Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Investigating a Security/Privacy Breach

  1. #1
    Join Date
    Jan 2009
    Posts
    2,404
    Rep Power
    0

    Default Investigating a Security/Privacy Breach

    Here's the situation: A friend told me that someone had gotten nude pictures of his GF and combined them with a picture of her from her Facebook in which she's dressed in her organization's uniform, and sent it to some other members of the organization. One recipient reported it to the admins and they blocked any more of the emails getting to others. They reported the situation to the police.

    However, he asked me to help him figure out how someone could've gotten those pictures. He told me that he and her did things on Skype (while he's away on business, etc), and he'd taken some snapshots, but he swore that he didn't even tell anyone else stuff like that existed. He did check his collection and found the two nudes in it though, they were dated several months apart and a bit different (he showed them to me). The ones used in the picture had different coloration and horizontal lines as you see when you take a picture of a computer screen with a camera. Unfortunately, the picture taken from Facebook was open to the public, so that's a dead end. But we can assume that the person knows of the organization and at least knows of him and his GF as the picture was first sent to people they're close to.

    The dude is moderately security conscious, and says all those pictures are only on his laptop which he doesn't lend to anyone and always locks whenever he goes out, even though he mostly keeps it at home. But now he thinks that his entire collection could possibly be out there somewhere and is afraid the person(s) might send more pictures another time. Said his GF is still pretty shocked and depressed about the whole thing. She gave him the email address and possible name of the sender, which she got from one of the persons who received the picture, but that address is probably fake.

    Right now the main thing we're trying to figure out is the possible ways those pictures could've gotten out and plug the hole. Is it possible that Skype connections can be hacked? Maybe some kind of malware on his or her computer? Maybe something there from before the first pic was taken till after or later, or something that just chose a couple pictures at once? Could someone have hacked into his computer and taken the pics? Also is there a way to track the email (without going to the authorities or something), which would hopefully lead to the person(s)? How can we go about getting more information about this?
    Rooted OnePlus 2 64GB Ed, Android 5.1.1 OxygenOS ; on teifin' AT&T's network; Rooted ASUS Transformer TF101 w/ dock, Android 5.1 KatKiss; Laptop: ASUS X550C, 2.0GHzx2, 8GB, 512GB SSD, Kubuntu 15.10;
    Facebook page: Skeleville Technology Solutions

  2. #2
    Join Date
    May 2010
    Posts
    3,851
    Rep Power
    17

    Default

    First let me say I am sorry to hear that. I have heard about skype calls being hacked, there are a number of threads on the Skype forum about it as well. His call may have gotten hacked/intercepted from his PC or his GF's PC (not during transmission), He possibly could have malware on his PC, i suggest he run a tool like Malwarebyte with a deep scan. The thing is this:


    All Skype-to-Skype voice, video, and instant message conversations are encrypted. This protects you from potential eavesdropping by malicious users.

    If you make a call from Skype to mobile and landline phones, the part of your call that takes place over the PSTN is not encrypted.

    For example, in the case of group calls involving two users on Skype-to-Skype and one user on PSTN, then the PSTN part is not encrypted, but the Skype-to-Skype portion is.

    Voice messages are encrypted in the same way as Skype calls and instant messages are encrypted. However, after you have listened to a voice message, it is transferred from our servers to your local machine, where it is stored as an unencrypted file.

    Skype uses the AES (Advanced Encryption Standard*), also known as Rijndael, which is used by the US Government to protect sensitive information, and Skype uses the maximum 256-bit encryption. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.

    *Skype is not responsible for the content of external sites.
    https://support.skype.com/en/faq/FA3...use-encryption

    So i am pretty sure he may have a virus on his pc or his GF does. I used to use Skype as VPN so I know it is encrypted...

    Next you said he took pictures/snapshots from the video call... skype has a "flaw" when it comes to storing photos. The files are stored in the appdata folder which is where anumber of malware/viruses tend to reside:

    %appdata%\Skype\Pictures, anyone with access to the pc can easily access the photos.

    My suggestion is that he obtains a solution such as Truecrypt or MyWinLocker to store private stuff
    Last edited by King_Jay16; Jun 13, 2013 at 02:03 PM.

  3. #3
    Join Date
    Nov 2011
    Posts
    263
    Rep Power
    0

    Default

    I don't think the attack was something sophisticated,based on what we have here in Jmaican workplaces (Phillpot notwithstanding.) If I wanted nudies of someone's girl. I would:
    1. Go through the cell phone. Just sitting in the mall with a bluejacker and a extended range bluetooth antenna gets me a panoply of stuff
    2. Rummage through GFs computer. I fid that at some of the work places I have been at, people tend to forget to log out of certain accounts, leaving them ripe for the raeping.
    3. Use cache diggers like PasswordFox. OK now, we're getting somewhat sophisticated. Cache diggers also exist for Skype, so he could have had logged in and gotten info that way


    Try contacting him through email. He will think he is secure and that is a relatively easy way to get an IP address(by checking the message header). Hope this helps. If I can think of anything else, I'll post it.
    Last edited by Satanforce; Jun 13, 2013 at 03:34 PM.
    Phone: Nokia 1200 with Satantendo ROM v.3.3
    Laptop: (Pentium III 850 MHz, 512 MB, 60 GB)
    Console: Sega Dreamcast
    Check out my blog: http://satanforce.wordpress.com/

  4. #4
    Join Date
    Mar 2006
    Posts
    325
    Rep Power
    0

    Default

    if he and the perp were sharing the same modem then the perp could have gotten access to everything he was sending over the network through programs he can find on the net. files,passwords etc. skype encrypts calls and file transfers but you could still log into your modem and check for any mac addresses you don't recognize
    1337

  5. #5
    Join Date
    May 2010
    Posts
    3,851
    Rep Power
    17

    Default

    the only way he can get the snapshot pictures is if he had access to the PC either physically or via network... as snapshots and chat logs are stored in the same main directory in the appdata folder..

  6. #6
    Join Date
    Nov 2011
    Posts
    263
    Rep Power
    0

    Default

    Quote Originally Posted by King_Jay16 View Post
    the only way he can get the snapshot pictures is if he had access to the PC either physically or via network... as snapshots and chat logs are stored in the same main directory in the appdata folder..
    oh. i thought he may have transferred them to a phone etc.
    Phone: Nokia 1200 with Satantendo ROM v.3.3
    Laptop: (Pentium III 850 MHz, 512 MB, 60 GB)
    Console: Sega Dreamcast
    Check out my blog: http://satanforce.wordpress.com/

  7. #7
    Join Date
    Jan 2009
    Posts
    2,404
    Rep Power
    0

    Default

    Quote Originally Posted by King_Jay16 View Post
    the only way he can get the snapshot pictures is if he had access to the PC either physically or via network... as snapshots and chat logs are stored in the same main directory in the appdata folder..
    This is what I'm thinking too. But I'm still wondering about the difference between the original and the combo. There are the lines and coloring to think about (which aren't in the Facebook photo), and one of them has the remainder of a grey border around it that is not in the original, as if the picture was captured with some kind of camera device. Not sure how to describe the look of it.
    Rooted OnePlus 2 64GB Ed, Android 5.1.1 OxygenOS ; on teifin' AT&T's network; Rooted ASUS Transformer TF101 w/ dock, Android 5.1 KatKiss; Laptop: ASUS X550C, 2.0GHzx2, 8GB, 512GB SSD, Kubuntu 15.10;
    Facebook page: Skeleville Technology Solutions

  8. #8
    Join Date
    Jan 2005
    Posts
    3,112
    Rep Power
    0

    Default

    put it this way... my new slogan is.... It's 2013 - the only privacy you have for now is in your mind...
    cell: 807-4523| email: mysonchug@yahoo.com | PM Me

  9. #9
    Join Date
    Nov 2004
    Posts
    5,192
    Rep Power
    25

    Default

    The fact that it was sent to persons at work says it may have been done by someone there. If it's a work laptop that is. Bear in mind that Skype tries to synch your data across the different machines you've logged into (history) and if he signed in at work as well it could be stored on the work PC.

    Other options could be as pointed out above. Scanning and checking for anything on the system should be done immediately. Also - acquiring something like TrueCrypt and encrypting all "personal" media that he has of himself and his GF should be done. Get the app (or others like it) and do it on the laptop offline. Clean the Skype cache and use apps like Everything to ensure that all of the information is found.

    Lots of stuff available to act as back-door to get in. If it was work there's a number of tools available for administration which could be abused. If it's at home then firewall information needs to be looked through to see any historical information. Open ports. Unusual traffic when all systems are idle. Stuff like that. The usual precautions apply - change passwords and whatnot.
    Last edited by khat17; Jun 15, 2013 at 01:39 PM.
    Knowing the solution doesn't mean knowing the method. Yet answering correctly and regurgitation are considered "learning" and "knowledge".

  10. #10
    Join Date
    Nov 2004
    Posts
    4,918
    Rep Power
    24

    Default

    Quote Originally Posted by MaxFactor1 View Post
    put it this way... my new slogan is.... It's 2013 - the only privacy you have for now is in your mind...
    For now indeed lol.

    Google glasses anyone?
    Current Android - OnePlus 7T Pro
    PC Specs - Motherboard: Asus PRIME B560-PLUS | Processor: Intel Core i5-11600K (stock) | Memory: 32 gigs Corsair Vengeance DDR4@3200mhz | Video Card: ASUS ROG Strix GeForce RTX 4070 (OC Edition) | Monitor: ASUS TUF Gaming 27" 2K Monitor | Steam ID -> Powpow

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •