Search Amazon.com:
Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
ToastyNark
Oct 23, 2002

Rape drugs work on everyone.


I became suspicious that a certain someone may be gaining information privy to only myself and my lawyers when I was seemingly preemptively served with a motion that countered my intended course of rebuttal to said lawsuit.

Sure enough I checked my gmail login report history to find that someone in California (I live in NY) has been regularly accessing my email at around the same time every day for the past few weeks. I changed my password Monday. Sure enough the same California based IP logged in this morning at around 6:30am my time. Being that I do not have the premier or paid version of google apps for business I do not have access to their tech support or help hotlines; and I am unsure of exactly what avenues of recourse I have in terms of finding who this person is and how to prove what they may or may not have been doing in my inbox with my privileged correspondence to my lawyers.

The person I am engaged with in the lawsuit is currently setting up office in California which leads me to believe that this is not coincidence...The thing that really stymies me is that they have managed to login despite the password changes so I do not think they are acting alone; I do not believe he is tech savvy enough to actually hack my account himself.

I know that turning on two step verification is a must at this point, but I am hoping that I can figure out my next moves before inadvertently tipping them off that I know they're rooting around my inbox.

Looking for any suggestions or past experience to help me figure out my next moves. I've also made my lawyers aware of the issue and am using an account created specifically to communicate with them.

Adbot
ADBOT LOVES YOU

Raymn
Mar 19, 2002


Set up a Google authenticator on your smart phone

Cenodoxus
Mar 29, 2012



ToastyNark posted:

I became suspicious that a certain someone may be gaining information privy to only myself and my lawyers when I was seemingly preemptively served with a motion that countered my intended course of rebuttal to said lawsuit.

Sure enough I checked my gmail login report history to find that someone in California (I live in NY) has been regularly accessing my email at around the same time every day for the past few weeks. I changed my password Monday. Sure enough the same California based IP logged in this morning at around 6:30am my time. Being that I do not have the premier or paid version of google apps for business I do not have access to their tech support or help hotlines; and I am unsure of exactly what avenues of recourse I have in terms of finding who this person is and how to prove what they may or may not have been doing in my inbox with my privileged correspondence to my lawyers.

The person I am engaged with in the lawsuit is currently setting up office in California which leads me to believe that this is not coincidence...The thing that really stymies me is that they have managed to login despite the password changes so I do not think they are acting alone; I do not believe he is tech savvy enough to actually hack my account himself.

I know that turning on two step verification is a must at this point, but I am hoping that I can figure out my next moves before inadvertently tipping them off that I know they're rooting around my inbox.

Looking for any suggestions or past experience to help me figure out my next moves. I've also made my lawyers aware of the issue and am using an account created specifically to communicate with them.
Google authenticator first and foremost. Consider setting up a separate account strictly for communication with your lawyers.

Now for my terrible non-lawyer advice:

Retain a local copy of the IP access log, preferably via screenshot and regular copy-paste. If I were you I'd ask my lawyers if it could be worked it to my advantage - like for instance, if the other party were indeed illegally accessing your emails, you could move to have some of their evidence excluded, countersue, press criminal charges, etc.

Or you could try setting up a honeypot. Have your lawyers send you an email carefully crafted in a manner which would cause the opposing party to take some kind of recognizable action on it - like another motion, for instance. It's circumstantial but I think if you make it specific enough you would have very strong proof.

Also try asking in the legal questions thread in A/T.

cstine
Apr 15, 2004

What's in the box?!?

Go into your account settings and your account permissions and revoke access to *everything* in there, as well.

That'll make certain that nobody can use a pre-authenticated device/external site.

https://security.google.com/setting...rmissions?pli=1

Edit: then change your password *again* and setup 2fa.

cstine fucked around with this message at Jul 30, 2014 around 19:24

atomicthumbs
Dec 26, 2010



Keep your password what it is, let your lawyers know immediately that you'll be using a different email address and tell them what's going on, then carefully craft communications in the compromised account to lure the other party in the lawsuit into proving that they've compromised your email. I am not a lawyer and this is not legal advice.

hifi
Jul 25, 2012


encrypt your email

biznatchio
Mar 31, 2001

I stole a pie from Estelle Getty.


Check the filters on your gmail account. It's possible they set up an inbound email filter that will forward a copy of all your incoming mail to another address, so even if you were to lock them out of your account, they'd still be able to read your mail. (Gmail shows a warning message on the user interface whenever a new forwarding filter is set up, so it's not likely one of these snuck by without you noticing, but it's worth checking because it used to be a pretty common attack vector.)

Also, go into the App Passwords section of your Google profile. Everything listed in there is basically a permanent alternate password to your account -- if someone generated an app password or knew one of your existing app passwords, they'd continue to have access to your account no matter how much you change your "real" password or even if you add a Google Authenticator to your account. Remove everything listed, even the stuff you added yourself, and even if it shows a last used date that's not recent. Then generate brand new app passwords for your own devices if you need them.

Nevvy Z
Jan 3, 2004

This is a pretty dumb contest.

Talk to your lawyers first. Then do the things they say. If you can leverage this you absolutely should.

Helushune
Oct 5, 2011



Since no one else has mentioned it yet, are you sure it's not your phone doing a sync? A lot of the time mobile carriers will give your phone just about any available IP and sometimes the geolocation of them can be completely different than where you live. For example, I live in WA and my phone will constantly get IPs that appear from California, Colorado, Indiana, and Virginia. I'm not saying you shouldn't do the things the others have suggested but it's something to double check.

feld
Feb 11, 2008

Out of nowhere its.....

Feldman



Helushune posted:

Since no one else has mentioned it yet, are you sure it's not your phone doing a sync? A lot of the time mobile carriers will give your phone just about any available IP and sometimes the geolocation of them can be completely different than where you live. For example, I live in WA and my phone will constantly get IPs that appear from California, Colorado, Indiana, and Virginia. I'm not saying you shouldn't do the things the others have suggested but it's something to double check.

to me this seems to be the most plausible explanation so far. but if this guy really does have someone snooping on his email he needs to move to a private hosted email server immediately.


i understand this is neckbeard territory and not reasonable for everyone, but going somewhere else -- perhaps email hosted outside the USA -- would be a good start.

Troubadour
Mar 1, 2001
Forum Veteran

It may also be worthwhile to see if there is a logger installed (hardware or software) on your system.

Don Lapre
Mar 28, 2001

If you're having problems you're either holding the phone wrong or you have tiny girl hands.


Everyone should be using 2 factor authentication on anything that offers it now.

goobernoodles
May 28, 2011

Wayne Leonard Kirby.

Orioles Magician.


Troubadour posted:

It may also be worthwhile to see if there is a logger installed (hardware or software) on your system.
Yeah, maybe I'm crazy but I'd check for key loggers and rootkits.

wunderdog
May 21, 2005

yep


goobernoodles posted:

Yeah, maybe I'm crazy but I'd check for key loggers and rootkits.

Came in here to suggest the same thing. If there's nothing being detected by virus and malware scanners (use both in safe mode), check the physical connection between your keyboard and computer. Hardware key loggers have made huge advances in not being obvious.

Alereon
Feb 6, 2004

For me but LEFTHANDED

feld posted:

to me this seems to be the most plausible explanation so far. but if this guy really does have someone snooping on his email he needs to move to a private hosted email server immediately.


i understand this is neckbeard territory and not reasonable for everyone, but going somewhere else -- perhaps email hosted outside the USA -- would be a good start.
Note that by doing this you are essentially betting that you are a more competent administrator than Google, which is probably not true. It's okay to not want to trust Google, it does not in any way follow that you can trust yourself more.

hifi
Jul 25, 2012


Alereon posted:

Note that by doing this you are essentially betting that you are a more competent administrator than Google, which is probably not true. It's okay to not want to trust Google, it does not in any way follow that you can trust yourself more.

I'm not really sure why there's a "neckbead disclaimer" but I read that as using one of the european email hosts, and not rolling your own email server.

Alereon
Feb 6, 2004

For me but LEFTHANDED

hifi posted:

I'm not really sure why there's a "neckbead disclaimer" but I read that as using one of the european email hosts, and not rolling your own email server.
That doesn't really provide any benefits over Google hosting your e-mail either though, you're just picking a different and potentially (likely) less competent host, located in a country that probably has a much less favorable legal environment for you.

Stanley Pain
Jun 16, 2001

In humility and with no need for Divine Guidance, I make this pledge.


Nevvy Z posted:

Talk to your lawyers first. Then do the things they say. If you can leverage this you absolutely should.

This is the only thing that needs to be said.

alwayslost
May 17, 2007
and never found

Come back and tell us what happened. I am waiting anxiously to hear how you were able to win your court battle by turning the snooper into the snooped

Deadclown
Aug 1, 2014



biznatchio posted:

Check the filters on your gmail account. It's possible they set up an inbound email filter that will forward a copy of all your incoming mail to another address, so even if you were to lock them out of your account, they'd still be able to read your mail. (Gmail shows a warning message on the user interface whenever a new forwarding filter is set up, so it's not likely one of these snuck by without you noticing, but it's worth checking because it used to be a pretty common attack vector.


This would not explain why his account shows logon from multiple locations, as the email forward happens in the background via SMTP. My best guess would also be your phone with an incorrect ip being the culprit.

Adbot
ADBOT LOVES YOU

deimos
Nov 30, 2006

Forget it man this bat is whack, it's got poobrain!


Deadclown posted:

This would not explain why his account shows logon from multiple locations, as the email forward happens in the background via SMTP. My best guess would also be your phone with an incorrect ip being the culprit.

No, he meant that one of the first things someone breaching a gmail account does is set up a forward in the filters for when they lose access.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply