How I got my 6-diget ICQ account back in 2005

Ever since I owned the ICQ number 108039 I have been getting spam messages from all kinds of russians, turkish and eastern europeans. Since the ICQ UIN (Universal Internet Number) is one of the first numbers that was registered, it has become quite rare.
ICQ was developed in 1996 by Mirabilis. The company was founded by four young Israelis: Yair Goldfinger, Arik Vardi, Sefi Vigiser and Amnon Amir. After AOL bought it, it was managed by Ariel Yarnitsky and Avi Shechter.

Mirabilis (ICQ) started to give away ICQ # starting at 10000 so basically this is the 8039th number.

Anyway, I registered this PC when I was waiting for my dad in the office. I have always been interested in the Internet and always been reading stuff on the internet. Back then ICQ was announced in some news and I was so curious about this “new way of chatting” (before I was only using IRC – Internet Relay Chat) that I signed up.
Back then I didn’t have my own domain, not to dream of server or web space, so I was using a freemail service such as yahoo. Account registered, details entered (birthday, Nationality, Languages spoken, About etc) and then for long time (after some non-frequent use) nothing happened. ICQ kind of became unpopular for me, since all my friends were using IRC and no one could be bothered to sign up. So I kind of binned it, leaving the details “saved” on my (well actually this is quite important: it was not my PC, but my father’s companies one!) PC.

After two or three years, I can not really remember I started to use ICQ again, but I wasn’t really aware of my old account and thus registered a new one which I was from then on using more frequently to chat with my friends abroad. This was even long before anyone at school or in my class even knew ICQ as a chat tool, so much for the gap of internet knowledge at early times (not meant to glorify my internet use!).

Here is where it gets interesting, I think it was more a chain of coincidences, that lead me to my old ICQ account 108039: My father changed companies and brought home this particular PC (which I was using before, but then was given back to the office clerk, then back to my father for home use and so on.. back then (again) it was not very usual to format PCs every few weeks and forth)) and asked me whether I’d use it as a new router for our newly established DSL broadband internet access.

Since I didn’t have that much to do (contrary to today), I agreed to spend some time looking into things, googling for one-disk linux routers. But before I formatted thee ol’ mill, I had to look through files that had to be backup’ed. Under C:\Program Files\ I found something interesting which raised my attention. A folder called ICQ. Wow! I had discovered my old account! But I couldn’t login, since the PC was not connected to the Internet. So I had to go to the local PC store, get a compatible Ethernet card (one with a BNC clip – ugh) and set it up to connect to the net. Some hours later I was able to login using the saved password! And it worked! It worked out of the box like a charm!. You cannot imagine how happy and surprised I was to find all my old contact in place, people that I didn’t speak with for years.

But another problem occurred, I didn’t know the password but wanted to use the account from my own PC upstairs. After some research a found different programs that were able to unmask the stars and showed the password. The password I had it set was so stupid:
JAyJAy0208.
I used a program similar to the one I am using nowerdays, it is called SIW. See the information below (also links to download it).

SIW is a System Information tool that gathers detailed information about your system properties and settings. [...] SIW also displays currently active network connections, Passwords hidden behind asterisks [...] A standalone tool that does not require installation.

Get it at author’s website | direct download (exe) | torrent download | mirror (exe)

Anyway, I was using my new ‘old’ account on my desktop PC and decided to change the password to one that I was using for other services such as e-mail, bouncer etc.
It was lowercase letters and 6 digets only and contrary to the password I had used when I signed up (read above), JAyJAy0208 had a change of uppercase and lowercase as well as numbers.
In terms of security the old password was stronger then the one I selected.

This is, at least so I think, what lead to the loss of my account, from one day to the next I was unable to login anymore. At first it was some kind of issue with Trillian or the ICQ service in general, but since the error code was remaining the same (Wrong Password) for days I assumed there was something wrong with my account. Of course official e-mail to ICQ didn’t receive a reply, post in the forums where ignored or deleted and in general no one felt like helping. After some time I figured out that my account could have probably been hacked, because I was not even able to get to the security question which could be used to reset my password. Also most of my personal information was deleted from the account profile. The only things left were my date of birth, my nationality and my spoken languages. My name, e-mail address and nickname were erased.

I started to research things, and googled for sites where you could buy UINs on, here are two exemplary excerpts:

It seemed like as if people were willing to pay great amounts of $ for low diget ICQ account, such as mine (108039). I checked many sites, russian sites, turkish sites, czech sites, german sites and asian sites, to no success. So I started to add so called “UIN dealers or Shop owners” and asked them to acquire the UIN 108039 for me (I used another account and said I wanted this ICQ number badly and was willing to pay, just to check whether it was available from a pool of hacked icq numbers or not), but no one was able to get it.
So where was my ICQ number? Who owned it, or hacked it? Was it a database error or mistake by ICQ?
Obviously the account was not deleted because of inactivity because ELSE I could not have logged in initially and changed the password and then again used it for weeks before the loss occurred.

I was running out of ideas and started to accept the “loss”, I began to re-add the folks of my old contact list to my new account and let grass cover the hole for some days. I was then approached by some russian dude, who had read my post on the ICQ forums. He said that he was experiencing the same symptoms, and that he had gotten a contact to some ICQ admin (I am not allowed to write here, I promised) and that he was willing to share that with me for $5 to be transfered to him via western union. Quite promising I thought, also because he had sent me an e-mail log (conversation) with this particular admin and he seemed quite cool and helpful. Thus I decided to take the risk and pay the five bucks. I received the contact the day after, added the person and told him my story in short. I knew that this admin wouldn’t have loads of time and was also worried of his contact given around like a stray dog, so I summed things up, explained how I got the contact and my situation, said that I could proof that I was the legal owner of this ICQ account and so on. This admin was not working in the security/account department , so he couldn’t promise anything, and of course he had 100s of better things to do then to help out some random dude from the internet. But he was so kind to ask his mate who’d worked in the security department if he wanted to look at things. He told me that I had to convince this admin with good proof and reasons that I am the owner and not some scammer wanting to make some quick bucks!

So I scanned in my Identity Card, my driving licsence and my travel passport and sent it to his e-mail address. He printed it out and went with these documents to his friend in the lunchbreak, and the next thing I remember is that I received an e-mail from ICQ three hours later, saying that my primary e-mail address had been reset, to enter all new security questions and with a brand new password with lowercase, uppercase, digets and special characters. I logged in using this password and it worked like a charm! wow, amazing! I am so thankful, still.
The password is similar to this (of course this is not my password, duh): s&Bo$7i!

If there is anything, ever, that I can do to repay you guys, in case you read this, I will do my best to sort things out.

* As a response to increasing UIN theft of attractive or very short UINs by hackers, ICQ started to store email addresses previously associated to a UIN. UINs that are stolen with phishing or brute force techniques can since then be retaken by their rightful owners using the password retrieval service on ICQ.com, even after the associated primary email address has been changed or replaced by the hacker. This only applies if a valid primary email address has been entered into the user profile since 1999.

further reading (not encouraged actually)

That article does not contain the full and detailed description of system – at present it is impossible. We shall consider only general moments.

Earlier all was rather simple. In details of ICQ UIN was specified e-mail on which it was possible to send the password. Use for restoration of older e-mail’s kill newer. Who owned root primary e-mail (the first entered) – that owned UIN and always could send the password from UIN on this e-mail. It was the “classical” system of retrieve and it did not cause any difficulties in users in understanding of mechanisms of the work.

At the end of March, 2005 ICQ has added an opportunity of retrieve of the password through answers to the questions earlier established by the owner of ICQ UIN.

Has appeared two variants of installation of questions/answers to UIN:

1. Through page of questions/answers: /password/setqa.php.

We enter ICQ UIN and the password and at once we get on page of entering of questions/answers.

2. Through page of retrieve of the password: /password.

In the form we enter our UIN, ” Next>>”. At first use of this page you will need to send a code on primary e-mail. Then, using the received code to enter questions/answers. You automatically get the new password from UIN on the present primary e-mail.

After installation of questions – answers, we get two variants of restoration of the password from ICQ UIN:

1. Get the new password under the entered questions/answers to any e-mail.

On the /password At the left we enter UIN, we press ” Next > > “. Here it is necessary to reply established by us earlier and to specify anyone e-mail.

2. Get a code on primary e-mail, entering of new questions/answers, get the new password.

At already entered questions/answers to page of retrieve of the password on any e-mail hardly is lower than the first question there is a small reference “If these are not your questions & answers, click here.” it is used for change of questions/answers through getting of a code on e-mail.

Let’s note some features of new system:

1. That e-mail, entered in a detail of ICQ UIN, set as primary e-mail, it is necessary at first to enter questions – answers again.

2. Primary e-mail can work only once. I.e. after use of the code sent on primary e-mail, primary “killed”.

3. The ladder of primary, characteristic for “classical” system of retrieve here was kept. Certainly, with note, that primary can be used once.

4. To replace the established questions – answers it is possible only through getting of a code on e-mail..

New rules of work of retrieve were generated somewhere within one month and prior to the beginning of February 2006 all worked without changes while ICQ again has not changed a rule of work of system:

1. After installation of questions – answers new primary e-mail in UIN it is not entered.

I.e. in a detail of ICQ UIN e-mail certainly registers, but by system of retrieve it is not perceived. Because of it UINs in general without primary e-mails have appeared, questions – answers on which to change it is impossible.

2. Root primary does not disappear in general.

In the previous version ??????? all e-mails worked only once.

However the most interesting has taken place in June 2006:

1. On the page for installation of questions – answers /password/setqa.php Now one question, instead of two is entered.

For the user there is no special difference two questions – answers to use or one.

2. If in UIN questions – answers were entered throw the page /password/setqa.php it became possible to change the first question – answer.

At last users who have received in the last version of retrieve UINs without primary, with unchangeable questions – answers could change even one question – answer. However now in case of theft of UIN to return it through answers it will not turn out any more since the malefactor most likely will replace first of answers. It puts under a question introductions of system of confidential questions – to return number it is possible only through primary e-mail.

3. Many primary e-mails have ceased to work. As though them have simply removed from base ICQ.

For example, have killed almost all old primary which were once entered in numbers, have disappeared the majority e-mails which were entered till January of 2006 (then still it was necessary to put questions – answers that e-mail was fixed in base). Thus work e-mails, entered in the invisible being this year (without preliminary installation of questions – answers). A principle on which primary have disappeared it is not clear. It is more similar to failure in system, rather than on the planned change of logic.

It is obvious, that it is necessary for usual users ICQ only with the maximal attention and severity to observe all rules of ICQ-security, to keep number ICQ, since to hope for changeable system of restoration ICQ it is practically useless.

If you enjoyed this post, make sure you subscribe to my RSS feed!