Accessing Hijacked email accounts

Cyberians,

I've been contacted by someone seeking help with the following
situation. She has email accounts at yahoo and hotmail that have been
hijacked by someone who has obtained the passwords, possibly via spyware
on her computer.

This looks like an obvious case for unathorized access under 18 USC
2701.  But more pragmatically, how would one gain control back of these
accounts short of litigation? Anyone have  practical experience?

Thanks,

Guilherme

--
Guilherme Roschke
Skadden Fellow
Domestic Violence and Privacy Project
Electronic Privacy Information Center
http://www.epic.org/privacy/dv/
(202) 483-1140 x124


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

On Tue, 18 Sep 2007, Guilherme Roschke wrote:
> I've been contacted by someone seeking help with the following
> situation. She has email accounts at yahoo and hotmail that have been
> hijacked by someone who has obtained the passwords, possibly via spyware
> on her computer.
>
> This looks like an obvious case for unathorized access under 18 USC
> 2701.  But more pragmatically, how would one gain control back of these
> accounts short of litigation? Anyone have  practical experience?

Oh, and I forgot.  She should probably first make sure her computer is
clean, otherwise going through the recovery process on an infected
computer will compromise the account again.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

Guilherme Roschke wrote: First off, I'd suggest she contact Yahoo! and Hotmail to ask for the
accounts to be frozen. There may be some way (secret questions & the
like) that she can use to authenticate herself as the original owner.

I've not dealt with the large free email providers on this, but I have
been in the admin's position when a customer asks to have their hijacked
account secured and returned to them. Acting in a polite, reasonable
manner goes pretty far in my book.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

On Tue, 18 Sep 2007 19:39:43 -0400
Alexander Muentz <lex@...> wrote:

> First off, I'd suggest she contact Yahoo! and Hotmail to ask
> for the accounts to be frozen. There may be some way (secret
> questions & the like) that she can use to authenticate
> herself as the original owner.

The problem is that if the account was infiltrated, the secret
question etc. is probably already changed.
If the questions about name, adress etc. have not been
answered correctly there will be some problems to say the
least.

But the best is to contact the help desk and explain the
situation, furthermore contact all the friends etc. who have
the adresses (or at least as much as possible) because this
avoids any more mail adresses etc. to be infiltrated or
private information to go into the wrong hands.


> I've not dealt with the large free email providers on this,
> but I have been in the admin's position when a customer asks
> to have their hijacked account secured and returned to them.
> Acting in a polite, reasonable manner goes pretty far in my
> book.

The main problem is the authentification as in most cases the
secret question has been changed. But if you are able to say
roundabout when the account has been hacked freemailers help
desk most likely can see that what you say is for real and
will freeze the account and (for example if your address was
given at first) send an authentification letter to the adress
or something like that.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

On Sep 18, 2007, at 5:51 PM, Guilherme Roschke wrote:


Haven't read the replies yet - but don't those accounts have a button  
that says "Forgot password?"

Clicking those links will, I presume, send a "reset password" link  
the the email address which the account holder used to register the  
accounts originally.


My Original Writing blog: http://itgotworse.livedigital.com


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

In message <0BC0157B-AD57-4A47-B7C8-9FAC4CE32AD0@...>, at
02:40:58 on Wed, 19 Sep 2007, Randall <rvh40@...> writes
>Haven't read the replies yet - but don't those accounts have a button
>that says "Forgot password?"
>
>Clicking those links will, I presume, send a "reset password" link  the
>the email address which the account holder used to register the
>accounts originally.

I would expect it to send the email to a currently associated email
account, otherwise it could easily be sending to an email address that
has itself been cancelled. And the hijacker may have changed the
associated email address to one he has access to.
--
Roland Perry


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

Roland Perry wrote:
Indeed. It was my mistake to not mention this earlier. We have attempted
the standard "forgot your password" links.

-gr

Guilherme Roschke
Skadden Fellow
Domestic Violence and Privacy Project
Electronic Privacy Information Center
http://www.epic.org/privacy/dv/
(202) 483-1140 x124


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************

My apologies for this message to the list.  I am trying to leave this
listserv, have followed the instructions for doing so*, but cannot seem
to get off.  Can someone advise me?

* Send "SIGNOFF CYBERIA-L" command to LISTERV@...


Anne Davies Newman
Attorney at Law
Pepper Hamilton LLP
Suite 200, 100 Market Street
Harrisburg, PA  17101-2044
717.255.1195 - Direct
717.238.0575 - Fax
866.422.6379 - Direct Fax
newmana@...
www.pepperlaw.com


-----Original Message-----
From: Law & Policy of Computer Communications
[mailto:CYBERIA-L@...] On Behalf Of Guilherme Roschke
Sent: Wednesday, September 19, 2007 10:02 PM
To: CYBERIA-L@...
Subject: Re: [CYBERIA] Accessing Hijacked email accounts

Roland Perry wrote:
> In message <0BC0157B-AD57-4A47-B7C8-9FAC4CE32AD0@...>, at
> 02:40:58 on Wed, 19 Sep 2007, Randall <rvh40@...> writes
>> Haven't read the replies yet - but don't those accounts have a button

>> that says "Forgot password?"
>>
>> Clicking those links will, I presume, send a "reset password" link
>> the the email address which the account holder used to register the
>> accounts originally.
>
> I would expect it to send the email to a currently associated email
> account, otherwise it could easily be sending to an email address that

> has itself been cancelled. And the hijacker may have changed the
> associated email address to one he has access to.

Indeed. It was my mistake to not mention this earlier. We have attempted
the standard "forgot your password" links.

-gr

Guilherme Roschke
Skadden Fellow
Domestic Violence and Privacy Project
Electronic Privacy Information Center
http://www.epic.org/privacy/dv/
(202) 483-1140 x124


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia Off-Topic
threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************


This email is for the use of the intended recipient(s) only.  If you have received this email in error, please notify the sender immediately and then delete it.  If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.  We have taken precautions to minimize the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.  We cannot accept liability for any loss or damage caused by software viruses.  The information contained in this communication may be confidential and may be subject to the attorney-client privilege. If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request@...
**********************************************************************