Tracing and threats on messengers

[z4955]

I recently received a threatening message in my yahoo messenger from someone I do not know... is it possible for someone to be able to trace my telephone no. and address etc. this way? They say they have... if so, can theirs be traced from my end as well to find out who this is? shaken

 

[Zantra]

If you didn't list it in your profile it's not traceable unless they either work for yahoo or hack into yahoo's systems (not likely). And it's traceable to the extent that the person registered their account. Of course that has a certain degree of anonymoty. I'd report it to yahoo, and let them trace it. Of course they won't release the info to you- that would take a court order.

 

[z4955]

thanks

thanks for that bit of info, zantra... and anything else anyone else has to say on the subject is more than welcome

 

[Anttech]

The Yahoo protocol uses a central server, therefore the only way someone can get your IP is via a direct connection to them, or for you to click on a link they send you to a website they own... With the IP address if they know what they are doing they could probably find which Continent you live in, and perhaps your Country, but that is it! Unless they hack the ISP Cutomer Details DB, and Connection Logs that owns the IP address you were using and get your details... (not unlikely but impossible)

The Phone number and Address thing is pure fiction, Only way they could get that is if you gave it to them or you (as Zantra says) filled out your Profile... Yahoo will not even have your address or telephone number if you didnt fill this out, so even if this person is the most l33t of all crackers and got into Yahoo's DB then they would find nothing on you!

If you time logged the messeges ect then contact Yahoo and see if they can help you... They could probably get the person who threatened you's IP from some of there logs and from this contact the ISP that owns the IP address. The ISP inturn 'should' contact the person this IP was issued to at the time of the message, and have a few words... probably enough to put the person off doing it again...

Dont worry... empty threats! :-)

 

[z4955]

thanks, anttech!

 

[The_Professional]

there's an old trick whereby you ask the person to send you a file through instant message and while sending the file you go to dos command prompt type in netstat hit Enter and...find the IP there.

 

[z4955]

that's real interesting... how do you do that?

 

[z4955]

The_Professional there's an old trick whereby you ask the person to send you a file through instant message and while sending the file you go to dos command prompt type in netstat hit Enter and...find the IP there.

sorry.. I should have been more specific on my reply. How do I get to dos prompt to type that in... and it needs to be done while the file is in the process of being sent?

 

[Anttech]

what OS u on?

XP / Win2K

Click start
Run
Type: "cmd"
In command prompt type netstat

 

[exequor]

hey that netstat thing is not really an old trick, i still use it. It is just on the social engineering side of things. the way it works is like this: people are always looking for all kind of rare files over the internet you may come across someone who is asking for one like over irc or something. all you do in messenger is send a file to them (that is big enough so that you have enough time at the cmd prompt) go into the cmd prompt and type netstat (there are extensions like -a, -e and so on). I don't know about yahoo but in hotmail you can do this and crack someone's email account (i know this).

 

[Anttech]

netstat is just showing TCP/UDP sessions you have established, so as long as you are connecting to the person's PC and not through a central server, then you can see there IP There are other tools you can use, but this one is sufficiant, If they are behind a NAT device then you will only see the IP of the devicing doing the NATing

 

[The_Professional]

It would be difficult to crack somebody's e-mail account even on yahoo. Although there are other methods that would make it easier. The most common of which is phishing or password harvesting fishing. An e-mail/instant message that involves someone posing as an Account Representative from Yahoo asking for your password, name, telephone number...Although most people would ignore this, there are still a lot of suckers out there that can easily be duped.

 

[exequor]

An e-mail/instant message that involves someone posing as an Account Representative from Yahoo asking for your password, name, telephone number...Although most people would ignore this, there are still a lot of suckers out there that can easily be duped.

A lot of people are getting "duped" because is not only the representative from yahoo that hackers use. they are coming up with more and more creative ways to get info from people. remember most of this type of hacking is as good as "social hacking".

 

[ramollari]

It is a fact that the latest version of Yahoo is using encryption of messages, so outsiders cannot tap on them. AOL's AIM, MSN, and ICQ send the messages in unencrypted form so a hacker can collect them an obtain sensitive information if any.
In other aspects of security, Yahoo is like the other instant messengers. All messages and files you send first have to pass through the server network. An administrator of these servers has the ability to keep a log of these data. No matter how much he can assure you that this cannot happen, security is not 100%. Imagine other threats, like false identities, or viruses/trojan horses. Anyone can say "try this", or "check this application", or "download this for free" and the file may contain malware that can cause lots of trouble in the local machine. And what makes the problem worse is that Instant Messaging can bypass proxies and firewalls. No wonder that public IM is not yet being used in corporate/business environments as the mainstream form of communication, like e-mail is.

 

[Averagesupernova]

I don't know what your yahoo habits are but I'll throw out some suggestions. Are you sure this person isn't someone you already know or have IM'd with who has something against you? Just because it is a username you don't recognize doesn't mean it isn't someone you know. People can 'troll' in instant messages just as easy as they can on forums. I don't know how revealing your user name is. Maybe it contains a clue as to what your name is and they were able to put 2 and 2 together to find out your address. (Assuming they actually know it) The more you find out about a person the easier it is to find out MORE about that person. Reread that last sentence, yes it does actually make sense. With a little creative observing, one can learn an awful lot about a person. If it were me I would play along a little with this person. Log in at a different computer, give them bogus clues, use whatever imagination you have. You will also learn about this person as well. But, that's just me.

 

[z4955]

Anttech: I am currently using OS Win Me

 

[z4955]

Averagesupernova: Yes, I am well aware that it could have been someone who already knows me and someone I know as well. That was one of the first things that crossed my mind... but even so, they still wouldn't have my phone # or address. I haven't shared that with ANYONE I converse with on the internet. Because I do believe it was someone I know, I was trying to find out if there is a way to find out who it is. I received only 2 messages and then nothing. My search on yahoo for that id showed that there is no such id, which leads me to believe that person deleted that account after the 2nd message. I have had no further messages as such. BTW... I never replied to either message.

 

[Averagesupernova]

Are you sure it isn't someone you know that may have already knew your digits and address that spotted your profile and figured out it was you? Or maybe it was just someone who had the wrong guy. I guess a fitting question would be: Who have you p!ssed off lately?