Anatomy of Hacked Emails


Email hacking have always been a problem since the days when email began. The common attitude for handling a hacked email account to most people are to shrug their shoulders and try to recover from the hacked email or otherwise walk away from the hacked email and create yet another email account and redistribute one's new identity.

The impact of hacked email accounts can range from simple mischief to catastrophic identity theft or something much bigger than just stealing identities or learning one's secrets in the emails. Before we delve into discovering the impacts of hacked email accounts, we have to know what are emails usually used for and what are their general contents. The primary role of most email accounts are used as personal contact and identification to whoever they want to have a relationship with. In simple, an email account is as good as a mapped relationship environment and that is the amount of wealth of information about the people who are in contact with the email account owner.

Emails may also be used as notes to oneself which in a way acts as a stick-it note or a notepad of sorts. Precious personal information ranging from account PINs or passwords can be found in such emails which we will touch on later in the topic. Personal notes may contain sensitive personal information that have the chance of not only compromising personal security and privacy but also the security and privacy and security of other people whom you might have associated in the notes. The calendaring features and note-taking features that many modern Webmails (web-based emails like GMail, Yahoo or Hotmail) provide (if compromised) can turn out to be a rich harvest of personal and sometimes even secret information of the owner of the email and those associated.

Sensitive security authentication codes for websites (even Email based 2 Factor Authentication Codes) or acknowledgement codes are usually sent to the email account and a compromised email account would spill it's guts full of security codes, acknowledge codes, user PINs and passwords and what not. Most people do not update their PINs or passwords found in their email messages either due to pure user laziness, little knowledge of Computer Security via ignorance of sorts or the websites or applications in-regards to the login PINs or passwords do not provide some form of changing of the PINs or passwords sent via email to the user. Either way, compromising emails might allow attackers to harvest a huge amount of personal codes, PINs and passwords that might allow the attackers to further venture into compromising other Computer Systems and Applications linked to these compromised codes, PINs and passwords.

Attackers taking over email accounts may setup their own agendas and campaigns using compromised emails and a few of their favourite campaigns include sending spam or specially targetted messages with crafted malware payloads in the email content which may come in the form of contaminated electronic documents, applications, vulnerable websites or websites with "traps" and many other form of electronic attacks. If you are thinking how the attacks could be related to your responsibility as the owner of the email account whom have lost control over it, give it some thought again. Your email is used to send stuff to undermine the security of those around you and yourself. The attacker might flip through your online address book in your email account and decide to compromise all your other friends and family members because you did a bad job at securing your email. You could shrug off and think that those who were compromised by the email attacks that came from your compromised email are not really brilliant people but think again, you were the source of all the problem.

Turning into a pawn in the attackers' botnets (Computer Systems that are compromised and under remote or local control), your compromised email accounts become useful arsenals to carry out their nasty job. Legal implications may arise due to the identification of your email account being identified as a participant in certain Computer System breaches or attmpted attacks. Some of these attackers do not want other people's money but are State Actors (Agencies of a Nation or Country) that uses compromised email accounts in their covert operations to do nasty stuff to their targets and manipulate messages for their own gains and agenda. Some of the compromised email accounts could be used to implant fake evidences to setup traps to entrap their political or national targets and imagine what happens if you are on the receiving end of such treatment where you are a journalist or an activist and the State of Nation somewhere (or even your own Country) decides to set you up so they can put you down and out because you did not do your email security properly or your friends' or families' emails got compromised and were used to reach out to you and you might have downloaded or become infected by highly customized malware. You might attempt to justify the lost of security of your email account to the covert operations under the influence of certain powerful players but at the end of the day it is still your email account you lose control of and you cannot justify if their actions are justifiable or not.

The net of intrigue does not stop at the personal level when an email account is compromised. It could turn out to be a covert operation by certain Agencies, States, Countries, Organisations or Groups on the extreme end (one should not shrug off such possibilities just because it might seem unlikely) and on the more forgiving end, it might just be a prank. This net of intrigues could go on but it would be too extensive and too much to write here.

Either way, do consider your own security and the security of everyone else connected and not be a weak link in the security chain. Don't be the black sheep that poisons others you don't mean to.

You are doing security for yourself and as importantly, others around you !


Publication Info
Published On: 2nd Jan 2015
Author: Thoth


CONTACT