|
I became suspicious that a certain someone may be gaining information privy to only myself and my lawyers when I was seemingly preemptively served with a motion that countered my intended course of rebuttal to said lawsuit. Sure enough I checked my gmail login report history to find that someone in California (I live in NY) has been regularly accessing my email at around the same time every day for the past few weeks. I changed my password Monday. Sure enough the same California based IP logged in this morning at around 6:30am my time. Being that I do not have the premier or paid version of google apps for business I do not have access to their tech support or help hotlines; and I am unsure of exactly what avenues of recourse I have in terms of finding who this person is and how to prove what they may or may not have been doing in my inbox with my privileged correspondence to my lawyers. The person I am engaged with in the lawsuit is currently setting up office in California which leads me to believe that this is not coincidence...The thing that really stymies me is that they have managed to login despite the password changes so I do not think they are acting alone; I do not believe he is tech savvy enough to actually hack my account himself. I know that turning on two step verification is a must at this point, but I am hoping that I can figure out my next moves before inadvertently tipping them off that I know they're rooting around my inbox. Looking for any suggestions or past experience to help me figure out my next moves. I've also made my lawyers aware of the issue and am using an account created specifically to communicate with them.
|
#
?
Jul 30, 2014 19:59
|
|
|
|
| # ? Apr 23, 2024 21:06 |
|
|
Set up a Google authenticator on your smart phone
|
|
#
?
Jul 30, 2014 20:05
|
|
|
ToastyNark posted:I became suspicious that a certain someone may be gaining information privy to only myself and my lawyers when I was seemingly preemptively served with a motion that countered my intended course of rebuttal to said lawsuit. Now for my terrible non-lawyer advice: Retain a local copy of the IP access log, preferably via screenshot and regular copy-paste. If I were you I'd ask my lawyers if it could be worked it to my advantage - like for instance, if the other party were indeed illegally accessing your emails, you could move to have some of their evidence excluded, countersue, press criminal charges, etc. Or you could try setting up a honeypot. Have your lawyers send you an email carefully crafted in a manner which would cause the opposing party to take some kind of recognizable action on it - like another motion, for instance. It's circumstantial but I think if you make it specific enough you would have very strong proof. Also try asking in the legal questions thread in A/T.
|
|
#
?
Jul 30, 2014 20:20
|
|
|
Go into your account settings and your account permissions and revoke access to *everything* in there, as well. That'll make certain that nobody can use a pre-authenticated device/external site. https://security.google.com/settings/security/permissions?pli=1 Edit: then change your password *again* and setup 2fa. cstine fucked around with this message at 20:24 on Jul 30, 2014 |
|
#
?
Jul 30, 2014 20:21
|
|
|
Keep your password what it is, let your lawyers know immediately that you'll be using a different email address and tell them what's going on, then carefully craft communications in the compromised account to lure the other party in the lawsuit into proving that they've compromised your email. I am not a lawyer and this is not legal advice.
|
|
#
?
Jul 30, 2014 20:36
|
|
|
encrypt your email
|
|
#
?
Jul 30, 2014 21:06
|
|
|
Check the filters on your gmail account. It's possible they set up an inbound email filter that will forward a copy of all your incoming mail to another address, so even if you were to lock them out of your account, they'd still be able to read your mail. (Gmail shows a warning message on the user interface whenever a new forwarding filter is set up, so it's not likely one of these snuck by without you noticing, but it's worth checking because it used to be a pretty common attack vector.) Also, go into the App Passwords section of your Google profile. Everything listed in there is basically a permanent alternate password to your account -- if someone generated an app password or knew one of your existing app passwords, they'd continue to have access to your account no matter how much you change your "real" password or even if you add a Google Authenticator to your account. Remove everything listed, even the stuff you added yourself, and even if it shows a last used date that's not recent. Then generate brand new app passwords for your own devices if you need them.
|
|
#
?
Jul 31, 2014 05:29
|
|
|
Talk to your lawyers first. Then do the things they say. If you can leverage this you absolutely should.
|
|
#
?
Jul 31, 2014 13:48
|
|
|
Since no one else has mentioned it yet, are you sure it's not your phone doing a sync? A lot of the time mobile carriers will give your phone just about any available IP and sometimes the geolocation of them can be completely different than where you live. For example, I live in WA and my phone will constantly get IPs that appear from California, Colorado, Indiana, and Virginia. I'm not saying you shouldn't do the things the others have suggested but it's something to double check.
|
|
#
?
Jul 31, 2014 15:19
|
|
|
Helushune posted:Since no one else has mentioned it yet, are you sure it's not your phone doing a sync? A lot of the time mobile carriers will give your phone just about any available IP and sometimes the geolocation of them can be completely different than where you live. For example, I live in WA and my phone will constantly get IPs that appear from California, Colorado, Indiana, and Virginia. I'm not saying you shouldn't do the things the others have suggested but it's something to double check. to me this seems to be the most plausible explanation so far. but if this guy really does have someone snooping on his email he needs to move to a private hosted email server immediately. i understand this is neckbeard territory and not reasonable for everyone, but going somewhere else -- perhaps email hosted outside the USA -- would be a good start.
|
|
#
?
Jul 31, 2014 15:31
|
|
|
It may also be worthwhile to see if there is a logger installed (hardware or software) on your system.
|
|
#
?
Jul 31, 2014 16:07
|
|
|
Everyone should be using 2 factor authentication on anything that offers it now.
|
|
#
?
Jul 31, 2014 16:53
|
|
|
Troubadour posted:It may also be worthwhile to see if there is a logger installed (hardware or software) on your system.
|
|
#
?
Jul 31, 2014 20:36
|
|
|
goobernoodles posted:Yeah, maybe I'm crazy but I'd check for key loggers and rootkits. Came in here to suggest the same thing. If there's nothing being detected by virus and malware scanners (use both in safe mode), check the physical connection between your keyboard and computer. Hardware key loggers have made huge advances in not being obvious.
|
|
#
?
Aug 4, 2014 19:22
|
|
|
feld posted:to me this seems to be the most plausible explanation so far. but if this guy really does have someone snooping on his email he needs to move to a private hosted email server immediately.
|
|
#
?
Aug 4, 2014 19:45
|
|
|
Alereon posted:Note that by doing this you are essentially betting that you are a more competent administrator than Google, which is probably not true. It's okay to not want to trust Google, it does not in any way follow that you can trust yourself more. I'm not really sure why there's a "neckbead disclaimer" but I read that as using one of the european email hosts, and not rolling your own email server.
|
|
#
?
Aug 4, 2014 20:06
|
|
|
hifi posted:I'm not really sure why there's a "neckbead disclaimer" but I read that as using one of the european email hosts, and not rolling your own email server.
|
|
#
?
Aug 4, 2014 20:21
|
|
|
Nevvy Z posted:Talk to your lawyers first. Then do the things they say. If you can leverage this you absolutely should. This is the only thing that needs to be said.
|
|
#
?
Aug 5, 2014 16:06
|
|
|
Come back and tell us what happened. I am waiting anxiously to hear how you were able to win your court battle by turning the snooper into the snooped
|
|
#
?
Aug 5, 2014 20:07
|
|
|
biznatchio posted:Check the filters on your gmail account. It's possible they set up an inbound email filter that will forward a copy of all your incoming mail to another address, so even if you were to lock them out of your account, they'd still be able to read your mail. (Gmail shows a warning message on the user interface whenever a new forwarding filter is set up, so it's not likely one of these snuck by without you noticing, but it's worth checking because it used to be a pretty common attack vector. This would not explain why his account shows logon from multiple locations, as the email forward happens in the background via SMTP. My best guess would also be your phone with an incorrect ip being the culprit.
|
|
#
?
Aug 5, 2014 21:39
|
|
|
|
| # ? Apr 23, 2024 21:06 |
|
|
Deadclown posted:This would not explain why his account shows logon from multiple locations, as the email forward happens in the background via SMTP. My best guess would also be your phone with an incorrect ip being the culprit. No, he meant that one of the first things someone breaching a gmail account does is set up a forward in the filters for when they lose access.
|
|
#
?
Aug 6, 2014 19:13
|
|
