Someones trying to hijack my accounts

[Baron1]

okay well it all started around 1 week ago, with my dads yahoo account. He got that typical spam virus which sends out links to all your contacts etc. I changed his password the next day and it was okay. After a week, yesterday my dads yahoo id got hijacked. The secondary id he had given was changed. We are currently in the UK, and since he uses his yahoo mail id for business purposes, we phoned yahoo USA and got aces to the account again within 20 mins or so.

I noted down the Ip from the recent login activity

110.36.101.251 (Pakistan)

Today again the same thing happened, someone changed the password of my dads email account, and the secondary email as well. I phoned yahoo usa and got access again within 20 mins. Thinking it might be his ooffice computer that has some spyware in it, i tell the yahoo guys to add my gmail address as the secondary email. Dads account works okay

I noted down the IP address from the recent login activity:

​

110.36.99.0 (Pakistan)

other one was my own IP in UK

Within 10-15 mins or so, i switch on my laptop and BAM my account doesnt open!! I am one of those guys who knows the typical phisishing tactics used by ppl so it shocked me that how my account could be compromised, and that too within 10 minutes of giving my email id as the secondary account to my fathers id. My secret question had been changed, my phone number (for sms verification) had also been changed along with mt secondary email id. I filled in the google inquiry form stating 5 emails, 5 folders, and secret question and answer and i was able to regain control within 20 minutes after it was hacked.

Now that i had control over my inbox, i checked the sent items, and trash and was shocked to see the yahoo emails in the trash can which had been sent frm my dads email id and were saying his password was changed. I tried logging in and it had been hacked a 3rd time ! Anyway heres where it gets interesting, i found the same IP also acessing my gmail id :

110.36.99.0 (Pakistan)

I left my fathers account as i didnt want mine to be hacked again, changed my secret question, phone number, and secndary email ids back to normal and also switched on 2 step verifcation on my account.

It has been 4 hours now i have tried and have been able to acess my fathers account by answering the secret questions. I have now changed both of them and put a strong alphanumeric password.

I got a friend to trace the IP using linux and he gave me the following information:

% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html


inetnum: 110.36.0.0 - 110.39.255.255
netname: WATEEN-TEL
descr: National WiMAX/IMS environment
country: PK
admin-c: NA66-AP
tech-c: NA66-AP
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20090224
mnt-by: APNIC-HM
mnt-lower: MAINT-PK-WATEEN
mnt-routes: MAINT-PK-WATEEN
status: ALLOCATED PORTABLE
changed: [email protected] 20100309
source: APNIC


route: 110.36.96.0/20
descr: Central DNS
origin: AS38264
mnt-by: MAINT-PK-WATEEN
changed: [email protected] 20090228
source: APNIC


role: Network Admin
address: 4th Floor, New Auriga, Main Boulevard, Gulberg, Lahore,
country: PK
phone: +9242-111191919
e-mail: [email protected]
e-mail: [email protected]
admin-c: UK42-AP
tech-c: UK42-AP
nic-hdl: NA66-AP
mnt-by: MAINT-PK-WATEEN
changed: [email protected] 20080225
changed: [email protected] 20100309
source: APNIC

According to him it might be the network admin Mr Umer Khan himself, or someone else, the traffic may just be routing through him and he might just be the supervisor.

he also gave me a user name as well :

WimaxUser36101-251.wateen.net

saying this person might also be behind it.

IS THERE ANY WAY TO STOP THIS ?? Will phoning wateen up frm here in the uk and asking who is behind 'WimaxUser36101-251.wateen.net' do any good ?


i mean my dads machine could be infected (i will check that out tomorrow and do a scan), BUT how did he get into my account ??

I know its a long post, but i will appreciate your comments

---------- Post added at 05:50 AM ---------- Previous post was at 05:48 AM ----------

Oh and i dont know if it was google or the guy that hacked my account but my google plus profile has also been deleted

 

[waleed3601]

you should definitely call up wateen, OR you could ask a PG Lahoree to go and make Mr Umer KHAN confess.

 

[TheBrokenMan]

I would say call up wateen, if he is an employee you can actually sue the company for the admins actions. Doing such things is illegal and considering this guy is working for an ISP I would say they wouldn't hesitate a minute to fire his ass if it means saving their company from the spotlight of shame. Seriously though what is SOOO special about your dad's account that this guy is FIXED on hacking it time and time and time again? Is your father some sort of a millionaire or philanthropist?

ALSO have you made sure of no spyware / keylogger / malware / adware etc is installed on your PC? When my brothers first started off the internet they installed a ton of malware / adware and spyware (it was an age of when World call first launched and we were on a 64k line so don't be harsh ) but in the end I ended up losing my hotmail but since I never cared for hotmail since I found gmail a month earlier I never bothered recovering it. and when I got my Gmail did I start using my PC wisely and clear out all the potential software from stealing my gmail and educated my brothers on what to and what not to download off the internet. Maybe your Dad saw one of those " Free flash games" or "Free HD wallpaper for your Windows 7" ads and went to them or something and he entered his email address at an unsafe site.

 

[wfsoomro]

Whoever the guy is .... MAN he is good

 

[Serious Sam]

He/She is good. No shadow of doubt there.

OP now... what is your fathers line of work?

 

[michaelkane]

always use Gmail its with https secure servers

 

[waleed3601]

^so is hotmail

 

[AlienX]

What a shameful act. Definitely call Wateen and literally run over them and threaten them. The person has to be caught. Also there is Cyber Crime thing in Pk too, you may want to give them information also. Good Luck.

 

[b16t]

You have a trojan i believe. Either you're being keylogged or you he may even be watching your desktop.

 

[Baron1]

my father has a travel agency, both here and in Pakistan, we recently all moved from Pakistan to the UK. as for trojans yeah my fathers machine might be infected, but theres nothing wrong with my machine, i even installed norton internet security on top of microsoft security essentials last night, nothing showed up.

 

[Anique]

Check your pc if it is bugged. check your router as well.
That will seriously help you in determining the reason the account keeps getting hacked. And it will further strengthen your case. And confirm that this guy is behind all the activities. Then go after this guy with full force.
You don't want an innocent guy to loose his job. But we need black sheep to be slaughtered.

 

[Pink PanthEr]

wipe clean your hdd and reinstall windows,just to be on the safe side and of cource dont forget to backup your important data and scan it with atleast 3 different antivirus softwares before you access it again

 

[Anique]

check your network and kudos to you for going the last mile

 

[Baron1]

The thing thats bothering me is why from PAKISTAN, we recently moved from there, i mean if it was someone frm around the world it would not have been an issue, but why is someone from PAKISTAN doing it, i cant think of someone known to us who would want to do that.

 

[rAXv2]

If you have time do 3 pass 0, or if u not then 1 pass 0 on your hdd, install msdn windows image and use avg business edition as security...

 

[Baron1]

I phoned wateen, as usual crappy response that you get with these sort of companies. They took both the IP addresses then told me to register a complaint with FIA. I spent a good 15 mins or so with them on the phone asking them to give me some information or location but no. Anyway i phoned FIA, but got no response.

Now i have just called London Police Cyber crimes office, and have given them the 2 ips. They will get back to me in 22 hours.

 

[AbbY]

The IPs you provided show me they are from RawalPindi. I can get the exact location of the host if you want. It may be possible that it is being routed through RWP on the same line but I doubt it highly. I don't think thats even possible. Best to check with Wateen.

And apart from the one you've mentioned, WimaxUser36990.wateen.net this also is showing up. On the 99.0 wala IP.


Hope your accounts are back and safe again !

 

[Baron1]

got access to both accounts, someone tried to send the password reset email again at 8.43am this morning (UK time). But didnt get any further than that.

 

[wfsoomro]

Man this really sucks someone really is after your IDs. Hope the cyber crime cell finds your guy.!