Thursday, February 17, 2011

I'm now a hacker. All your crumpetroom are belong to ME.

I accidentally hacked into a stranger's gmail account yesterday.  Repeatedly.  But I had no idea I was doing it.

Years ago, I had an address that was just for event planning, and was set to re-direct to my commonly-used address.  I thought I would use that address for my new twitter account, but twitter said it was already used.  We'll say the address was crumpetroom@gmail.com (if this is a real address, please forgive me).  "Hrm... why am I using crumpetroom@gmail.com on twitter? I'm not even on twitter," I thought, and decided maybe I should check in and see what was happening.  Password denied! I don't know what harebrained password I was using two years ago, but nothing was working, so I tried my security question:
Does poop smell bad?
...yes?  Me and J and our old roommate were kidders, and there was no dearth of poot jokes in our home, but "Does poop smell bad?"  That's just not even smart.  I typed YES, which wasn't right, then tried NO.  Success!  I guess I was banking on someone unable to ever type a lie of that magnitude.  Or maybe I was just really confident at that time?  Who uses a yes or no answer for a security question? When you get two guesses?  This guy?

So I am in my old account, and there are no emails. No labels that I've made. People in the gchat list THAT I DON'T KNOW.  I went to the account settings and saw that it was re-directing to another email, so I emailed that person and told them I had filed a complaint with Gmail and he/she would be summarily booted.  Ha!

Soon after I receive an email:
I signed up for this gmail account years ago.  i'm not sure how you obtained access to it, but if you notice, the user name is K** ****, which is my other gmail account.
Oh, really huh? You think you can just squat in crumpetroom@gmail.com and make it yours? I've had that account for years... I... my.... my account was thecrumpetroom@gmail.com, wasn't it?

Yeah, I tried that, and got in immediately.  What I had done was hack into an innocent woman's email account and send her a menacing message, all because I couldn't remember that I'd put "the" at the beginning of the username.  Damage control!

OH MY GOD
I am so sorry.  I just figured this out. I was just a few letters off on the user name, which I haven't used in years.  Please forgive me.  But you really should beef up your security question to something that isn't yes or no.  I am not a hacker, but I was able to get in really easily.

 She was really nice about it, and responded with lots of Eastern emoticons (O.o) and said she figured I wasn't a hack from all my "nice little tweets".  I would have looked myself up, too, if some crazy person had commandeered my account.  Really, she was very, very kind about it, when she did not have to be.  Thank you, true owner of crumpetroom@gmail.com.  Oh, internet.

So, make sure your security password is not "Does poop smell bad?" and also keep up with what accounts you actually own.  And if you want to have more than one twitter account on one email, just put a period in there somewhere (cru.mpetroom = crumpetroom).  Twitter ain't that smart.

When I do something stupid, from now on it will be referred to as "going to the crumpet room".

6 comments:

  1. I've done this with my rarely used Amazon account, but in that case, it did turn out to be someone else accessing my account--with my credit card info, address, and everything. Good thing the other person involved in this was so nice about it though! And it makes a good story.

    ReplyDelete
  2. I'm nervous about my various passwords and accounts, and trying to change them. Just can't remember everything. After the big Gawker hack, I should really just settle on some unimportant password for commenting and a crazy long one for everything else. Even though I hate changing my work password every 90 days (I work at a university) it's kind of fun coming up with them.

    ReplyDelete
  3. Impressive. And, entertaining. Have you read this article from the NYT awhile back about passwords? It's pretty interesting.

    http://www.nytimes.com/2010/01/21/technology/21password.html

    ReplyDelete
  4. Nice one. Oh, and I can imagine that used in a Daily Show segment:

    "We now cross live to the Crumpet Room..."

    ReplyDelete
  5. Four words: Library (of) Congress call numbers.

    @Samtron That article made me sad. Do people use "password" because they think no one will believe them stupid enough to use it?

    @Sanna Welcome! Maybe I should register that username with the password moortepmurc.

    ReplyDelete
  6. I do have a short password for "unimportant" things like submitting reports on papers. If someone else hacks it and does my unpaid work for me, welcome! It is even reasonably secure (esp. compared to a yes/no question) but somewhat compromised by being the same for so many things. For my more secure passwords, I have a pattern to come up with them, so there is a chance I remember them.

    ReplyDelete

Registration isn't necessary, but please don't post as "anonymous".