Hacker services, usually based overseas, openly advertise that for as little as $100, they can find out what someone's e-mail password is and provide it to buyers, who can then use it to monitor the private communications of estranged spouses, family members or whomever they choose, the Washington Post reported Monday.
Orin Kerr, a law professor at George Washington University and a former trial attorney in the Justice Department's computer crime section, told the Post that while U.S. law prohibits hacking into e-mail, it's only a misdemeanor without further criminal activity. And as such, it is a low priority item for the FBI.
"This is an important point that people haven't grasped," added Peter Eckersley, a staff technologist for the Electronic Frontier Foundation in San Francisco. "We've been using e-mail for years, and it's been insecure all that time. ... If you have any hacker who is competent and spends the time and targets you, he's going to get you."
Experts said Web-based e-mail accounts are especially vulnerable because hackers an exploit security flaws in Web browsers.