ICQ Nightmare: A True Story of a Bad Password
by Wayne Porter
This story is true. The names have been changed to protect the innocent. Many people on line have heard about the great new instant messaging service called ICQ This software allows you to message your friends, family and co- workers in real time. If you haven't installed it, then take some time to try it out. However, because of its popularity, it has become a prime target for malicious hackers. Read on. Larry, a pharmacist, logged on in the morning as he usually did. He checked his email, visited his stock site, and read the morning news. Everything was fine with the exception of his ICQ connection. He was unable to log in. It kept rejecting his password for no apparent reason. He messaged his friend about the problem as well as sent an email to a member of our staff. Immediately we got in touch with Larry and informed him that there was a good possibility that his account had been broken into. (A changed password is a very common sign). What Larry did not realize is how much power the hacker had stolen. Because the people on Larry's contact list (the people with whom he could instant message) believed that Larry was really Larry, they had no reason to distrust him. When the hacker, posing as Larry, began to send out "Trojan Horses" (Much like the Greek trojan horse- a file disguised as a gift, but actually has destructive intent), the people on his list gladly accepted the files and ran them. The trojan was implanted on their machines and the hacker took control of their computers as well. We managed to contact the hacker via ICQ and even got him to engage in some conversation. He claimed he was from Amman, Jordan and demanded payment of $500.00 in U.S. funds. A computer trace placed him in the Netherlands at a local university. We asked the hacker to return the account, but he refused and demanded money in order to get the account back. At this point we began contacting everyone on Larry's contact list about the situation and told them not to accept files or requests from Larry's account, because they were implanted with malicious code. This stopped the majority of the hacker's mischief. Once warned, people shut him off. Because of the great distance, it was very difficult to stop the hacker. Larry contacted Mirabilis, the company that runs ICQ. It took several days before they would shut down the account, probably as they needed to verify this individual had actually hi-jacked the account and had malicious intent. Eventually, they must have determined this was the case and Larry's ICQ number was deactivated. Why was Larry the target of this hacker? For starters, his ICQ number, also called a Unique Identifier Number (UIN), had only six digits. Small numbers are in vogue because they show a user has been around for a long time, are easy to remember, and are easy to pass around. How did the hacker break into Larry's account? There have been a number of security flaws within the ICQ network- to our knowledge the vast majority have been fixed. However, Larry committed the cardinal sin. His user name was Larry, and his password was Larry. It did not take the hacker long to gain control of Larry's account. Once in, he simply changed it to one of his own liking, instantly barring Larry from accessing his account. Once he had control of Larry's account, Larry's friends assumed he was Larry. There is no way to tell the difference unless the individual acts strangely. While the Net does have security dangers, it is important to keep calm and remember that everyday life has dangers and risks as well, such as a door left open, car keys in the ignition, or a broken window. All of these conditions invite intrusions. The same can be said for Internet safety. If Larry had chosen a strong password, he would not have gotten in the jam, nor would he have compromised his friend's security. Please alert your friends to prevent this situation from happening to them or you. Have a look at our password guarding utility reviews
This article is copyright 2005 by XBlock.com.
It may not be reprinted or copied without the express written consent of the author.
Related Articles
Read other articles (back to full list)
|