Thursday, July 26, 2012

Hacked!

After being on the internet since 1995, yesterday was the first time I've ever been hacked -- at least that I know of.

Strange things started happening on Tuesday night. I got an email from Paypal saying that I sent a request to Skype for $100 with the message "Plz send me."

I contacted Paypal to let them know that I hadn't sent that request. Since their requests for payment don't have transaction IDs (that I can see, anyway), I wasn't able to report the exact transaction.

Yesterday at 1PM I got an email from Skype telling me that I had changed my email address to vvaridtel@gmail.com.

I immediately got on my phone and tried to surf over to Skype.com to inform them than I'd been compromised. Unfortunately, Skype.com kept trying to resolve to m.skype.com and I was getting a nice blank white page when I went there. (Still happening today).

I couldn't get to Skype.com from my PC at work since it's been flagged as an improper URL. To say that security at my job is tight is an understatement. As of Monday a "security hole" was closed so that I can't copy any files off of my computer to any external device. Forget about synching my iTunes to my phone anymore.

Eventually I found a URL for the Skype help chat page and, amazingly, it wasn't blocked. I was able to get on with a customer representative where we had a painfully slow chat to basically prove who I was and change the password on my account. That's it. No investigation of how this happened. No reinstatement of the money this person spent calling all over the place.

During this hour-long conversation with Skype, I got a tweet from a friend who informed me of the strange conversation he was having with "me." Here it is for your amusement.

Luckily, I was able to get into Skype on my phone via another way and saw that phone calls had been made that day to Bahrain, United Arab Emirates, Pakistan, Saudi Arabia, and Kuwait. I found out today that these calls had actually been going on since June 30 with most calls lasting 0.00 seconds(?). There had been 425 calls made between June 30 and July 25. I thought that my money was going quickly on Skype but didn't realize just how fast... or why.

Here are the top twenty charges that this person (or persons) made:

DateNumberCountryLengthCost
7/24/12 13:31966591613770Saudi Arabia18:135.190
7/24/12 13:33966508967921Saudi Arabia15:194.380
7/24/12 13:3397334070038Bahrain15:594.170
7/15/12 14:31923138490997Pakistan27:474.150
7/24/12 13:1996566575864Kuwait29:284.050
7/25/12 3:26971507137127United Arab Emirates11:283.390
7/24/12 13:2297333917176Bahrain10:442.900
6/30/12 18:13923212212615Pakistan11:361.830
7/25/12 3:15971507137127United Arab Emirates5:541.740
7/1/12 16:21923347885036Pakistan10:141.690
6/30/12 16:40923312016458Pakistan10:231.690
7/16/12 10:48923005050123Pakistan7:531.250
7/25/12 3:40971507137127United Arab Emirates3:221.190
7/24/12 13:1296566575864Kuwait7:011.150
7/3/12 11:44923312016458Pakistan6:251.110
7/2/12 14:48923013994747Pakistan6:101.110
6/30/12 17:39923158797225Pakistan5:240.960
6/30/12 16:52923312016458Pakistan5:500.960
7/4/12 17:01923312016458Pakistan4:290.820
7/2/12 12:18923316338929Pakistan3:280.670

Of course, Skype wouldn't reimburse me nor would they tell me if they were looking into this security breach. Blame the victim. Must be my fault.

I'm thinking of contacting Homeland Security. Hacking? Middle East? Sounds like something they might be into. In fact, I just did. My US-CERT Incident ID number is: 2012-USCERTv33XYCXG.