped to. The store should have records of the transaction regardless of payment method. So based on the time and date that device was sold they can look at video to see who may have bought the device. And even if there are ten registers with someone making a purchase at each during that time, the records should show which register it was purchased at. Now assume you bought it off the street or bought it used from a friend, then its harder to track, but they can interview your friend who, after a little interrogation will probably talk.

Now keep in mind that law enforcement has to obey certain rules when it comes to evidence and investigations. So it would be pretty hard for them to get you. But if they really wanted to put forth the time and effort they can catch you. Now even though they may not come after you it is still possible for them to track you down.


As for your other question one main thing to remember is that if you get caught doing something and they take your computer and find all the evidence, if you prove that more than one person has access to the computer, than the case will likely be thrown out (in the US). (don't expect law enforcement to play by the rules 100% of the time though) Also, you would need to do more research on this, I know there have been cases where this happened,but that is just a brief explanation of it and I'm no expert on law, so don't assume that if this is the case it's open and shut.

To be honest there are so many variables with all of these situation that it's two seemingly identical situations can have two totally different outcomes. Just know that there really is no 100% risk free way to commit any kind of crime. There is always a chance you will get busted. Also keep in mind that private companies like ISPs for example aren't bound by the same restrictions law enforcement would be bound to.
Top
User avatar
koolpop0
Posts: 259
Joined: Thu Sep 20, 2007 11:03 pm
Location: In the binary of this system
Contact:
Contact koolpop0

Post by koolpop0 »

hmm, well if you bought the ipod like a month before and went to a i don't know a caribou coffee but didn't make a purchase and loitered outside with a cup one could accomplish this and steal a email? not for long of course... maybe even have a friend talking with you to avoid suspicion.

Since this is all hypothetical of course...
Image
Top
User avatar
sabretooth
Posts: 61
Joined: Sun Jul 12, 2009 3:13 pm

Post by sabretooth »

and while we're at it why not hack via a mobile phone whilst at the bottom of a bungee jump.
:wink:
Top
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Post by PaRaDoX »

sabretooth wrote:and while we're at it why not hack via a mobile phone whilst at the bottom of a bungee jump.
:wink:
I don't see why not <3
Image

~You are a glitch in my reasoning.
Top
User avatar
Zaffron
Posts: 491
Joined: Thu Dec 18, 2008 12:18 am
Location: Invading a small country

Post by Zaffron »

that would be epic if someone could keep the concentration required for hacking while bungee jumping :O
Read, know, do. Discuss topics of ANY kind, including unconventional or taboo topics. Free speech, open minds, alternative thinking. http://www.totse2.com
Top
User avatar
koolpop0
Posts: 259
Joined: Thu Sep 20, 2007 11:03 pm
Location: In the binary of this system
Contact:
Contact koolpop0

Post by koolpop0 »

Zaffron wrote:that would be epic if someone could keep the concentration required for hacking while bungee jumping :O
in the 2001 movie "Swordfish" Stanley Jobson cracked a government computer in 1 minute while a gun to his head and getting a blow-job.

But of course that was a movie ;P
Image
Top
User avatar
sabretooth
Posts: 61
Joined: Sun Jul 12, 2009 3:13 pm

Post by sabretooth »

koolpop0 wrote:
Zaffron wrote:that would be epic if someone could keep the concentration required for hacking while bungee jumping :O
in the 2001 movie "Swordfish" Stanley Jobson cracked a government computer in 1 minute while a gun to his head and getting a blow-job.

But of course that was a movie ;P
must have been a pretty bad blowjob :lol:
Image
Top
pedromalta
Posts: 22
Joined: Wed Apr 13, 2011 12:00 am
Location: Vila Velha
Contact:
Contact pedromalta

Post by pedromalta »

lol, that is a funny topic!

Everything depends on what kind of e-mail are you invading, and what kind of shit you're doing with it, so, even if the people that are on the other side are really good they would have to understand what you're doing to do legal thing, and that takes time, days, weeks....

I live in brazil, i'm pretty sure FBI won't come in my door, even if i put AOL down for a couple minutes(something that i'm really sure i would never do, lack of skills)...

1st tip: get to know the public access you're using
Ex: my college uses a certificate, means they have my name at all times associated with my computer, i never try fun stuff there

2nd tip: find a really lame access point, one that has no logs, cameras, one that don't even know you're there(like the one in the college cafeteria, that don't even have an antenna and is WEP encrypted) and them use that access point to access another lame router, and then through a lame proxy and so forth...

3rd tip: change your mac, macchanger do the job for linux, or, if you're really serious on what you're doing, buy a used chinese cheap USB Wireless device on a pawn shop, and after you do your stuff burn it...

4th tip: do it on a live-distro like backtrack, live-distros never have any personal information... even if they do find you, you would left a trace like "linux machine" not "pedromalta-mobile".... and yet, "linux machine" simply disappear when you remove the DVD!

5th tip: Burn the live-distro dvd

6th tip: Burn your computer... what can i say, i like to burn stuff...

Have fun
sudo apt-get a life
Top
plope0726
Posts: 826
Joined: Mon Dec 15, 2008 10:13 pm

Post by plope0726 »

Burning can be fun, just make sure it's in a controlled environment. Safety first!

To add, a rather simple way to hide yourself, which goes with what pedromalta said, is find a residential wifi connection (a neighbor's?) that is open, or if they are using WEP, that's an easy crack. WPA/WPA2 can be a little more challenging but all you need is 1 WPA handshake and you can throw a dictionary at it. Using a a Live distro like BackTrack is perfect for this because like pedromalta said, it has the macchanger tool, everything is in RAM, so all data is typically wiped after a shutdown/reboot, and it has all the tools needed to crack wireless.

If the neighbor is close enough you can sit in your living room. Everything would be traced back to your neighbors IP and chances are they are using a linksys or something which doesn't keep a lot of logs.
Top
Post Reply

Return to “The Hacker's Server”