Home Forums Networks & Cross-Platform Networking Two of my yahoo accounts have been hacked

Two of my yahoo accounts have been hacked on 23rd April, one from the Philippines the other from Brazil. Yahoo told me about the first one while I was on Gmail (having that yahoo account as a back-up there); the other I found out when I had an email "from" myself into my business account.

I have changed the passwords on both.

What I don't get is, why? Why do they do this? From where I sit it is just pointless and irritating.

1. Because they can
2. To exploit any data they obtain for personal gain (ie. money)
3. To use your accounts to distribute spam and malware
4. To disguise their own activity on the web from authorities
5. For unknown reasons they have a grudge against you and/or your company
6. Because it is easier to hack your accounts than it is for them to get their own because they have been blocked by yahoo
7. To thumb their noses at Yahoo
8. To irritate you
9. Just for the &*^^ of it
10. They have nothing better to do
11. Some of the above
12. All of the above
13. None of the above

The most likely answer(s) probably involve their own monetary gain in some way shape or fashion.

Actually, the answer is the same as why most hackers do anything (write computer viruses, hack Web sites, you name it): Money.

Lots and lots and lots of money. Malware, viruses, and hacking nets literally tens of millions of dollars a year, primarily for Eastern European organized crime, where it has become one of the biggest moneymakers (ahead of traditional enterprises like drugs, prostitution, and extortion).

Gmail and Yahoo email accounts are valuable because once they are hacked, which is usually done by automated tools run from virus-infected PCs, the lists of hacked accounts are sold to spammers.

The job of spammers is getting more difficult. Almost no ISP left in the world will permit spammers to send spam through their mail servers. Botnets--networks of virus-infected computers--are remotely controlled and turned into spam relays for the bulk of spam, but it's getting harder and harder to deliver spam from infected computers any more.

One of the big tools in the anti-spam arsenal is Sender Policy Framework (SPF). It helps block spam by detecting whether or not an email has forged or "spoofed" headers. The emails that are sent out from virus-infected computers generally do.

But Google, Yahoo, and other "big" email providers are well-known and trusted by most mail systems. Their servers include SPF validation information inside every email that is sent. If you can hack someone's Gmail or Yahoo account and use it to send spam, the spam will pass the SPF checks that anti-spam software uses with flying colors. Eventually, Google and Yahoo will detect that the account is sending spam and disable it, but by then you've already sent out a bunch...and it has a much, MUCH higher chance of getting through spam filters than spam sent in other ways does! Spammers buy lists of hacked Yahoo addresses in blocks. When one account is shut down, they automatically move on to the next.

Additionally, Yahoo and Gmail addresses offer another benefit to spammers. They can harvest the accounts to get all the owner's contacts. Most of the owner's contacts have probably whitelisted the owner and/or will know the owner and read any email that comes from that address, so the spammers can harvest those contacts, send spam to the contacts, and know that there is nearly a 100% chance the spam will get through.

In this case, is it helpful to sent the email to the ISP with an expanded header or is it already too late?

My ISP has an address for customers to forward spam or phish emails and the ISP asks that the customer send with the header expanded. I have followed that protocol whenever I got either type of email assuming that, whoever the culprit is, the additional header information assists in detecting the originators.

If an email account is hacked, the originating sender will be the ISP that was hacked. For example, if your have a Yahoo address hacked, the originating sender will be Yahoo, which is why Yahoo accounts are valuable to spammers.

Sending spam to your ISP isn't very useful. It's better to use a service like Spamcop.net, which will send spam reports to the ISP responsible for the spam.