No matter how hard you try this day and age to protect yourself, there will always be someone trying harder to get around your latest protective measures. While it's not necessarily browser related, here's a case in point:
Over the past few weeks I've received a half dozen or so emails from someone claiming to have broached my security. Pretty much in the same vein as what's been reported here
. Given my background though, I've naturally got somewhat more of an understanding of how email servers work, and how to track such bogus emails back to their source (as much as feasibly possible, that is, given email forwarder scripts).
Yesterday, I received the following message:
Take note of where the perpetrator states (bolded for emphasis) "your browser began operating like a RDP (Remote Control) that have a keylogger that gave me permission to access your display and webcam
That's an interesting claim since I've had a piece of tape covering my web webcam for years now (I don't use it). Still, as a precaution, the first thing I did was ftp into my server to do a quick review of the date/time stamps on all my files there (I have root access), followed by a review of my error and access logs. Next, I logged into my email via the server and checked for the bogus message in the inbox, sent mail, and junk folders. One version was found in my inbox, as well as two other slightly different versions in the junk folder. But nothing made to look like it was sent by me via my server to me was found in any of the outgoing/sent mail folders (email can be made to look like anyone sent it, if you know how to do so).
Next, I reviewed the full headers found in the email (I’ll keep them short for the purposes of this post, and cover up info that I don’t wish to share with the world). Note the items highlighted by the red arrows (the info in the red box suggests the likelihood that scripting was used to resend the message by way of a hacked account. In this case,
Then I pinged mayacreations.co.in to get an IP address, blacklisted the IP, and ran a whois on the mayacreations.co.in domain to determine who the registrar is for the domain, as well as gather any additional non-private info available in the record. This was followed by the following steps:
Reported the message to the FBI, providing detailed info;
Reported the message to abuse at the domain name registrar for mayacreations.co.in;
Went on about my business.
I didn't attempt to contact the holder of the email address at mayacreations.co.in simply because of the possibilities that (a) the email address was bogus, or; (b) if not bogus, that those responsible for the traffic passed through the domain in question were either unaware their server had been co-opted (possibly via the solidhosting.pro domain, which is assigned name servers in the EU and IN), OR
if actually the email address of someone stupid enough to use it in attempting to extort funds from me, I didn't want to give them a heads up.
I’ll let those I’ve reached out to take care of that instead.
All told, about 45 minutes worth of worth. A pain in the neck, mind you, because of the time lost, but I tend not to lose (much) sleep over such stuff at night.