Hacked-how does this happen & how 2 prevent it?

I suspect this thread will cause some groans, and I really am not sure what to do any more.
On the 21st of November my account was taken over (abducted/hacked/cracked) choose your preferred term there. I was able to call billing, verify my ID and get my password reset.
Not, however before the abductor(s) transferred 200USD from my paypal account to an avie who no longer appears in search.
Because this happened in conjunction with the thanksgiving holiday LL's fraud department was not (apparently) staffed for a few days but I did create a ticket #4051-4303239 and have been on the phone with them several times since the Monday following the holiday.
Because there had been login issues the day my account was taken over I didn't initially suspect anything when I was unable to login. I only became aware of the problem when I saw email notices of the paypal transactions. It's fortunate that I checked that email and I was able to suspend my paypal account which remains suspended. Reaction time to this doesn't seem to be the solution though since when I look at the transaction logs two things are clear the first thing the abductor did was try to purchase L$ when that worked then the password was changed and two more transactions purchasing L$ was completed-all that took only 4 minutes to accomplish. So I don't think any earlier detection or action on my part would have stopped this. Maybe the abdutor would have tried to purchase more L$ had I not recovered the account, but obviously I don't know.
Back to the day this happened I remember my last log out location and time. To the best of my knowledge I didn't click on/accept anything from anyone unknown to me. My password has changed of course-I never shared my password with anyone, and while my previous (hacked?) password may not have been extra strong I don't think it was really easy either.
I don't know what's happening with the ticket/issue-it remains open (working) but it's coming up on 3 weeks now so I suppose the money that was transferred from paypal has left world. There was also 1680L$ in my account at the time this happened-also taken.
I was able to look at the avie profile all the money was transferred to, immediately after I got my account back, and that profile had no payment info on file; so it seems to me the money had to be transferred to an account that could move money out of world.
Looking beyond the lost of 200+USD how can I trust that this couldn't happen again? It appears that there will be a push to get all accounts verified. Is that through using credit card info? I have my correct-real ID on this account, but I am very reluctant to re-validate my credit info.
Any helpful-informative comments and answers to this will be very appreciated.

I do not know anything exactly, however I would assume this is the same as any other hacking of PCs.

Either the attacker sees you in world and decides you are a good target or not.

Even on the forums. "Hey check out this crazy pic I took in SL" OK now you just D/L'd a virus or something that can gather cache information or a key logger. ANything is possible there.

DO you have the client keep your password for fast logins? I hear hackers can get to that cached password easily.

Someone monitoring your network?

Do you use wireless? Any encryption on that?

Any time you do anything on the internet you are at risk.

I remember a forum post of one lady that kept using the same PC to change her password. The attacker kept receiving the new password and would log in , change her password and steal more stuff.

Everything I have said is hear say and may be off old unverified information. However I have found this to be true in life.

If you can dream it. It can exist....Somewhere.

Sorry to hear this happened to you.

EDIT*

Changing your password every month may help you be protected but is not garenteed. Also try not to use the same password for multiple sites.

Sorry this happened to you .

My bank has a service where you can create new credit card numbers at will which can be both be restricted by amount and expiration date. When that number is used it locks the card to that specific credit card processor so it can't be used anywhere else.

So even though I have a credit card on file with LL, it never has a balance left on it since I'll just put in a new card number (or you can raise the spending limit on an existing number) when I need to and instantly use the balance.

If you're feeling insecure right now, you might want to look into a bank that offers a similar service. It's effective not only for LL, but online in general, even if your card details get stolen from an online company, it'll be worthless to the thieves with no way to drain your true credit limit.

I'm sorry to hear about your misfortune. The first thing that springs to my mind is how could this happen? What are the most likely scenarios for someone hacking your account?

1. A complete stranger picked your avatar name at random and made a lucky guess or somehow managed to crack your password?

2. Someone you know in SL or RL managed to get enough information about you, your account and/or your favorite passwords to log into your account. Someone looked over your shoulder or used a key logger, or you used your ID and password to log onto a 3rd party site, etc.

3. An internal security breach at Linden Labs or an affiliated company.


Item 2. seems more like the first most likely scenario to me.

You are right I think in assuming that LL should be able to follow the money to see where it goes, if it is still in world they may be able to recover some of it for you. I hope this turns out well for you.

It's surprisingly easy to get into accounts honestly, and SL makes it a tiny bit easier to tell the truth (Yes I know how easy it is to get into accounts from experience, I've done controlled testing and experiments to find out though not with SL)

If they can find your name in SL, they're halfway in. They just need a password. This can be done a number of ways, most common in small time crackers (Not hacker, they're the good guys) is brute force password cracking.

They put in the login name, and have a dictionary file to check various words, common phrases, numbers, and combinations thereof. Depending on how secure your password is it may or may not work. If it consists of just real worlds and/or numbers it can be cracked easily. Depending on the complexity it could take anywhere from a few minutes to literally days.

If your password is more than real numbers/words, it will be considerably harder. However, to narrow down the search they can limit it to the number of characters allowed in the password field of the given account system (I don't know SLs), which will speed t up if only a little. Using a special type of brute force cracker they will try literally every combination of things that are not in the dictionary file until they find it. This will usually take a LOT longer.

If they know anything about you it can be even easier. If they can get your email name that is attached to the account, then it become very easy. They just need to get into that (Emails are very easily boroken into most of the time honestly). Then they can do the 'forgot password' bit and get the email themselves and remove it from your email before you see it.

THen they are in.

These are the most common current methods. Most small time crackers don't have the patience to do it to some random person and create a target based on some ofense or info.

Ones who actually know what they are doing and don't want a challenge (The worst kind) will use a keylogger that they hav disguised, to log your keystrokes and have the logs sent to their email, at which point they will parse it.

Best protectoin:

Strong password - very unique, not all numbers or letters, not real world, something little known about you or not related to you

Download safely - DOn't DL things you don't trust or from someone you don't know.

Sorry to hear this Goshawk.

You should also file a criminal complaint with your local police - not only has this person stolen money from you, they have almost certainly committed a computer-related crime, adding to the potential weight of any offence.

It may help your dealings with LL and PayPal if you can quote a police reference number - especially if you can convince the police to make a phone call or two to emphasise that they are dealing with the report.

Inc

Thank you for the reply and condolences-really I'm using linux, I don't normally have my password saved. I do infrequently use my powerbook-running OS X at a wifi cafe maybe I won't do that anymore. My home connection is DSL but I'm in a rural location with a long driveway and the signal does not reach the street-I've checked. Also my computer(s) are not left on-always off unless I'm using them. For some quirky non-logical reason I sort of think this happened in-world some how. Maybe it is one of my contacts-friends? But I have no evidence of that and no one, particularly LL, has explained to me how this actually happened and how to prevent this from happening again.
Thanks again for your response.

Actually I hadn't thought of that but if they have any personal information to confirm they are you they could use the customer service department to get your password too.

That's a good idea. In light of several in world scams (pseudo banking) I've gone to and told people about www.ic3.gov. Just mentioning it here because they are directly involved in internet crime. I wonder if they would be better able to deal with this than a local sheriff-we don't have town police in my area.

Just my own personal musings and it's annoying to me that pose ball "activity" gets so much public notice while fraud in SL seems to escape attention.

I really appreciate all the posts/replies. Until something like this happens to you you don't think about it much but now I'm thinking about it a lot. I like the specific advice on making passwords more secure too-thanks everyone.

Ouch, ouch.. you have my sympathy. Yes, it's a very bad idea to run your comp over a wifi in the cafe. Rule of thumb.. if you don't know how it's secured or if it's secured, then you don't need to be using it.

Okiphia, I thought LL had a lockout if you failed the password a certain number of times.. But if they don't, they need one and badly.

BINGO!! There might be the problem!

Wi-Fi is easily easily EASILY picked up on! PLUS- there's always a chance there wasnt encryption on anything you typed.


Good luck in getting it all sorted out.

I don't know if posting this here today had any influence or if that's just a post hoc ergo protoc hoc thing. And when I checked my account today I saw it was disabled with a note asking me to call the fraud #. When I got a hold of someone they told me my money would be refunded-but they wouldn't give me any details. The person I spoke with just emphasized what several people here recommended-a really strong password.
Anyway I want to say despite how most all of us like to poke fun at LL that billing, back when this first happened, was excellant and really helpful. In that area LL has been much more helpful than paypal. I would have liked to know more of the details but maybe that a security issue for LL? Obviously I'm pleased with the results although re-enabling my paypal account will not be easy and that's the way the refund had to go.
I really appreciate everyone's support and having brought bad news here I'm glad to include the good.

That's great news Goshawk. congratulations!!!! and thanks for sharing

Glad to hear you're getting your money refunded .

Wow, glad to hear the good news.

Dang, somewhat related. I am heading on vacation next week and thought I would maybe log in using a local internet cafe or library. I was planning to change my sl avitar's password to something new primarily since I use that password for some other non financial accounts. Well, you got me thinking. I have Paypal linked to my sl account. Now when I buy Lindens, I can not remember if they ask for my PayPal password or not. When I get home tonight it's time to delink Paypal from my account for the duration of the vacation. Will have to look and see if that can be done.

Maybe I will just create a second avitar for vacation. Hey, thanks! You got me thinking.

Very glad to hear this!

here`s something else

did you use the same password on any SL related website?

That's cool Goshawk!

I wish I knew how to do stuff like this. I'd have all of your money before you knew it.

You just leave my tab-ends (odd expression) alone, you!

A merry christmas would be had in my house, I can assure you of that!

What are tab-ends? Or should I not ask

The filter end of a discarded cigarette that has a little bit of tabacco still stuck to it. Homeless people collect them to make whole cigarettes.

That made me throw up a little

So that would make cigarettes tabs? How odd. When I was a lad, in a lost and sadly gone pre-PC age, we called them fags. Hence, fag ends. Did you perchance grow up in that genetic (and linguistic) dead-end the Isle of Man?