Suspicious Google sign in - Grafton St

P.Walnuts

Hey

So anyway was in Grafton St today and got a text saying google had blocked a suspicious sign in, thing is thats the second time this has happened in the past month when I have been on Grafton St...coincidence?

I did notice a wireless signal today as I was walking a couple of minutes before I got the text....also the IP that attemtped to sign in both times is something like eu-west.compute.amazonnews.com

Anyone have any ideas what's going on? I've obviously changed password each time this has happened

AnCatDubh

Its kinda intreguing isn;t it.

Never had the experience myself and have a gmail (rarely used now post NSA - wooo hoooo ) and i'm regularly enough on Grafton street.

A couple of things to keep it in the real world for a moment:

a) is your email really unique or is there possibility of someone with a very similar one?

for example: my first initial / last name without the last letter is one of my email addresses, but i'm not as unique as I would like to think in the world, and another person (same name) has an account with first initial, and full last name with the same email provider. Occasionally we'll get each others email (rare enough to be honest but it has happened more than once), but in the past I have been guilty of trying password resets on third party services for my first initial, full name email address (which isn't me at all). It's just that my fingers go on autopilot and type in full as they are used to. Anyhow, the net effect is the other individual probably gets a regular "are your trying to change your password" email from third party service providers. Possibly something like that at play here?

b) Are the times similar. ie. are you strolling down grafton street after work, on a break, during lunch, when it has happened? Is there a pattern. What i'm getting at here is whether it is likely that someone in a similar situation to (a) above is at their leisure time, trying to reset an account password during their break/lunch/whatever that they believe to be theirs but perhaps their fingers are on autopilot? It might be plausible.

On the other hand, assuming you haven't significant wealth stashed in your gmail account, it could just be an automated bot trying to crack in, steel your contacts, and send them spam in which case google is doing its job, blocking them and sending you the text. In this case it would just be coincidence - though I have noticed spam bots may hone in on opportune times (generally i've seen them start to post after 5pm, ie. generally when a system may not have attention) so it could be time related too.

On last possibility which may be the one which you are thinking of, is that your phone is connecting to an open wifi and sending your email account details unencrypted to some service - perhaps to log onto something. Now in the background someone would have to be listening to such unencrypted traffic - sniffing the air as it were - and filtering out email addresses which it could identify and then trying to brute force an entry. Entirely possible, albeit not terribly common.

But, all of the above could also fit nicely on the conspiracy forum :O

Khannie

That's potentially someone trying to breach your account through amazon's AWS (cloud) services. I have two factor authentication on for all google services and highly recommend it.

syklops

On last possibility which may be the one which you are thinking of, is that your phone is connecting to an open wifi and sending your email account details unencrypted to some service - perhaps to log onto something. Now in the background someone would have to be listening to such unencrypted traffic - sniffing the air as it were - and filtering out email addresses which it could identify and then trying to brute force an entry. Entirely possible, albeit not terribly common.

Errr. I know someone in Dublin who built a thing which does just that. Not sure if it is near grafton street though.

I think the best bit of advice is to set your phone to not connect to open wireless networks.

Blowfish

syklops wrote: »

I think the best bit of advice is to set your phone to not connect to open wireless networks.

Indeed. Naturally the Grafton St. bit could be complete coincidence, but the one thing that immediately comes to mind is DCC's free wifi. Haven't looked into it in detail as to how they secure it, but it's probably best avoided.

syklops

Blowfish wrote: »

Indeed. Naturally the Grafton St. bit could be complete coincidence, but the one thing that immediately comes to mind is DCC's free wifi. Haven't looked into it in detail as to how they secure it, but it's probably best avoided.

Years ago I did a warwalk around that part of town. I found literally hundreds of APs many of which were wide open.

With an open AP, even the likes of a Dublin Bus AP or a McDonalds someone might be arpspoofing the network, routing all traffic through their machine sniffing credentials. Its not worth the risk. Get a decent data plan on your phone and only connect to APs you know and trust implicitly. Even then someone could be sat next to you with a Wifi Pineapple sniffing your stuff.

P.Walnuts

Cheers for the responses guys, it was just really a wtf moment as for it to happen twice was a bit odd really.

Absolutely nothing special about my gmail, just regular emails. I imagine the wifi signal I picked up was the problem as said above.

One more Q, it is neccessary to change password when this happens?

As in when google says they blocked an attempted sign in, does that mean they password was actually correct and google blocked access because of the strange IP, or that they were just hammering my account with password attempts?

hooplah

syklops wrote: »

With an open AP, even the likes of a Dublin Bus AP or a McDonalds someone might be arpspoofing the network, routing all traffic through their machine sniffing credentials. Its not worth the risk. Get a decent data plan on your phone and only connect to APs you know and trust implicitly. Even then someone could be sat next to you with a Wifi Pineapple sniffing your stuff.

Putting everything through a vpn would be fine though wouldn't it?

syklops

hooplah wrote: »

Putting everything through a vpn would be fine though wouldn't it?

Absolutely. A VPN or an SSH tunnel would be fine.

Khannie

syklops wrote: »

SSH tunnel

Slightly OT, but this is one of my favourite technologies ever. It's just so powerful and useful.

hooplah

Staying off topic, if people want to try out using ssh they could check out http://silenceisdefeat.com/UNIX-how-to-using-linux-UNIX-SSH.htm

there's a 50MB limit (i don't think its that strict in reality) so its not suitable for filesharing but good for things like email and checking out ssh before you set up or buy something more longterm

syklops

Khannie wrote: »

Slightly OT, but this is one of my favourite technologies ever. It's just so powerful and useful.

Same here. So powerful, useful and so simple. Though a former colleague recommended we implement a full blown VPN (on a Respberry Pi) because he couldn't get his head around SSH tunnels, so maybe not simple to everyone.