[nsp-sec] Calling gmail/google security staff.

[Mattias Ahnberg]

Greetings,
one of my hobby projects is running an IRC network called DALnet,
and last year or so we've had a stubborn pakistani user who has
really gotten onto our nerves. He has been getting quite skilled
at social engineering our staffs e-mail accounts from various big
ISPs (comcast, etc). We're talking about a dozen or so staff all
over the world in various ISPs.

How he does this is a bit unsure because no ISP has so far given
out any information to my colleagues as how they can keep giving
up e-mail accounts so easily. Comments indicate/hint that he has
in some cases been able to have "webchat support" with ISPs and
through that convinced them, in some other case we think he have
called the ISP.

Either way; because of this we've recommended as many as we can
to stop using personal e-mail accounts for this purpose and to
switch to gmail with 2 factor authentication, since we've believed
it to be very secure and resilient from this.

Sadly now it seems like even this isn't enough. He recently got
ahold of one of our staff members secured google aggount. 2 factor
authentication enabled, a "non guessable" recovery e-mail address
setup for the account etc.

I am clueless as how he can accomplish this. It seems very hard
to get ahold of personal contacts at google to try to assist us,
so I am reaching out here to see if anyone might be able to help
us understand what is going on.

He himself have bragged a number of times that he has "access to
staff at big e-mail providers everywhere", but I haven't taken
it as more than kiddish boasting. But I don't know anymore.

Anyone at google able to assist? Or any other ideas?
-- 
/mattias ahnberg - DALnet IRC network (AS31800) -- +46-73-231 22 58