I have good reason to believe someone has hacked into my Gmail. But none of the usual signs are there, and unless Gmail gives me more than the last ten ISPs, I am not going to be able to use their tools to detect it.
Please don’t think I’m asking people to describe how to do it here. Just is it possible and what would it take to detect if it had been done?
I tried searching but it says I have to wait two minutes in between searches, and so if anyone can post links to prior topics let me know.
I do have a lawyer involved and am in the process of getting law enforcement involved too. I just don’t know if they would even know.
Yes, it’s possible if the password’s been guessed, but unless you can see enough IP addresses to find ones that don’t match known legitimate users, you can’t really detect it unless they do something dumb like send or receive new email or move or delete existing email. From what you’ve already posted, the answer seems to be that you already know the best ways you have to detect intrusion, and Google isn’t giving you enough to go on to prove it.
Now you should change the password on the account and watch the list of IP addresses closely to see if they guess the new one. Or, if you want to catch them more than you want secure email on that account, don’t change the password and see if they come back.
Google indexes these boards; use site:boards.straightdope.com in a Google search to limit search results to these boards. Google results are typically full of archive-mode threads, but they’re good.
What “usual signs” are you looking for?
Top right, click on your email address, then the Account link. On the Security tab there’s a Recent Activity section that will list the location and IP of recent logins.
While you’re in the Security section, enable 2-step Verification.
#1 the average police department knows little about this type of activity.
#2 Lawyers may understand the legalities but not the implementation (except for maybe Bricker who is a very tech saavy lawyer.
The magic question is what leads you to believe you are being “hacked” to isolate where the issue may be coming from. I dislike the term hacked for this type of situation. if you are really dealing with someone capable of kicking in the front door at gmail the cops will probably be worthless. Far more of these situations are spouses or S/O’s wielding monitoring tools.
I googled it and there are supposedly programs you can use to get Gmail to send you someone’s password.
It’s not someone who has access to any of my devices.
It’s someone who has knowledge of things they would only get from my email.
Drachillix what would you call it if not hacked?
There are programs and tutorials that claim to do all sorts of magical hacking things, but most of them don’t work or are exaggerated.
Have you checked the list of recent logins in Gmail’s security section? Does it go far enough back to cover the period in question?
The explanation is probably far simpler than you are imagining. Most “hacking” is social engineering.
Does this someone have any other meaningful access to your life, a co-worker, a spouse, boyfriend/girlfriend, child. Folks like that often know enough about you to guess passwords or answer security questions.
I tend to only use the word hacking when it involves defeating account security by exploiting the underlying software, hardware, or systems. Unless you are talking about someone with massive amounts of experience in systems penetration, this person did not “hack” you.
What kind of programs are these that can magically coax out a google password without a phishing attempt or physical access to the targets computer/mobile devices?
It doesn’t go back far enough and the person would literally have no way of guessing the password.
If you prefer not to discuss it openly, please PM me. I have been involved in dozens of situations like this and there is usually a simple explanation once we understand their relationship to you and how they might access your stuff.
The stuff in your email account was sent to and from other people. It’s likely the “hacker” got the information from one of them. Most likely in a simple way, such as careless forwarding or crude social engineering (pretending to be someone else and sending an email, “can you forward me a copy of the Anderson contract?”). Or it was a bluff. Or they found a printed copy. Without context I can only guess.
Your password is probably not as secure as you think. If you didn’t change it immediately on suspecting a compromise, it’s definitely not as secure as you think. Regardless of everything else you should change it and enable 2-step verification.
Well these people aren’t exactly the brightest bulbs in the box so I’m thinking they had a lot of help.
I was just wondering if there was some easy explanation maybe.
Now if I could just get them to focus on their own lives…is there a way to hack into their brains and make them stop obsessing and being jealous? That would be nice.
Since this a real-life legal question, we prefer it to be in IMHO. Moved from General Questions.
samclem, moderator
After changing passwords and enabling 2-step
send an email to yourself from one of those gag email services so that it looks like someone else your mystery person knows, preferably something obnoxious that the mystery person will have a hard time ignoring. (examples available if needed).
Sorry about posting in wrong section.
That’s a good idea. Put some bait out and see if gets taken.
Why not ???
Isn’t that enough ? I can’t understand… what do you do in a day that sees you fill that list with your own activity ?
If you are making this mistake, then I suspect its all a mistake… What makes you think there is a hacker reading your email anyway ?
That said, there doesn’t have to be a way for you to see a hacker… they could be making a connection straight to the database and talking sql directly with it… breaching gmail security rather than tricking gmail security by breaching the security of your password.
Hacking gmail’s database is a hundred times less likely than guessing amorali’s passwords or getting the info from whoever she was talking to. Hacking gmail without Google noticing it is not something that a couple of “dim bulbs” could pull off.
amorali - have you changed your password and turned on 2-step authentication yet? That’s really good advice.
Use a password generation tool like the ones included with LastPass or Roboform to give you a string of 16-20 characters, mixed alphanumeric with both upper and lower case.
Also, if you really think you were hacked via a computer program, have you run malware detction software like Malwarebytes or Hijack This? Think seriously about reformatting your hard drive and reinstalling your programs.
Thank you everyone, I am sorry I have to be so cryptic on here.
I suspected this was happening months and months ago but I had no way to prove it. It’s kind of funny because I have left some bait that they took and it tipped me off even more. I have also posted some bizarre things trying to give them more bait but I guess they thought that part would be too obvious?
I’m thinking now they guessed the password. So I appreciate all your help. I guess I can’t see all the log in from months ago, correct?
Does anyone know anyone who subpoenaed their Gmail activity successfully?
Google reports regularly on legal and government requests for data.
You’re almost certainly overcomplicating things and barking up the wrong tree. Change your password and enable 2-step. That will rule out the possibility that someone is silently logging into your account. You should have done that months ago - the Recent Activity page even recommends doing that, right at the top, if you notice anything suspicious.
It’s far more likely that this person has been learning things by more mundane means. Someone you’re corresponding with is accidentally or deliberately passing on the information. Or they’ve been bluffing and you’re reading too much into it.
Sending your lawyer into bat against Google will be a very expensive way of learning what you already know.