Forgot your password?
typodupeerror
Crime Communications Privacy

Ask Slashdot: How To Track a Skype Account Hijacker? 152

Posted by timothy
from the hi-from-indonesia dept.
An anonymous reader writes "My Skype account was hijacked, which I discovered after Skype suspended it for suspicious activity, including a number of paid calls and an attempt to debit my card. Now that I've secured the account again, I can see the call history — there are several numbers called in Senegal, Mali, Benin and Philippines. Obviously I could call them myself and create a bit of havoc in their lives, but ideally I'd like to trace the hijacker himself — perhaps with some kind of 'social engineering' approach. Or is it just a waste of time?" How would you do this, and would you bother?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: How To Track a Skype Account Hijacker?

Comments Filter:
  • No point (Score:2, Interesting)

    by Anonymous Coward

    Sadly there's no point in bothering. It could be that the numbers they called are 'premium' numbers and its possible that your account is gonna get charged a whole ton of money from those 'services' that were set up specifically for this kind of thing.

    • Re:No point (Score:5, Interesting)

      by BrokenHalo (565198) on Sunday April 21, 2013 @05:53AM (#43508467)

      Sadly there's no point in bothering.

      In this instance, I might disagree. Given that those calls were (according to TFS) made to Senegal, Mali, Benin and Philippines, that in itself might be construed as suspicious. You could pass the information on to the FBI and tell them you are concerned your account could have been used for terrorist activity. Let them come down on the perps.

      • by gl4ss (559668)

        Sadly there's no point in bothering.

        In this instance, I might disagree. Given that those calls were (according to TFS) made to Senegal, Mali, Benin and Philippines, that in itself might be construed as suspicious. You could pass the information on to the FBI and tell them you are concerned your account could have been used for terrorist activity. Let them come down on the perps.

        well, sure, call those numbers them. give them more money.

      • by flyneye (84093)

        Now there's a good sense answer that requires little to do on the part of the violated. You can still make it out to be a huge thing , down at the bar, with you in the middle of an international incident.
        Someone mod this guy up and get him a beer.

      • by Anonymous Coward

        Sadly there's no point in bothering.

        In this instance, I might disagree. Given that those calls were (according to TFS) made to Senegal, Mali, Benin and Philippines, that in itself might be construed as suspicious. You could pass the information on to the FBI and tell them you are concerned your account could have been used for terrorist activity. Let them come down on the perps.

        Lol, not likely. This is a common scam lately, not just by getting into Skype accounts but also by breaking into PBX systems, SIP phones, etc. They place calls to those numbers which are toll services, this generates a charge to the person's account. The scammer is somehow related to the people who get paid when those numbers get called, either directly involved or at least another branch of a criminal enterprise.
        They've been up to this for years, so while I'm sure the FBI would be happy to add the OP's spe

  • by JJJJust (908929) <JJJJust AT gmail DOT com> on Sunday April 21, 2013 @02:25AM (#43508047)

    Reddit seems to be fantastic at finding people on the internet given the flimsiest leads to their identity... sure they may get it wrong now and then, but hey... them's the breaks.

    • by corbettw (214229)

      I'll save the poster some time: if you ask Reddit, they'll tell you it was Sunil Tripathi. Case closed.

  • get their ip (Score:3, Informative)

    by ZeroNullVoid (886675) on Sunday April 21, 2013 @02:26AM (#43508057)
    Set the password back to what they knew, wait for them to login and hijack it (another account friended) and use one of the sites that use the debug version of skype to obtain their ip.  Then contact the ISP and say that either this illegally hijacking accounts or their IP/systems have been compromised.  Don't forget to disassociate any cards prior.
  • Post numbers (Score:5, Interesting)

    by Anonymous Coward on Sunday April 21, 2013 @02:26AM (#43508059)

    1] Post the numbers dialed to 4chan
    2] Wait for the onslaught of harassing calls
    3] ???
    4] Profit

  • Won't Skype tell you the IP that was used by the thief?

    • Re:What about the IP (Score:5, Interesting)

      by ccguy (1116865) on Sunday April 21, 2013 @03:33AM (#43508209) Homepage

      Won't Skype tell you the IP that was used by the thief?

      No, they won't. In general companies tell you to contact the police, etc and go out of their way to be useless.

      Some months ago I had someone purchase a plane ticket using my credit card. My bank sent me a SMS when the charge was made (usual alert system, they SMS each time there's a charge). I had the phone with me so I could do something instantly. This is what happened:

      - The charge was made for a plane ticket on Airchile according to the SMS.
      - I called the bank *inmediately* (as the SMS said) to notify them of the charge. Well, guess what, it was a Sunday at 23:00 or so and they were closed. So the bank couldn't help.
      - I drove to the airport to talk to Airchile, which happened to be opened at the time because they was a flight leaving from Madrid to Santiago in a couple hours (I was hoping that the bastard was there). They couldn't help.
      - I went to the police station in the airport and they couldn't help because I needed a bank statement before they could do anything. Really? I have to wait until the end of the month before I can file a report with the police?

      You see - even if you are really willing to track things down and not demand your money back, the other parties involved rarely assist.

      Eventually I got my statement, filed the report (useless at the time of course) and got my money. But I great chance to catch the guy was lost.

      • by AK Marc (707885)
        I find that idiotic.

        "I'd like to know my IP, the one I used on Tuesday to call Somalia."
        "No, we aren't allowed to tell you your own IP address for privacy reasons."

        How exactly does that work? You are who you were last week, as far as they are concerned, right?
      • by Jstlook (1193309)
        The funny part is that's by design. Our American society cares more about protecting the right to make mistakes and the belief in second chances than it does in any right to privacy or integrity.
        Congrats, and welcome to the queue. If you'd like to dispute this society, please press star, and an operator will be with you .. eventually.
        • by Alex Belits (437) *

          The funny part is that's by design. Our American society cares more about protecting the right to make mistakes and the belief in second chances than it does in any right to privacy or integrity.

          Actually this is the implementation of "What if it's someone rich?" clause.

        • It does? Gee, the prison and justice system in general would have suggested otherwise.

        • by Joce640k (829181)

          Our American society cares more about protecting the right to make mistakes and the belief in second chances than it does in any right to privacy or integrity.

          So that's why there's more Americans in prison than any other society in history. Got it.

      • airchile doesnt exist.

      • by markus_baertschi (259069) <markus@mark u s . org> on Sunday April 21, 2013 @08:23AM (#43508847)

        Your Bank/Credit card company has no 24h service number for such this ?

        Time to change credit card company.

      • What sort of dodgy bank are you with that doesn't have a 24-hour line for reporting card loss/theft?

        A couple years ago, my wife's check card number was stolen and run for about $300 at a Wal-Mart in Dallas - at about 10 PM local time on a Sunday, I was able to call and report the theft on a 24-hour number, get the number blocked, and even managed to get the store manager at the Wal-Mart to pull video from the checkout line of the thief. The next morning I faxed in the appropriate form, and the money was bac

    • by spxZA (996757)
      Skype or Microsoft won't, but they introduced a weakness recently to discover a user's IP address: http://www.anonware.net/index.php?page=resolvers [anonware.net]
  • by realitycheckplease (2487810) on Sunday April 21, 2013 @02:30AM (#43508071)
    Is it possible that the hijacker was selling calls to other people, possibly immigrants, maybe even illegals. If so, the numbers called may have no direct connection to the hijacker, rather each olne of them may know a different someone who knows the hijacker. So you could be looking for the common factor between the people who made the calls to the numbers that you have. I'm not sure that it will be easy to find that common factor. After all, you have Jim and Bill and Fred's numbers; Sue called Jim, Anne called Bill, Jenny called Fred; Sue, Anne and Jenny all know Henry .... so if you have Jim and Bill and Fred's numbers, and don't even know whether Henry exists or not, how do you find Henry?
    • Re: (Score:3, Funny)

      by Anonymous Coward

      The answer is clear: The hijacker is Kevin Bacon.

    • by tftp (111690) on Sunday April 21, 2013 @02:57AM (#43508131) Homepage

      Sue called Jim, Anne called Bill, Jenny called Fred; Sue, Anne and Jenny all know Henry .... so if you have Jim and Bill and Fred's numbers, and don't even know whether Henry exists or not, how do you find Henry?

      It's pretty much impossible; not mathematically but practically. First, Jim, Bill and Fred live in different foreign countries. They have no obligation to tell you anything, even if you are a police officer in your own country. But if for some reason they choose to endanger their relatives, they may not know where Sue, Anne and Jenny live. But if you manage to find them, those three are not required to tell you anything (if they are in the USA, at least.) But if you manage to make them talk and they point at Henry, Henry can always say that he used his own Skype account, but the OP "hacked" it to "frame him" because he is "raysis." (Well, that story is being tried by the Boston bomber's mother.) The OP may find himself on the receiving end of a counter-suit, if not of a criminal complaint (doesn't matter if it has merit or not - justice is not based on such trivial things.)

      The OP should pick better passwords, write the loss off, and take this experience as a valuable lesson.

      • They have no obligation to tell you anything, even if you are a police officer in your own country.

        You must be new here. =)

        Hello, I'm looking for my long lost brother. I'm 80 years old and we were together in Auschwitz. Have you heard about Auschwitz? No? Could you do me a favour and look it up? I'll call you back. By the way we only barely survived and have been separated ever since...

        OP is probably right asking for help with this stuff. Social Engineering is fun, profitable and perfectly legal, but it certainly isn't easy for the uninitiated.

        • by s.petry (762400)

          Most ISPs, even in poor foreign sites, are trained for social engineering. Hell, they may reverse your tactic and have you crying about their 7 starving children by the time you hang up the phone.

        • by tftp (111690)

          Hello, I'm looking for my long lost brother. I'm 80 years old and we were together in Auschwitz

          Language of what tribe will you use? Are you good with it? What would *you* do if someone calls you, purportedly from China, and in broken English starts asking you who in China you talked to on Skype a week ago and what is her address, using an excuse that is an obvious lie. Most people would respond in just two simple English words (that are pretty well understood worldwide) and block the contact forever.

          Yo

    • by Ecuador (740021)

      It's not even that. I bet the numbers called were all premium-rate telephone numbers and that is how the hijacker makes his money. By calling them you will give them more of your money.

  • voip fraud (Score:3, Informative)

    by Anonymous Coward on Sunday April 21, 2013 @02:46AM (#43508113)

    The account was possibly being used for voip fraud. Voip fraud is typically the practice of hijacking a VOIP account (sip/skype) and then calling some foreign country exchange that has a stupid high per minute rate (that the called party gets a cut of). The called party is usually in on the scam but good luck getting any realistic amount of cooperation due to local corruption at the called party end (almost always third world countries).

  • by bucky0 (229117) on Sunday April 21, 2013 @02:54AM (#43508125)

    Do you think someone broke into your Skype account to call 5 random countries? They're all toll numbers in Africa. The damage is done and you lost

  • Let it go. (Score:5, Insightful)

    by six025 (714064) on Sunday April 21, 2013 @03:12AM (#43508167)

    Just let it go. It's not worth the time or the hassle.

  • Use better logic (Score:5, Insightful)

    by O('_')O_Bush (1162487) on Sunday April 21, 2013 @03:14AM (#43508171)
    You need to use the same kind logic as when buying a used car.

    1. Do not assume you can outsmart them or that they have made glaring mistakes
    2. Realize they do this professionally, that is, spend years eating and breathing this type of activity
    3. Realize if there was some way to retaliate or gain an advantage, they wouldn't be doing this for a living.
    4. Re-evaluate your position.
  • by vikingpower (768921) <exercitussolus&gmail,com> on Sunday April 21, 2013 @03:16AM (#43508173) Homepage Journal
    If you are the type of person who get satisfaction out of revenge - well,hell yes, then go for it. In that case, even trying may get you some. Otherwise - forget it. You are not going to get any gain or benefit out of such an action. And forget about the author(s) being punished or even getting into mild trouble with the police or justicial apparatus of any country whatsoever.
  • by tlambert (566799) on Sunday April 21, 2013 @03:42AM (#43508227)

    If you have a problem, if no one else can help, and if you can find them, maybe you can hire the A-Team.

  • by CaptainOfSpray (1229754) on Sunday April 21, 2013 @04:09AM (#43508283)
    "I am a lawyer representing a senior banking official in Nigeria, who recently died leaving $10 million untraceable... and I am able to pay you to help me find the rightful heir..."
  • by Anonymous Coward on Sunday April 21, 2013 @04:25AM (#43508307)

    I had a similar experience - my account was emptied of its five GBP of credit.

    I emailed Skype - "there have been fradudent calls, I've changed my password".

    Their reply? (slightly paraphrased)

    "You must have been responsible for the breach, as our security is perfect. We do not refund fraudulent calls due to customer error. We've locked your account, so you'll need to send us proof of ID (passport copy, etc) for it to be unlocked."

    The key problem with this reply is that a *customer* asserting an event is a fraudulent call does not make it a fraudulent call.

    What if they have bugs in their billing software?

    Skype only cared about not issuing compensation. Needless to say, I've never told anyone my skype password and my laptop at the time of the calls was in for repair, where I had removed the SSD drive before sending the unit off. Also needless to say, I've never unlocked that account or spent another cent with Skype. Thankfully, GoogleTalk came out just at the right time. Thank God for choice.

  • Dont get involved. (Score:2, Informative)

    by Anonymous Coward

    The hacker may have been involved in drug smuggling or terrorism or what not. Do not get involved. Be happy you got your Skype account back and move on.

    • Re: (Score:3, Insightful)

      by Psyborgue (699890)
      This. And contact the authorities. Those countries do have a lot of terrorist activity.
  • by mysidia (191772) on Sunday April 21, 2013 @04:46AM (#43508325)

    They're most likely either (1) disconnected numbers, (2) toll numbers that will rack up massive charges, OR (3) Numbers that the thief sold innocent 3rd parties "cheap long distance minutes" to, through fraudulent schemes.

    Don't engage yourself in placing international harassing phone calls to "create havoc" in random people's lives; that would be you committing a crime. ,

    • You can check the phone rates to call many phone numbers that are not a 900 type number. Most likely the account was used to call friends and associates.

      The fees are based on the termination charges of the destination phone number. Use this link to see charges for a typical VOIP provider (Skype carges considerably more than most other VOIP providers)

      http://www.viatalk.com/tools/intrates/ [viatalk.com]
      VIATALK rates given for example. Other providers are similar.

      For rate comparisons, you can compare Diamondcard, VIATALK,

      • A quick check of VIATALK rates to Philippines $0.2693

        Nigeria $0.1905
        Nigeria Cell typical, varies.. $0.1966 - $0.2505

      • by mysidia (191772)

        You can check the phone rates to call many phone numbers that are not a 900 type number. Most likely the account was used to call friends and associates.

        Not all country codes are listed. 8816, for example. And if you don't do your research, you may arrive at an equivalent to 900 number, or destination with ludicrous termination charges.

        The international rate sheets only show you the standard rates for dialing certain countries, but there are destinations that can be $10 to $25 per minute, and it's

  • scamming a scammer (Score:5, Insightful)

    by Tom (822) on Sunday April 21, 2013 @05:00AM (#43508371) Homepage Journal

    Or is it just a waste of time?

    That, at best.

    Old saying: There's always a sucker in a game of poker. Look around the table. If you don't see him, it's you.

    Never play criminals on their home turf. They are doing this for a living, you don't. Guess who's better at the game?

    • You can tie up scammers on their home turf. It is called scam baiting. The scammer gets to spend time and money playing games with your bait instead of victims. I regularly write scammers back. I am most interested in my inheritance of 10.5 million.

      I question my eligibility, write with a fake first name, no last name, and a bait email account with a free US DID phone number. They can email me, text me, call me, etc, while I continue to find out the name of the deceased before I fill out their form to f

      • by geoskd (321194)

        Never send them any money.

        If you're really serious about messing with one of these guys, sending ten bucks can be well worth the money. If you play it right, even that small an amount of money can keep one of these guys hooked for months, wasting huge amounts of time trying to get more. With a little skill you can sometimes even cause them to spend far more than you have sent (certified mailings, long distance charges. Set up a 900 number for them to contact you, etc...). Its just another variation on the gamblers addiction.

      • by Tom (822)

        You can tie up scammers on their home turf.

        You also tie yourself up. Unless you have nothing else to do with your time, it's still a net loss for you.

        • by danaris (525051)

          You can tie up scammers on their home turf.

          You also tie yourself up. Unless you have nothing else to do with your time, it's still a net loss for you.

          Unless you can derive entertainment from it. Then it can pay for itself.

          Dan Aris

  • by symbolset (646467) * on Sunday April 21, 2013 @05:45AM (#43508449) Homepage Journal
    If you knew enough to solve this problem you wouldn't have this problem. Since you don't any attempt is just going to give you more new problems you are unable to resolve until you find yourself clad in latex and wearing a ball gag. Give it up.
  • by Anonymous Coward

    Look on this as hard earned experience to use better passwords in the future.

    The tubes are the wild wild west, and anyone who thinks otherwise is delusional.

    Just move on, and don't waste your time.

    I recall many years ago being hacked by someone. Reformat, learn from the experience, and move on.

  • by LifesABeach (234436) on Sunday April 21, 2013 @10:56AM (#43509409)
    Get a job at the F.B.I., and then go out at night dressed like Batman. The rest I think you can figure out for yourself.
    • by iggymanz (596061)

      my advice was similar, go to the shady part of town at night dressed as batwoman. enough interesting things will then ensue you'll forget all about your hijacked account

  • > "I can see the call history — there are several numbers called in Senegal, Mali, Benin and Philippines."

    Don't bother -- you'll just be hassling some expat's grandma or sister. The account was probably hacked and immediately rented out on the black market. Now, the expat certainly realizes it was hacked, and would deserve it, but the hacker is long gone, probably hundreds of victims down the road already.

    (ring ring)
    "It's Queef calling from America!"
    (answers)
    "Hello?"
    "You asshole hacked my Skype!"

  • I did this (Score:4, Informative)

    by hduff (570443) <{moc.liamg} {ta} {ffudtyoh}> on Sunday April 21, 2013 @11:38AM (#43509655) Homepage Journal

    My cellphone was stolen from my car and then recovered (it was found in the middle of the street). I called the long-distance numbers, pretending that I found the phone and wanted to return it to the owner. The people called (teenagers) were surprisingly helpful and I got the name and local address of the teen that called them who was staying with his uncle. I turned the info over to the police who told me that the loss was actually incurred by the phone company (charges had been refunded) and I was not "harmed" so there were no charges to press, plus the kid could claim that he "found" the phone and did not break into my car. But the detective did talk to the uncle and told me he thought the uncle was going to beat the kid's ass and send him back to Louisiana since the kid had been a problem since he got here. Good enough for me whether true or not since it was all that could really be done.

  • by DigiShaman (671371) on Sunday April 21, 2013 @11:56AM (#43509761) Homepage

    Where you using a weak password or something?? Otherwise, can someone please explain how a Skype account can just get "hijacked". Or was it some undocumented hack/exploit (meaning anyone is vulnerable at random).

    • Yeah, unless you had a terrible password, you should spend your time checking your system for vulnerabilities and/or reinstalling the OS rather than trying to track them down.
  • by Anonymous Coward

    Someone brought a subscription to call Jordan, burned through it (you don't get many minutes to jordan) brought $10 credit, used that, then that was the end of it. Both were debited from my paypal account.

    Skype were horrendously unhelpful, insisting my account hadn't been hacked, but I needed to reset my password multiple times on their insistence anyway, and refused to entertain the idea of a refund because I had allready "used" the credit. Thankfully paypal stumped up the refund, I got some BS boilerplat

  • take a bounty hunter course or something.

  • And not only creepy, but possibly illegal.

You are in a maze of little twisting passages, all alike.

Working...