Default User BR wrote:
JPH wrote:nisiprius, I made this mistake, and my account was hijacked.
What did they do with your account? What was the process to regain control?
It's not a they, it's one apparently mentally ill person who has made it his great quest to inform everyone of the imagined evils of Larry Swedroe, Mel and myself. We have previously discussed him on this thread: http://www.bogleheads.org/forum/viewtopic.php?t=82238
We have gotten fairly good at sniffing him out when he signs up, so he switched to this attack on our forum in an attempt to hijack existing member's accounts from which to launch his protests. We now know he successfully hijacked at least three accounts. In JPH's case, he didn't do anything with the account other than attempt to change the e-mail address. He either was holding it in reserve or made a typo in the e-mail address, because he never activated the account after the change. By restoring JPH's original e-mail address and forcing a new password, we were able to get it back.
Two other members were not so lucky and their accounts were used to send dozens of PMs complaining of his ill treatment and "warning" people about the conspiracy he imagines Larry, Mel and I have cooked up. These accounts have been recovered. We don't know if anyone else has been hijacked, so once again I urge you to change your password if you are using one of the weak passwords mentioned in the first post on this thread.
rustymutt wrote:Alex, can you capture his IP and turn it in to his provider. Plenty of software out there to do this.
He's arguably insane, but he's unarguably very smart. I've contacted his original ISP and they won't do anything unless compelled by a court or law enforcement order. He now connects through anonymizing servers so there is no way to block or track him. He also always uses temporary e-mail services when he signs up for an account. His hack attempts are illegal and law enforcement could get him easily enough based on the information in our logs, but it appears that since we can't prove sufficient monetary damages, the cops aren't interested in doing more than taking a report. BTW, if anyone out there has some pull with a computer crimes law enforcement entity who might be interested in pursuing this, please let me know via PM. Our servers are in New York and the attacker appears to be based in New York if that makes a difference, but we obviously have readers everywhere.