Who is behind that Gmail account?
- 23 September, 2008 14:13
- Comments 2
Who is the real identity behind that Gmail account? While finding out may not be as easy as knowing who is behind chunkylover53@aol.com (Homer Simpson, for the curious), it apparently isn't much harder.
Yahoo might have recently attracted attention for the public compromise of one of US Vice Presidential nominee Sarah Palin's accounts, but there are people looking at all providers for weaknesses in account creation (spammers), account recovery (hackers), or other account management functions, such as the identity behind the address.
There are varying levels of success in each area, with many security people who pay attention to the latest developments in CAPTCHA-breaking believing that the major webmail providers have been compromised to a level where it is viable for automated spamming.
In the area of account recovery, anyone who watches the Full Disclosure mailing list will note from time to time claims of malfeasance from various unheard-of groups who claim to have the full webmail mail file of one or more security identities. The Sarah Palin case has publicly demonstrated for everyone else the many problems that can be associated with not selecting secure enough security questions (and the problem of determining what is secure in the first place).
There isn't as much focus on finding the identity behind a random webmail account, but Google apparently seems to have several (unintentional) methods to recover the registered first and last names associated with an account. In a demonstration of why it is always polite to acknowledge security issues, Google was previously notified of a similar issue, by the same researcher, but they silently fixed it . Not happy with the approach taken last time, the researcher publicly disclosed enough of their rediscovered issue for many who had discovered equivalent problems to come forward with their own examples.
Information that can be recovered is only as good as the information that was originally supplied, but who really signs up to a webmail provider with a fake name? If you were already taking steps to blur your online identity, then it probably isn't going to work against you. Rather, it is the majority of users, who take no real effort to hide their identity when using online services, who can have their details rapidly recovered.
With spammers who have managed to automatically create a number of spam accounts, this allows them to send highly personalised spam to their targets and improve the chances of having it slip past the Gmail filters. Spear phishers might already know who owns an account, but this might help gain leverage on co-workers or add extra legitimacy by identifying others who the target would already know about but who the phisher wouldn't directly know.
Recommended
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Spear-Phishing Email: Most Favored APT Attack Bait
- World Quality Report - The State of Quality 2012
- Appropriate Backup Applications for Accelerated Virtualisation Projects
- Managing the Rapid Rise in Database Growth: 2011 IOUG Survey on Database Manageability
- Saving Time and Money with Savvy Use of Flash in Automated Storage Tiering
-
Turnbull criticises government's NBN budget cuts
-
Telstra apologises after customer records appear online
-
Conroy dismisses claims of NBN failing
-
Conroy dismisses claims of NBN failing
-
Conroy dismisses claims of NBN failing
Comments
soheyl
1
Who is behind that Gmail account?
bilesavaremogan@gmail.com
Etienne Delaunay
2
who is?