Hackers targeting Jews

Posted: May 31st, 2010 | Author: | Filed under: Chitchat | 12 Comments »

This morning, a family member’s gmail account was hacked. This, in and of itself, is not particularly newsworthy. I had an old hotmail account hacked a few months ago that was using a simple password; someone probably brute forced it. My account was just used to send out lame V1AGRA ads.

On its face, this one wasn’t much different. The hacker used the account to send this to everyone in the contact list:

Hello,

I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now,I’m stuck in London UK with family right now,we came down here on vacation ,we were robbed, the situation seems worse as bags,cash ,credit cards and cell phone were stolen at GUN POINT, It’s such a crazy experience for us,we need help flying back home, the authorities are not being 100% supportive but the good thing is that we still have our passport but don’t have enough money to get our flight ticket back home, please I need you to loan me some money(1000GBP) but I will appreciate any amount you can help with,B’H I will reimburse you as soon as I’m back home, I promise

I helped with the password change and recommended Lastpass, the helpful (if ugly) service I started using after it happened to me.  But this kept nagging at me.  First, the spammer was far more malicious than the one who hit me.  Instead of shilling sketchy blue Bob Dole enhancers, this was was an actual thief.  Second, the con had surreptitiously changed the gmail settings so that all future emails would be forwarded to a hotmail address, then deleted – a very personal invasion.  Third, they deleted all of the contacts stored in the account – probably to make it harder to notify people and prevent them from being warned, but a cruel thing to do nonetheless.

So something drew me back, and I read the email one more time.

B’H?

This is not something you see in your typical Nigerian con.

The mark B”H is an abbreviation for a phrase that means, roughly, “Blessed is the name”.  Some orthodox Jews use it regularly in every email at the beginning; it can also be used as one might say “Thank G-d” in conversation.

2% of the US population is Jewish.  0.2% of the world population is Jewish.  This is a seriously weird thing to put in an email designed to part people with their money.

Unless, that is, you know in advance that those people are Jewish.  Then it’s a pretty cunning way to get the recipient to overlook the fact that your grammar is terrible, your story is hard to believe, and you can’t really corroborate your story with any details.

It’s hard to brute force passwords, but you usually start with a list of usernames drawn from public spaces.  How do you decide which usernames to attack?  Perhaps you start by screening for Jewish last names…

Has anyone seen or heard of anything like this?

(You might want to subscribe or follow me on Twitter so you don’t miss new articles)


  • http://www.bonanzle.com Bill Harding

    The degree of specificity is definitely weirdola. That said, in the last three months, pretty much every one of the few friends I know who still use Hotmail or Yahoo Mail have had their accounts hacked. I don’t know if some master password list got released or what, but given the regularity with which I’ve seen this happen lately (excluding Gmail) it seems that something is up.

    Then again, maybe what’s up is that all my friends pick lame passwords and Hotmail/Yahoo have crappy detection programs for catching brute force bots.

  • http://www.bonanzle.com Bill Harding

    The degree of specificity is definitely weirdola. That said, in the last three months, pretty much every one of the few friends I know who still use Hotmail or Yahoo Mail have had their accounts hacked. I don’t know if some master password list got released or what, but given the regularity with which I’ve seen this happen lately (excluding Gmail) it seems that something is up.

    Then again, maybe what’s up is that all my friends pick lame passwords and Hotmail/Yahoo have crappy detection programs for catching brute force bots.

  • Jonathan S

    My aunt. An Irish Catholic. Sent me the same email.

  • http://www.danshapiro.com/blog Dan Shapiro

    Is her first name, last name, or email address something that might be mistaken for being “Jewish”? And did it have the “B'H” in it?

  • Jonathan S

    My aunt. An Irish Catholic. Sent me the same email.

  • http://www.danshapiro.com/blog Dan Shapiro

    Is her first name, last name, or email address something that might be mistaken for being “Jewish”? And did it have the “B'H” in it?

  • http://myindigolives.wordpress.com/ Ellie K

    Dan, I can give you some further information, and would appreciate your input as well. Go to the home page of either of my sites, and look at the image in the upper right corner, that might confirm your post's conjecture (am trying to be oblique, sorry, I lack finesse). And yes, taking over the account, then deletion of all contacts, and of emails already present in the Inbox, is particularly cruel.

  • http://www.danshapiro.com/blog Dan Shapiro

    “am trying to be oblique”
    Success! But I get your point. And sorry it happened to you as well…

  • http://myindigolives.wordpress.com/ Ellie K

    I have their IP addresses taken by screen shot from Google update. They sent out a bunch of Nigerian BS emails from my account, and also hacked the passwords of my Yahoo accounts that were reference accounts for Gmail. Unfortunately, having no gmail meant no access to my developer groups, my blog, my AdSense account (which had less than a $1, cause no one reads my blogs. But I had all my credit card info saved on Google Checkout, which wasn't messed with. And Google wouldn't restore my account to me, despite the fact that they had the Nigerian IP numbers, and I've been in Arizona every time I've used Gmail or a Google account. It was wicked difficult regaining control of my account.

    The text of the letter that my family and a few others received was IDENTICAL to what you had above (well almost. there were two versions actually, one requested money, the other didn't but the location of the event was the same, similar scenario of woe, hostile hotel manager etc) I'm scared now though that if they did it once, they can do it again. Don't know the motivation, as they didn't try to steal from me when they could've. But I'm being innundated with Nigerian spam scam, and I wanted to ask you what Lastpass is, tho I could Google it.

    If this is too much detail, or I'm imposing, I understand. But I was shocked to read of my own recent experience in your blog, of all places. I'll delete this post, assuming I can, or would ask that you do so, as I don't want it lingering around here, and I didn't know of any other way of contacting you. (I didn't think you'd be receptive if I were to start following you unannounced on Twitter, particularly after seeing your Twitter process flow chart, which I did enjoy, btw.)

  • http://www.danshapiro.com/blog Dan Shapiro

    You can find lastpass at http://www.lastpass.com. It makes it easy to generate and store passwords that are virtually impossible for hackers to crack.

    And I welcome followers! I may not follow you back, but don't take it personally. :)

  • traintalk

    Yep. Same thing. Have a look at:
    example of apparent “Turkish” email sting (עוקץ) in the wild (dated July 23)
    http://rockofgalilee.blogspot.com/2010/07/example-of-apparent-turkish-email-hook.html

  • R_arye

    Our commonity Rabbie’s Gmail was hacked the same way. Few people even tried to send him money…