Hacking GMAIL Adventures

A couple of days ago a friend of mine asked me to help recover a forgotten GMAIL password. I saw this as a great opportunity to see if any of the services on the internet really can hack a GMAIL account.

I ran all of the software inside of a fresh and clean Virtual PC. I was scared that these programs might just be a pretext to get you to install Malware on your machine. With a Virtual PC, there would be nothing to get and I could wipe the machine clean when done.

 I used a disposable American Express card for payment. I was scared that these programs might just be a pretext for getting credit card numbers. With the gift card, at least I knew I couldn't loose more than the value of the card. Interestingly, the first card I got was a GreenDot gift Master card. This card required me to go to a website and agree to pay for any extra charges over the value of the card that might come in. I declined the agreement and they are now supposed to send me a check for what the card was worth. 

The account I tried to hack was a real GMAIL account that had been around for a long time. I got full permission from the account holder to try all these experiments since she had nothing to loose anyway.

Short answer is that none of the services were able to recover the password. None of them charged me any money either. My guess is that the only way to hack someone's password is to send them an email that tricks them into giving it to you either with a keylogger or a fake GMAIL login screen. This doesn't work for an account that no one can check.

Here is what I tried...

http://hacks4Sale.com

This well-linked to site offers "software solutions can enable you to retrieve your long lost e-mail account password or help you in cases of suspected spousal infidelity"

Downloaded and installed the (free) program into a clean virtual PC.

Program ran for about a minute and claimed to have found the password!...

This seemed *very* unlikely since I had been running a sniff the whole time and the program did not even access the network once!/p>

Additionally, I was monitoring the program's file and registry accesses and it did nothing except look for an Audacity key that was not found. Hmmm, maybe it is looking for some weakness in Audacity?

Curious, I clicked on the "Get Unlock Key" button which took me to a dead end page on the e-junkie.com e-commerce site...

e-junkie screen shoot

Dead end.

http://techwith2.files.wordpress.com/2010/10/hacking-tutorial.pdf

This document essentially tells you email your own GMAIL password to passwrdserver2@gmail.com where, I expect, it will be read by the author of the referring document.

 

http://www.hackgmailpassword.com/

The homepage has lots of dead links to the password hacking tool. The one link that worked brought me to page to said I needed to complete a quiz on an affiliate site before I could access the tool.

screenshot

I completed the quiz but never got to any tool. Looking at the HTML for the page I found a broken link to a page of instructions that was supposed to come up. You can see it here...

http://www.hackgmailpassword.com/instructions.html

...without having waste time doing the quiz. It basically says you can either guess the password or use a key logger. Not so helpful.

http://PayAHacker.com

Ok, this looks familiar...

payahacker.com screenshot

...and again, clicking on "Get Unlock Key" brought me to a dead page on e-junkie.com.  Oh well. Next I tried their "online" tool which, not surprisingly, reported that it had hacked the password but I needed to pay the see it. Just to see, I then asked it to hack a non-existent email account, which it also was able to do successfully...

 

Next I filled out the form to register for an account. So far I have not received anything on the email address I gave them.

http://HireHackerz.com

Most links on the homepage are dead. The site claims to have been in business since 2004, but the domain was registered in 2009.

HireHackerz.com screenshot

 The "click to order" link brings you to a simple form that asks for your email address and the address you want to hack...

hirehackrz.com order form

 I filled the form, but never heard anything back.

http://www.spyscorpio.net

The FAQ says...

How long will it take to get the password?
The time it takes is based off of how often the subject checks their e-mail. Since I must send them an e-mail that has to be opened by them, it is solely dependent upon how long it takes them to open it. I have gotten passwords back in a matter of minutes to 3 months later.

 ...so my guess is that they will attempt to get the password by phishing. Of course that doesn't help much in the case of a forgotten password.

I filled out the form and quickly got back this email...

Dear josh ,

Thank you for placing your request, we have received your order and we will work on your request as soon as we get a confirmation and as soon as you agree to the terms and agreements of our services.
1. The minimum charge is $200 USD (for one retrieval), payable after we provide you the concrete Proofs. The Proofs which Claims that the email account of the Victim is Cracked. The price may vary according to the mail server, method used, urgency, problems faced and importance of the account. It mainly ranges from $200-$500 USD.
2. We Provide you the Original Password which the victim is using, We will not in any way change the Password of the Victim's account.
3. We do not disclose your case in any way to anyone in any case.
4. Please do not place your order in several groups to avoid trouble in the process.

Please give us at least 36-72 hours to crack the Password as soon as you have confirmed your order.
If this deal suits you, then revert back an email to confirm your order.

Awaiting for your prompt reply.

PS : Please do not place the same order elsewhere to avoid confusion. If you have done this, then let us know.

Chat online on Yahoo! messenger: spyscorpiogroup@yahoo.com

With best regards
SPYSCORPIO GROUP Inc
w w w . s p y s c o r p i o . n e t

I replied to the email saying that I would happily pay $250 for the recovered password. Still waiting to hear back.

UPDATES

2-1-2011 : First published

###