10

I believed that someone had hacked my Gmail because they were using information contained within my emails in an attempt to try to convince me that they were psychic. I told them that I didn't believe that they were psychic and knew they could only have obtained this information from reading my emails. I've not spoken to them since then, which was over a year ago. However, they have continued accessing my emails and they've been covering their tracks until recently. Recently, they've been forgetting to mark the emails they've read as unread after reading them, so when I loged in my new emails have already been read. Is there a way to prove that my Gmail has been hacked and file a police report especially being that I've already revoked access from devices and IP's that weren't mine?

This person is a self-professed hacker. When I told them that I knew they had accessed my emails they told me exactly how they had used a key logger back when we were working together to gain access to my account. My computer is secure now. All I need is to know now is how I can get information to file a police report.

Note: I don't have an account. I'm a public figure and I choose to be anonymous for a very good reason. Please stop removing my edits.

Tobias Kienzler
  • 7,658
  • 11
  • 43
  • 68
user80655
  • 125
  • 1
  • 1
  • 3

3 Answers3

41

First things first, change your password and make sure the new password is secure (10+ characters, a number somewhere other than the last character, a capital somewhere other than the first character, not an iteration on your past password, etc). This is good to do periodically anyway.

GMail has tools for seeking suspicious account activity. Specifically, look at your recent security events, which should list all of your active logins plus all logins from the last four weeks, including locations and browser fingerprints (e.g. one of them will say "CURRENT DEVICE" to represent your browser right now. Are there others?).

Be wary about future attempts to obtain your credentials (somebody using your computer while you're logged in, a key logger, malware on your computer, or a phishing attack).

Adam Katz
  • 10,418
  • 2
  • 22
  • 48
  • 44
    And ALWAYS turn on 2-factor authentication for cloud services that offer it and that you value. – Julian Knight Jul 09 '15 at 21:02
  • 4
    I can't link it, but at the bottom of your inbox view is some "Last account activity" info, including a "Details" link. This is more informative than the links I noted above, including the ability to boot all other web sessions. **Press that button** and review your recent activity. – Adam Katz Jul 09 '15 at 21:18
  • 1
    A warning about 2-factor authentication: it requires your phone number, which links your account to your credit cards and thus makes you more traceable and will give you [more targeted ads](https://youtu.be/pbF0sVdOjRw?t=12m43s "re:publica 2015 - Mikko Hypponen: Is our online future worth sacrificing our privacy and security? - watch from 12:42 and on") (watch from 12:42). Though it's definitely more secure, too. – Adam Katz Jul 10 '15 at 03:58
  • 13
    @AdamKatz why would a phone number be linked to a credit card? – user2813274 Jul 10 '15 at 05:51
  • A good point about giving more information away. For some, this might indeed be an issue. Personally, my phone # gets used in many places and we have rules about privacy in Britain so the problem is manageable. I consider that risk lower than loosing control of some key cloud services. – Julian Knight Jul 10 '15 at 07:16
  • 3
    While changing the password is the first thing to do here, I disagree with this answer stating that the op should use number and capital in his/her password. It makes them harder to remember and not more secure. Consider using a "diceware password" instead (a sequence of 7 randomly and independently choosen words, among a public list of 7776 words): http://world.std.com/~reinhold/diceware.html – Tom Cornebize Jul 10 '15 at 07:39
  • 3
    I can search for the related question: But there is no real sense in using a "super secure" password with a trustworthy service such as gmail. There DB is not likely to get hacked, so the attacker will not easily gain a hash. So he has two options 1. keylogger/phishing (Then the strength matter ZERO) - 2. Brute force on the service (Is usually blocked after X attempts, and secured otherwise). So your password only has to be good enough for about a 1/100.000 chance. So three random words is more than enough and easy to remember! – Falco Jul 10 '15 at 08:45
  • @JulianKnight I liked Gmails 2-factor authentication until recently when I lost my phone. Tried to go through the whole "lost my phone" process and it wouldn't let me because I couldn't authenticate through my phone... Not the most intuitive recovery process. – Howdy_McGee Jul 10 '15 at 13:38
  • @Howdy_McGee: Ah, yes the lost token problem. I expect we will get used to that eventually but it is very easy to miss unintended consequences of process changes. If you are going for 2FA, try to make sure that you have a spare token of some kind or that there is an alternative process available. – Julian Knight Jul 10 '15 at 16:32
  • 1
    @Falco: "DB is not likely to get hacked" - I'm afraid I'd have to disagree strongly there. Time and again we see hacked user databases leaking all over the internet. Ref the recent US government debacle that they now estimate may have exposed the identities of >20 MILLION people! You can **never** know what vulnerabilities exist in cloud services. Look for services that have many different certifications, don't assume. – Julian Knight Jul 10 '15 at 16:35
  • After changing your password, make sure you logout of all active sessions. – Jared Burrows Jul 10 '15 at 16:38
  • @TomCornebize, diceware is another way to make a secure password (see the [discussion on xkcd's Password Strength comic](https://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase/)). The general rule of thumb for words is that a word is worth 2-3 characters, so four words is worth 8-12 chars. Want an even more secure passphrase? Make one of those "words" a traditional complex passcode. Just make sure the server doesn't truncate your password or it will be trivially weak! – Adam Katz Jul 10 '15 at 17:32
  • 1
    @user2813274, this is how credit card analytics work; phone numbers are a pretty good unique identifier and aren't as taboo as SSNs (which aren't even universal). Watch the YouTube video I linked, it has F-Secure's Mikko Hypponen explain it all. – Adam Katz Jul 10 '15 at 17:38
2

First, check the Account Activity Details link at the bottom of the webpage. Second, re-secure your account (change password, add 2-factor authentication,...)

This question deals with a similar situation of needing to re-secure a gmail account and check for unwanted access: Fell for phishing scam. Is my gmail account with 2-step verification vulnerable?

ztk
  • 2,247
  • 13
  • 22
1

Proving someone that you suspect is responsible for hacking your google account is not only incredibly difficult not only for you gathering the information but difficult for any authority to follow up on it. Protecting yourself and your account should be your priority. Make sure you are using SSL for encryption and check out S/MIME as well.

However, if you do want to chase the rabbit down that hole. You could start by keeping an eye on IP tracker google provides for accessing your account. You could even put an image (web sites use a single pixel) within your email that is hosted on a server you have access to. If anyone reads your sent emails without disabling the images you can get their IP that way. You could even send yourself a zipped up piece of malware for your intruder to download.

Some of the trickery with pointing fingers at someone is, anyone can spoof anyone’s IP address. They could be getting that information directly from the online account, or having it sent to them via IMAP / POP. The latter of the two can use a separate application password as well. Not only that but, they could be getting that information another way, I.e MITM attacks which doesn’t require accessing your google account.

Theologin
  • 141
  • 3