The Washington Post has an interesting story about Web sites that sell hacking services — such as the ability to hack into a person’s Web-based e-mail account (Yahoo, Hotmail, Gmail, etc.)
[Hacking services such as YourHackerz.com or hackmail.net] boast of having little trouble hacking into such Web-based e-mail systems as AOL, Yahoo, Gmail, Facebook and Hotmail, and they advertise openly.
And, experts said, there doesn’t appear to be much anyone can do about it.
“This is an important point that people haven’t grasped,” said Peter Eckersley, a staff technologist for the Electronic Frontier Foundation in San Francisco. “We’ve been using e-mail for years, and it’s been insecure all that time. . . . If you have any hacker who is competent and spends the time and targets you, he’s going to get you.”
Federal law prohibits hacking into e-mail, but without further illegal activity, it’s only a misdemeanor, noted Orin Kerr, a law professor at George Washington University and a former trial attorney in the Justice Department’s computer crime section. […]
Experts said there are numerous ways to steal someone’s e-mail password, from simply guessing at family names or pet names to high-tech infiltration. The most common way is to send the target a link to a greeting card or something else they might specifically be interested in. When the target opens the link, software is installed on his or her computer that snatches the password the next time it’s typed in and sends it to the hacker. Web-based e-mail, such as Google’s gmail and Yahoo, can also be attacked through bugs in the Web browser, Eckersley said.