The Anatomy of Email Password Hacking

Before we get started you can rest slightly better knowing that hacking doesn't work like Hollywood makes it work. The truth is that email password hacking takes much more time and is fairly boring in practice. The most likely abuser is just a spammer looking for emails to use in a botnet.

Regardless, you do want to protect your email password from these people and also protect your contacts and private information from entering the wrong hands. In order to understand how to protect yourself, I'll cover the basic methods of email password hacking and then cover the best methods of email protection.

 This is the method that is always shown in the movies. Someone can pull up the login screen, pull up a little program and then run through all available passwords in a few seconds and find their password. Naturally this isn't how it really works.

This method is called "brute force." It runs through all possible passwords. It's like trying to open a combination lock by going "1-1-1...1-1-2." Note that this can take a really long time unless they have a very powerful network. There are ten numbers and 26 letters that can be used along with a lot of symbols that can be thrown in. Passwords generally have to be 8 characters or more. Ignoring the mess that symbols create, it would take 36^8, or 2,821,109,907,456 attempts to go through all available combinations. So yes, it will take awhile to actually do this unless they're using a few supercomputers, in which case you'd be far below their radar. They would also have to be careful to not have their IP address flagged for a high number of attempts. It's not uncommon for a site to just lock an account down after a few failed attempts in a short period, since it just assumes that a crack attempt is occurring. Again, a botnet can overcome this, but people with such a network usually have more important things to do or lucrative jobs stopping hackers.

There are also programs that just run through the dictionary. They're much quicker but they can fail as long as you throw a number into the email password.

Naturally there are some exploits that come out that allow a quick hack. Sometimes source code is compromised too. Thankfully any good email provider will try to stay on top of these security exploits and close them as quickly as possible. The truth is that email password hacking is usually due to more mundane and non-hacking methods.

If you're wondering about the most likely culprit for hacking someone's email password, then it's probably just standard malware. There isn't much of a trick to this either. Malware can get onto a computer through the user downloading a malicious program without realizing it. It can also slip onto the computer through exploits in browsers, usually through loopholes from viewing banner ads and pictures. If the user has malware protection in place then it will hopefully be caught.

If not, the malware might capture some information. Trojans and keyloggers are both able to do this. A Trojan acts as a backdoor and allows another person to hijack a computer. This can let them simply log onto the email and change the password or steal it as if they had physical access. Keyloggers just record information and broadcast it to their master. They then read through the captured information and look for login information. Usually they're interested in things like Paypal or banking information, but an email password can be a good starting point.

It is also possible that malware will directly raid browser caches for stored passwords.