Gmail hack – how was it done?
My daughter's Gmail was apparently hacked (spam was sent to all her contacts) - how was it done? Here are some relevant facts:
1) she had 2-factor authentication (using SMS) in place for months before the incident.
2) the access log on Gmail shows only accesses from her home computer and her phone.
3) home computer is a Mac with Apple Mail - no viruses found on the machine
4) iPhone Mail is also connected to her Gmail.
What's the most likely attack vector?
7 comments
[ 3.1 ms ] story [ 28.2 ms ] thread[1] http://en.wikipedia.org/wiki/E-mail_spoofing
Or she gave some App the rights to access her gmail contacts.
2-factor authentication (with SMS) in place should be able to rule out the possibility to have her account accessed somewhere else, other than the computer and smart phone she uses. But there is also the possibility that someone else obtained all the contacts in your daughter's gmail, and then spam with a fake originating mail server. The critical path for this attacking strategy does not involve 2-factor authentication and your machines.
Another scenario could be her iphone has been compromised and hence have all the information stored on it exposed to the attacker, including the SMS (and once the attacker obtained control of the iphone, he/she could delete the text message and erase the trail after the attack). You need to check the SMS record with the telecommunication SP to see if there was any text message containing the 2-factor password sent from google to your daughter's number.
But in the case either your daughter's mac or iphone has virus in it, and you failed to find it out (which could happen to anyone), this could be another possible cause.
At this time, perhaps we could also do several other things to mitigate the impact of this attack...
1) all the contacts she cares should be alerted about this account compromise (there have been cases in the past where compromised account has been used to swindle money).
2) change the gmail password.
3) check the vacation responder (e.g. auto-response) of the gmail account (gmail settings -> General -> Vacation responder) see if it has been cleared.
4) set different mail signature for all the different mail clients she uses (this could be done through each mail client's own configuration), and also the signature for the gmail account (gmail settings -> General -> signature), in the sense of marking the different critical paths of sending mail. So next time we could find out where (in terms of the apps and client) the spam is sent from, in case it happens again.