Easiest way to hack your friend's email: if he is dumb

Ever wanted to gain control of your friend's email id? I will explain to you how to secure yourself from such an attack in this post.

This hacking episode took place just a few days back and let me give you all the details about this attempt. Take this as a case study:
The person whose account was to be hacked was Mayank Chauhan.
The people involved in this hacking were Nikhil Sharma, Saikat Banerjee and Tanmay Sharma.
It seems that Mayank had a fight with Nikhil Sharma. So Nikhil hacked all his ids. But Mayank was able to get access to his id again. Then he implemented some 'top securities' , and challenged Saikat to hack him now.
This group used both guessing and phishing to get control of his two email id in order to get control of his facebook but eventually failed as Mayank changed the id he associated with Facebook.

So let me present a third party view of this episode i was not involved in any way:
Nikhil used forgot password option to 'hack' his email. His secret questions were
Q1. What is your place of birth?
Ans1. Delhi!
This was quite obvious as he lives in Delhi-NCR
Q2. Who is your favorite cartoon character?
Ans2. Shinchan!
Most of his friends knew his favorite cartoon was Shinchan. This was basically an open secret!

One ID under control now turn of another....
This time they used more sophisticated technique of phishing. This method can only work if the victim is dumb and the person doing it has good brainwashing qualities. By the time his one ID had been compromised he himself tried to get control of Nikhil's account and he looked for the net for that. He even asked some of his friends to help him. But unfortunately he asked the help of some friends who too were involved in hacking mayank's id. Such a dumb person he is!! They brainwashed him by suggesting a method by which he could possible hack someone else's account. Get an idea from this pdf http://www.derkeiler.com/pdf/Newsgroups/alt.computer.security/2009-06/msg00097.pdf
This is completely rubbish and never try it! Make sure your security questions are very general but their answers should be very specific.People usually reveal a lot of personal information in Facebook which helps the hackers a lot. So avoid that.
And remember never hack anybody's id 'just for fun'. Hacking can get you in legal trouble so beware.
Any way I hope the following discussion with one of the conspirators will make it clear what actually happened:
me: Gimme more details

 Saikat: about

1:33 PM me: That episode

 Saikat: which episode bhai?

 me: Taking control

1:34 PM Saikat: hacking?

  jaldi bol

  i have to go

 me: Ha

  Which account did he use?

1:35 PM Saikat: :P

  hmmm..

  well..

  first i brainwashed him

1:36 PM as nikhil as hacked his account... and he got it back.. he challenged me to hack him... so.. i found out this little trick..

  so...

  i told him that this is a method to hack nikhil

  i told him TO USE HIS OWN FB ID!

  so that i can get access to his :D

  but..

  he didnt use his fb id..

  and .. well..

  i could only get access to his new account

1:37 PM i hope you understood the trick?

 me: You took over nikhil's account?

 Saikat: NO

  i took over mayank's

  did you understand the trick?

  its just that..

1:38 PM me: No

 Saikat: wait.

  let me type

  ITS JUST THAT>.. i create a real LOOKING.. gmail server id...

  like..

  officer.gmail@gmail.com

  something like that

  and tell him

  that..

  you have to compose a mail... with

  the subject... PASSWORD RECOVERY

1:39 PM write the person's email id

  your id

  our own password

  (THIS IS THE TRICK.. he is giving us access to his own id without knowing that the officer thingy email id is ours only!!!!)

  then i give a stupid javascript code ( which doesnt work ofcourse)

  :P

  and tell him that this javascript..

  confuses the gmail server

1:40 PM and returns back the TARGET ID..

  which u gave first!

  lol..

  its just brainwash and bang

 me: Good

 Saikat: he has no idea that he gives me access

  oi..

  blog my name too :P

  inputs :P

 me: Okay

 Saikat: nice method.

  actually..

  tanmay and i did it

  credit goes to tanmay

 me: The pdf you gave to me was made by you?

1:41 PM Saikat: no

  tanmay and i found a better

  way..

  we discussed shit.

  and introduced the IDEA

  of brainwashing

  its easy..

1:42 PM ok i am going

 me: Then what was that pdf?

 Saikat: well.. we read it..

  and closed it

 me: And?

 Saikat: we didnt even think about that

  i mean.

  we thought that it was shit

  but then tanmay and i came up with the idea of brainwashing

1:43 PM i brainwashed mayank

  if someone reads that pdf

  it wouldnt help him in anyway.

  not a single fool will try it

  i mean.. try to hack

 me: Mayank tried it?

 Saikat: yes

1:44 PM i brainwashed him pretty well.

 me: Well he asked me how to hack and i gave him that

 Saikat: .hahahhahahahahahahahahahahahhahahaha

 me: And what about

  The forgot password?

1:45 PM Saikat: hmmm its a difficult thingy guess work..

  nikhil hacked mayank's id using social engineering

  SE.. is one of 7 ways to hack

  other ways are keylogger

  phishing

  etc

 me: Then why did you have to do all this when you guessed them

1:46 PM Saikat: mayank removed all his ids from facebook

  he had switched accounts..

  and i didnt know his new id

  which he was using for fb

  so..

  i had to implement this way

  to get his NEW ID

  and password at the same time

1:47 PM me: o...k

 Saikat: i am going now.

  are you going to give this convo in ur blog?

  rofl

 me: so you got control of 2 id?

 Saikat: no

1:48 PM i thought i got control of two ids.. as i hacked gmail.. with this method... so i will get pass to fb as well!!

  but it turned out that

 me: That's a great idea

 Saikat: mayank had made another id

  and did it

  so..

  it was my mistake

  that..

  i should have told him in the beginning

  that..

  use a account

  which is 30 days old

  !

  or frequently used!

 me: Hehe

 Saikat: OR

1:49 PM use the fb account u are using

  it only works with that

  ok

  do blog my name

  :|

  i have to take a bath now

  tere wageh se itne der se nahi gaya

 me: But he still has control of his account.

 Saikat: abe yaar

  the id i hacked

  it wasnt connected to his fb account!

  he had made a new id

  and did this shit

 me: good

1:50 PM Saikat: bhai

  ab main jaa raha hubn

  tell me when u r done with the blog

  aaah

 me: Naha le!

 Saikat: bye Remember Hacking is not an Indoor Game. It is a sport to be played outside. In order to win, you will have to get your hands dirty