Comments on: WARNING: Google’s Gmail security failure leaves my business sabotaged

By: Mark

Mark — Mon, 08 Mar 2010 09:14:57 +0000

Oh, man. My heart goes out to you, David. So crazy frustrating! My brother has just had his gmail account hacked this evening, which is why I came across your blog post.

Thank you for telling your story. Best of luck.

By: g davis

g davis — Sat, 27 Feb 2010 19:20:58 +0000

You may have already tracked the IP address.
If not, it appears to be located at
2092 West Commercial Blvd in Ft Lauderdale, FL., which is the address of the City College. Your hacker is/was likely a student there. The IT administrator may be of some help in tracking activity on the schools computers on the days your site was hacked, and tracking it back to the ID of the student logged into the computer.

The Ft Lauderdale police may be of assistance in that investigation. Noteworthy is that the Patriot Act now covers identity theft as a spin-off terrorism act, so the FBI can investigate. It appears the hacker was not a native speaker of English, so he will be at risk.

I would suggest contacting the Ft Lauderdale Police and initiating an identity theft report. Provide them the IP address(es) you have connected to the hacker and that will not only validate the location, but also the id number of the computer used. All you have to do is provide dates/times of the hacking and the school’s IT administrator can tell you who was logged onto that computer at that time. The police/FBI will arrest him based on your complaint.

I’ve had my own hacking incident, related to Google. Tracked them to Lagos, Nigeria, and to London. I passed the info to the FBI and British law enforcement.

I am tempted to fly to Lagos since I have a satellite image of the house of the hacker. Perhaps I can stop by and visit him.

By: Winthan

Winthan — Fri, 19 Feb 2010 18:01:16 +0000

As far as I think, your account has been hacked when you are in India, you logined your email account in the cyber cafe where internet cafe operator/hackers already setuped with keylogger. Your informations/keylog were stored whenever you did typed in that cafe. So that’s why you lost your password of Gmail.

Becareful, I am sure that 30% of internet cafe were setup with keylogger in India. Those setup was especially by Opreators or Hackers in there. Since you are foreginer in that place, that guy tried to get some dollars form you.

And he might use VPN network for IP masking to send fake request for information, so nobody can’t trace where he is acutally from. But i belive that he is from India. I can sure say that his emails address names are derived from India’s name.

Becareful next time, when you go and sit in internet cafe in India where you can’t trust!

By: Martin

Martin — Thu, 18 Feb 2010 11:20:41 +0000

Hi David,

Just though I would contribute to this already extensive list and hopefully drive some more traffic your way. Congrats on sticking to guns and not giving in to this slimy coward and thanks for exposing the issue.

I am well into the Google cloud and like their product’s simplicity and decentralisation – and I was aware of the potential privacy issues but had no idea how far it could go.

For some time now I have made it a point of labelling or titling no emails or online docs with names such as password, etc and generally keep such info offline. But you never know…

Good luck and good work,

MKT

By: David Airey

David Airey — Wed, 17 Feb 2010 10:31:32 +0000

Hello John, the domain transfer was initiated on the exact day I left the UK, before I had arrived in India, or used an internet cafe, so a keylogger wasn’t the cause.

By: John L

John L — Wed, 17 Feb 2010 00:44:58 +0000

First mistake, you used internet cafes. I don’t think you were “hacked.” You probably used a computer with a keylogger or didn’t log out. Don’t type in your passwords in internet cafes people!

By: Kathy

Kathy — Tue, 09 Feb 2010 16:51:19 +0000

David, I am not so tech savy to give you instructions to help you solve your problem with this bum. But, anytime that your privacy is invaded, it is devastating to say the least. I am with you in the respect that it’s the principal of the thing. Not the $650. I would rather pay an attorney what he wants to help you, than to let this piece of crap get his jolleys and your money. Never, never give in to the wrong, or you will be as wrong as they are. Take the high road, take him to court, it is the PRINCIPAL that counts here. You spent your time, money, and put your heart into your WebPage and this jerk thought it was his right to take it from you. When it comes to the internet, there is money to be made, and livliehoods to prosper, but there are thieves, cons, crooks of all kinds and sizes that sit up nights trying to figure ways to screw someone without kissing them first. This guy is low-down, pond scum and he deserves everything a Court of Law can and will do to him. If he’s a smart man (woman , they’re pond scum too) he will pay you not to take it to court. Punitative damages will be way more than what he wanted from you. He’s an idiot if he thinks that an honest, hard-working man would pay to get something back that he stole. If I were you, (and I know that I’m not) I’d tell him, “See you in Court ASSHOLE”. The damage he has done, is not reversable just because he gives you the domain name back, it’s more than that. The security you had in your site is gone now. What else could he have attached to you in this process? Not only were there personal e-mails, but I would be leary of just how much information he had gleaned from his little “takeover”. There is so much information we put of ourselves (without thinking) out there in e-mails and business operations that a fairly intelligent fool could grasp onto.Take the SCUMBAG to court, hold your head up and tell him, “you’ve stolen it, you have it, so just hang on buddy, I’m going to take your thieving ass for a ride, and see you when the Judge sees you. No Deals. No Buying back what was already mine, just going to take from you from here on out.” Good Luck David. I am from Mississippi, and I am ashamed that the idiot that did this to you is from my state. This is a wonderful state, and people like him give us a bad name. He must be one of those “HICKS” that people from other states say live here. It’s certainly not full of Hicks, but there are some in Mississippi that would rather steal from an innocent person, than to go to work every day and take care of his own “Rat Catching”. Well, I certinly hope that you give this RAT what he has coming to him. Jail would be too good for him. I think a judge should demand punative damages to you, accumulated like interest for every day this scum has done this to you. No time off for good behavior. Best thing for you, is the right thing——ALWAYS. Maybe a judge would even let you havehim in tight quarters, alone for about 24 hours along with the punative damages, and let you take care of the rest. Once you beat the ever-loving crap out of him, maybe he’d think twice before doing this to someone else. Good Luck and I’ll be praying for you and that it all turns out to your betterment.

By: ralph

ralph — Sat, 06 Feb 2010 00:22:03 +0000

Why don’t you get all the info together and bring it to the police fraud division and request them to find out who the hacker is-maybe even offer to pay him if necessary through the third party so they can track who he is? If that doesn’t work hire a good hacker in a pay for success basis and have him get your domain back or track who has it.

By: David Airey

David Airey — Fri, 05 Feb 2010 12:35:26 +0000

Faisal, sorry to learn these malicious filters are still being uncovered in Gmail. I’m glad my story helped, though.

Jan, you’re very welcome. That sounds like a good option to choose with your domain registrar, perhaps with some sort of time delay if you want to reverse the decision.

By: Jan Fredriksson

Jan Fredriksson — Thu, 04 Feb 2010 11:30:44 +0000

First, thanks for standing up to these low life! Really good to see!

Also thanks for posting your story. Your article really made me thoughtful, not just about Gmail, but domain theft in general. I just checked, at my registrar I can set an option to refuse any transferrals from other registrars. This makes things a little harder for doman thives.