Quote:
Originally Posted by BlueFlare
My password for bovada was unique and is certainly not guessable. My email password had the same word, but included numbers with it.
Well EVERY password is guessable it's just a matter of time and how much computing power the hacker has. If you hide a key in your yard I would not be able to find it cause you would call the police if a stranger was lurking in your yard. But what if I knew you would be on vacation for a few weeks? Or what if I could clone a copy of your yard including the location of the key and "work" on it. It's not like they are logging in and trying to crack your password one attempt at a time cause that will trigger account suspension. They are lifting/hashing out that black prefilled password when you click save password and then "working" on it.
First I would do a dictionary attack in case the user is using an actual word from the dictionary. You did and thought to put numbers after it would be good enough? What is it like chips696? Or is it a really long tricky one like chocolatechips797? Both of those are obviously level 1/entry level hacking passwords meaning even a hacker as weak as myself could crack it relatively quickly.
I got into cybersecurity when I met a guy (not IRL) who was EXCELLENT at cracking passwords. It started off as a goof as he basically was giving me a lifetime brazzers membership for free. I like free and I like brazzers but I knew this was BS. Nonetheless, I decided to look into it. For two years I have had brazzers free and I kinda feel guilty about it (no i don't, I paid brazzers tons of $$ over the years lol). The most interesting thing is how good he is at it. He is often cracking 10+ digit passwords with upper and lower case/special symbols, total gibberish, no dictionary words in them etc. Now, he usually gives me 5 passwords at once in case one breaks (they all do eventually) and some of the passwords are actually like chips696 lol. Those are the easiest to crack but some of them I look at I get really scared b/c i'm like, "holy, f*** you cracked THAT!"
I can't play on bovada in jersey and withdrew my roll but I'll tell you basically my password: WdVHuL.832#K1L!
I'd rate that password about a 7/10. My guy can crack it but it'd take him a long, long time. If I had a lot of money on bovada I'd obviously want a stronger password. But I am using the max allowed characters (15) at least and now that I look at it I might rate it a 7.5/10. It's strong enough that I really only need to change it a few times a year.
Since bovada is the biggest room and bitcoin is their preferred transaction currency, there are guaranteed hackers going after every account.
Also, I'll bet anything your email password is a variation of your bovada password. The most important thing about cracking a password is not to change it or give any signs to the user that it's been cracked.
Now a keystroke logger would be easiest by far but that
should get picked up by malware detection etc but the best ones obviously stay hidden because that's the goal.
I'm training to become a hacker but I am only 4 months into training so very, very weak still. Also, by hacker I mean a good one in an area like cybersecurity. Good guys like me are needed because the only thing that can beat a bad hacker is a good one.
I am sorry that happened to both of you. I am not saying your password was lifted, but rather giving you more of an in-depth look into the possibility it was. And it wasn't me. I'm just not good enough and more importantly not a bad person. Or not a bad "enough" person I guess. I mean brazzers is one thing but stealing huge sums of money means you are complete scum and a waste of life.
Try calling bovada and explaining to them that due to lack of rsa token etc their passwords are being compromised. I would try somehow to get your money back. Try to prove in any way possible that it could not possibly be you who withdrew the money. You were out of town that day so it couldn't possibly be you right? (long shot i know)
Don't give up because sometimes a solution comes up that you didn't think of. Most importantly figure out EXACTLY how you were a victim of theft and LEARN how to never let it happen again.
Good luck and I'm sorry this happened.