I am in the habit of regularly auditing my MS Account information as I want to know where my threat vectors are coming from. I am looking at you guys from Russia, please leave my account alone, will you! :)
Anyways, seriously now, I took a look a minute ago and I noticed something out of place. There is a Successful Login entry on my timeline last Thursday; from UK!
That is far outside my operational zone! So far even I’ll need to catch a plane to be there physically. And what troubles me most is the Browser/App reported: Unknown. Now I am a die-hard IE user. I intentionally use IE so I could be on the InfoSec warfront; contrary to what popular opinion is that IE is for NOOBs. Normally IE would have shown up there that says Unknown Browser if it were me.
Now, I know for sure I wasn’t in UK on that day, as I was still on vacation somewhere else. Normally my line of work require that I use VPN connection to work, and accessing my MS Account during my VPN connection gives a skewed login location of my company central server location that is well known in my timeline, but on that Thursday I was off duty, and my VPN access is mostly somewhere else totally.
So I did what a normal InfoSec person would do, I went to IPAddress.com for the WHOIS info of the IP address and my bacon was stolen! I have been hacked from Nokia HQ UK!
How is this possible. I thought Nokia is one of the good guys right? Could IPAddress.com get this wrong, I went to other WHOIS tools, they all told the same story, I have been hacked by Nokia. Now I don’t believe I am that important that Nokia would go after me, neither do I believe there is a Nokia Admin that needs my attention.
I just want to know how this is possible. I remembered Nokia had a Keynoting event on the day that I watched online, but I didn’t have to login at that time with my MS account, and even if I did, it wouldn’t have registered me at UK. What other event did I have last week that has to do with Nokia? Yeah, I downloaded the Recovery Tool but that was also without login. So what the freak is going on? Has any of you experience this kind of place-shift?
This is a riddle for any of you InfoSec experts out there. The way I see this. Nokia have been hacked, and the hacker used Nokia’s network to get to me. But I see this as least path effort as I haven’t got anything that any Hacker would go the length of hacking a renowned company to reach me. So what is this? Go ahead people, theorize. I am curious to your thoughts on this. In the meantime, excuse me while I clean up my MS Account.