1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

I've been hacked...

Discussion in 'Networking & Security' started by hat, Jan 12, 2017.

  1. hat

    hat Enthusiast

    Joined:
    Nov 20, 2006
    Messages:
    18,174 (4.74/day)
    Thanks Received:
    2,961
    Location:
    Ohio
    Well, someone has, somehow, managed to attack my network, and steal some personal images. Unfortunately, I know nothing of this sort of stuff. I know nothing about hacking, or how to defend against a hacker.

    All I know is I'm pretty sure which computer was attacked. Is there any way I may be able to find out when it happened, how they got in, how to stop them from gaining access again, and who might have done it?

    I thought my stuff was pretty reasonably secure until now. I use AES wifi encryption... the password isn't fantastic but strong enough. I don't even have any ports open/forwarded. We use OpenDNS, every computer uses Windows 10 (stays updated). On my machine, I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything... not sure exactly how the other systems are set up. Is it possible for an attacker to have initially computerized my computer, and then attacked another from there?
     
    phanbuey says thanks.
    10 Year Member at TPU Crunching for Team TPU
  2. jboydgolfer

    jboydgolfer

    Joined:
    Oct 17, 2012
    Messages:
    5,366 (3.19/day)
    Thanks Received:
    7,485
    Location:
    Massachusetts
    I'm very far from an expert, but I'm fairly certain that disabling your firewalls is pretty bad idea(For future reference, maybe a hw firewall). Where they disabled on the computer that you feel was hacked?

    Also is there a possibility that these images have been missplaced ,I know it's silly and basic but sometimes the simplest answer is the most likely.i'm just trying to think of the motivation to go through the trouble of getting into someone's network to take a couple images unless there's some stuff you haven't realized Or noticed yet

    Is it possible for you to elaborate on how you arrived at the conclusion of hacking being the most likely scenario
     
    hat says thanks.
  3. phanbuey

    phanbuey

    Joined:
    Nov 13, 2007
    Messages:
    5,724 (1.64/day)
    Thanks Received:
    1,324
    Location:
    Austin Texas
    did they hack your router or did you download something? Download fiddler and see if you have strange activity.
     
    hat and jboydgolfer say thanks.
  4. hat

    hat Enthusiast

    Joined:
    Nov 20, 2006
    Messages:
    18,174 (4.74/day)
    Thanks Received:
    2,961
    Location:
    Ohio
    The images for sure weren't misplaced. They were found up on some website somewhere... we didn't put them there. My fiancee also says somebody was texting her friend on TextNow (an online texting service) while they were talking on Facebook... and she wasn't even on TextNow at the time. So there's definitely suspicious activity going on. We also have reason to believe there's a certain individual who may be behind it, as this person has had some issues with us and they don't like us very much...

    @phanbuey I'm pretty sure it was my fiancee's laptop that was targeted, not my computer. As such I have no idea what might have happened that might give somebody access...
     
    jboydgolfer says thanks.
    10 Year Member at TPU Crunching for Team TPU
  5. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    14,354 (3.73/day)
    Thanks Received:
    4,303
    to understand how a hacker got what he/she got you have to get into their mind. that being said, were the images *cough* personal in nature?
     
    hat and jaggerwild say thanks.
    10 Year Member at TPU
  6. phanbuey

    phanbuey

    Joined:
    Nov 13, 2007
    Messages:
    5,724 (1.64/day)
    Thanks Received:
    1,324
    Location:
    Austin Texas
    well even if they broke through your wireless they would still have to get access to the share, so it's most likely she downloaded something... if thats the case then it will show up on an app that monitors your/her pc's network activity. find it, see if you can trace it back to that person, kill it, and have her change her passwords.

    there are a ton of ways to get hacked... but most of them involve getting a hold of a commonly used password.

    Do you have a static IP?
     
    hat says thanks.
  7. m&m's

    m&m's

    Joined:
    Sep 2, 2011
    Messages:
    592 (0.28/day)
    Thanks Received:
    469
    Location:
    Where the hand of man has never set foot
    1- Enable Windows firewall
    2- To find when you were hacked you could check your router logs, but it can be a real pain in the ass to find anything relevant.
    3- Reset your router and use a new password
    4- Scan your computers with MBAM and with an antivirus. If you don't want to install one you can download Kaspersky Virus Removal Tool. You should also do a scan with an AV before Windows starts. You can use Kaspersky Rescue Disk to do so.

    If you find proof that you were hacked by someone you know, you can report them to the police. It is illegal to hack a network without the owner's permission.
    But it's unlikely that you were actually hacked.

    If you were actually hacked it's probably IMO with a backdoor.
     
    hat says thanks.
  8. cdawall

    cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    25,271 (6.38/day)
    Thanks Received:
    6,571
    Location:
    Houston
    Router through the cable company and rented? If so tell them you need a new one.

    If it is just someone being a jerk I wouldn't worry much past actually securing the network, changing passwords and turning on firewalls.
     
    hat says thanks.
    10 Year Member at TPU
  9. Frick

    Frick Fishfaced Nincompoop

    Joined:
    Feb 27, 2006
    Messages:
    14,157 (3.45/day)
    Thanks Received:
    4,982
    It's actually pretty good if someone is just out to mess with you. You don't want cryptoviruses, or someone making purchases in your name.

    Reset passwords. All of them. Have she gotten mails about logins she does not recognize? If the photos exists on a cloud platform it is more likely the person has found out the password rather than compromised a computer. And how are her password habits?
     
    hat says thanks.
    10 Year Member at TPU
  10. nomdeplume

    nomdeplume

    Joined:
    Feb 22, 2016
    Messages:
    224 (0.49/day)
    Thanks Received:
    70
    While you are beefing up on personal protection give some thought to keeping sensitive materials offline in a home safe that won't survive a fire. If the worst came that isn't the personal legacy you want to leave for your families to collect. :fear:
     
    hat says thanks.
  11. jboydgolfer

    jboydgolfer

    Joined:
    Oct 17, 2012
    Messages:
    5,366 (3.19/day)
    Thanks Received:
    7,485
    Location:
    Massachusetts
    OK that clarifies it quite a bit. I agree with the other posts saying you should enable firewall but also have your Internet provider replace your modem and router if their provided by them otherwise you can assign them new Mac addresses I've done it before to get around IP bans, I believe it was on the Netgear.

    In my opinion ( for what it's worth ), The fact that it involves both your significant other and you , as well as personal images, makes me feel that this is a personal attack if the word attack fits.

    And when I use the word personal, if I had to bet I want to say that it was someone who knew you.

    Regardless of Who it was, it's totally invasive, and entirely inappropriate and I'm sure has left you feeling very insecure to say the least. I'd start by getting your firewall is turned on, getting new modem/router , and as much of a pain in the ass it's going to be change all your passwords.

    Also either reinstalling your operating systems or using back ups that are older just to be safe.

    I know I've read about "hackers" using email hacks to reach out to peoples contacts, pretending to be the friend as a means of spreading their shit. But the posting of images doesn't seem to fit that category
     
    hat and Mr.Scott say thanks.
  12. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    45,812 (9.93/day)
    Thanks Received:
    13,256
    Location:
    Australalalalalaia.
    can you give me details on your wifi network? B/G/N/AC? is pin based WPS active? Do you have network shares on your PC, is your PC always left on?
    Were these images only on the PC, or other devices? (phone?)

    Being hacked is very rare to be an external event, and VERY likely to have been done in person - someone gained access to the wifi password in the past, or a physical laptop in person for a few minutes (or even access to a phone or dropped USB stick, and quickly copied)
     
    hat, RCoon and Dethroy say thanks.
    10 Year Member at TPU
  13. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    3,453 (1.10/day)
    Thanks Received:
    868
    Location:
    Vietnam
    If they ever had physical access to your fiancee's laptop, then malware is much more likely.
    It may even have been a phishing kind of attack and your significant other clicked through an e-mail she shouldn't.

    Afaik, if you are using strong passwords and DD-WRT it's pretty tough to gain access to your network (WAN or otherwise).
     
    hat says thanks.
  14. Kursah

    Kursah Moderator Staff Member

    Joined:
    Oct 15, 2006
    Messages:
    10,260 (2.65/day)
    Thanks Received:
    4,406
    Location:
    Missoula, MT, USA
    It could've been a browser or OS exploit, something planted if this individual is able to get near you guys.

    Getting through that kind of wireless encryption is doable, but someone really will want to do it. Check your other service accounts for suspicious activity ASAP. Change passwords, use a hidden SSID if you can...though if this person cracked your wireless password out of WPA2 a hidden SSID won't be anything. But to someone else it might be enough to make em go elsewhere. Hidden SSID's still send a ping out, just not as frequently as a broadcasted SSID.

    You could also just run a guest network if you need no file sharing. Most routers feature it. You can manage bandwidth limitations on many as well. Another good reason for this is because then your devices all run in isolated mode...meaning they have Internet access but not LAN resource access. So they can't see other devices.

    Have you disconnected the culprit PC from the network? With Windows 10 you can spoof the MAC address for your wireless NIC pretty easily, I'd start there before reconnecting it.

    I'd enable Windows firewalls as well. What kinda router you running? Might be time to look into something capable of doing some IDS/IPS for you if this keeps up.

    Another option is to disable wireless and run Ethernet. You'll have a different MAC address for the Ethernet NIC, and can simply unplug it if you feel there's been a compromise.

    Depending on what you have and want to do about it, there's options. As-far-as tracing down who-dun it and how now...that would take some work, time and advanced network abilities and comprehension. Better to lock things down, restrict shares and access, increase security...what were the share permissions for that folder?

    Another good idea is to kill your wireless when you're not home or using it, which is doubly handy when using a hidden SSID because it'll be harder to scan for between not being on and when on, not being broadcast frequently.

    You could always setup a honey pot to lure and monitor for someone hacking your network, give them something that looks like what they want. Track what they're doing, and where they're doing it from and add that IP to your blacklist.

    In reality though, someone probably either got onto the machine physically, or if they were capable and desired enough to do so, got into that laptop through an exploit of some sort...more likely than hacking your wireless unless they knew the password or it was easily guessed. Sorry this happened to you, but hopefully we can get you confident in your network and its security again!

    :toast:
     
    hat, AsRock and Dethroy say thanks.
    10 Year Member at TPU
  15. Octopuss

    Octopuss

    Joined:
    Aug 13, 2009
    Messages:
    1,850 (0.65/day)
    Thanks Received:
    600
    Location:
    Czech republic
    So you obviously know little to nothing about computers (or at least about networking), and yet
    You deserved to be hacked (or whatever it really was) then.
     
    hat and erixx say thanks.
  16. hat

    hat Enthusiast

    Joined:
    Nov 20, 2006
    Messages:
    18,174 (4.74/day)
    Thanks Received:
    2,961
    Location:
    Ohio
    I plan on checking her laptop, making sure firewall is on and AV is installed and working. I recall installing Panda on it at some point, but I'm not sure if it's on there now. Maybe I'll try a hijackthis log, though I admit I don't understand all of it...

    IP isn't static, but it rarely, if ever, changes. I could force it to change if I spoof my router's MAC...

    1. Gonna do that
    2. Looked there, nothing of value or interest... last entry is from December 12th. :wtf:
    3/4. Yeah, I plan on doing that too.

    Nah, I own it. Gonna do what we can to secure our shit.

    Not sure about that one. I'll tell her she'll have to change her passwords.

    We might do that too.

    Yeah, it it's who we think it is, it's definitely someone who knew us... and now doesn't like us anymore.

    Not likely to have been done in person at all. This guy showed up at the door one day, and we, wanting nothing to do with him, shut the door in his face... he never stepped foot in the house. Give it about a week and bam, this happens. Anyways... the router runs two SSIDs, one for 2.4 and one for 5, B/G/N mixed. No WPS, WPA2-AES only.

    The images were only on PC (mine and hers). Network file sharing is enabled, but these images weren't in any shared location.

    No physical access. I'd imagine it would be tough to guess our passwords, as well.

    I'm thinking it has to be some sort of exploit or sneaky virus... the kind that might be hidden in something else (like an image). Apparently there's spooky things going on with that laptop that sounds like remote control to me. I have an RTN66R. I'm sure it's capable of nifty things with a custom firmware... but most of that stuff is over my head, at least at this time.

    Thanks... I admit I may have been a bit careless with my network security, but I'm no fool... however, despite your attitude, I still hope the same won't happen to you.
     
    jboydgolfer and dorsetknob say thanks.
    10 Year Member at TPU Crunching for Team TPU
  17. Filip Georgievski

    Joined:
    Nov 5, 2015
    Messages:
    370 (0.65/day)
    Thanks Received:
    131
    Location:
    Skopje, Macedonia
    About the WiFi security, you can do a Mac filtering if your routher supports it, so that only those devices with MAC numbers that are in the routher database can access.
    I had similar issue. Someone was stealing from my internet years ago, and i did this, and guess what, no more burgulars in my network.
     
    hat says thanks.
  18. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    45,812 (9.93/day)
    Thanks Received:
    13,256
    Location:
    Australalalalalaia.
    if the files were not shared, then they cant have been accessed by remote wifi hacking. I'm not convinced this was a wifi hack (i've hacked a few neighbours wifi networks in my time)

    He clearly knows where you live, so perhaps there is some missing piece you dont know (could he have been let into the house without your knowledge? forgive the examples, but a daughter letting a guy in for relations, cheating spouse, etc etc)
    Could he have got access to a laptop out of the house? broken into a car for example? Your partners workplace if a laptop is taken there?
     
    hat and FordGT90Concept say thanks.
    10 Year Member at TPU
  19. Ahhzz

    Ahhzz

    Joined:
    Feb 27, 2008
    Messages:
    3,923 (1.16/day)
    Thanks Received:
    3,159
    not really productive.....
     
    hat, Sasqui, Kursah and 2 others say thanks.
  20. Vulcansheart

    Vulcansheart

    Joined:
    Jun 2, 2015
    Messages:
    65 (0.09/day)
    Thanks Received:
    64
    Location:
    Charleston, SC
    OpenDNS pointing back to your home IP where all your personal devices are connected. No AV or firewall on your PC.

    ^^This would be my point of entry if you were my target. A quick nmap scan would reveal any open ports through the router's firewall straight to your machine. My guess is your PC stays on most of the time, making a john attack on your windows credentials viable. This is like 3/10 difficulty for an intermediate hacker.

    My gut says that you were not targeted by someone you know, rather you were an easy test of some script kiddie on the other side of the country that happened across your domain name.
     
  21. jboydgolfer

    jboydgolfer

    Joined:
    Oct 17, 2012
    Messages:
    5,366 (3.19/day)
    Thanks Received:
    7,485
    Location:
    Massachusetts
    I know right?

    I can understand the feeling of like "why would you disable firewalls and antivirus"!!?

    But making someone feel s****y or brow beating them isn't helping.

    If anything hopefully the OP will come away with this with a new respect for the firewalls and antivirus's "annoyanceS" and learn to live with them since they may be annoying when you don't need them but they're sure as hell nice to have when you do. Especially since most of the time you don't know when you need them.

    Based on the type of activity and what was posted by the OP my guess is someone they know personally knew that their network and machines were vulnerable. They use that information to malicious ends.

    I'd like to find someone if they did this to me .....in person omg, It would be so rewarding
    :laugh:
     
    hat, Ahhzz, Kursah and 2 others say thanks.
  22. Silas Woodruff

    Silas Woodruff

    Joined:
    May 2, 2013
    Messages:
    178 (0.12/day)
    Thanks Received:
    68
    Well, can't really give any concrete answers, but these might help in giving your PC a thorough clean of anything malware.

    TDSSKiller run this first
    RogueKillerX64 second
    Emisoft emergency kit third
    adwcleaner forth
    JRT fifth

    After that, do pretty much what others have said, new passwords for everything you use and maybe try to re-enable firewall.
     
    Last edited: Jan 12, 2017
    hat says thanks.
  23. jboydgolfer

    jboydgolfer

    Joined:
    Oct 17, 2012
    Messages:
    5,366 (3.19/day)
    Thanks Received:
    7,485
    Location:
    Massachusetts
    @hat
    I just remembered, if I may be so bold. If you don't mind the wait of taking delivery of an actual physical copy, Malwarebytes pro 1 year license ( installs on up to three different PCs at once )
    Is currently on sale the lowest I've ever seen it.

    Just use promo code : Emcrbbc29

    https://m.newegg.com/Product/Index?itemNumber=N82E16832562009

    It ends up costing $15 after shipping charges of course that's dependent on what shipping method you choose and also email delivery is not available for this deal but if you can wait four days you can get it at this price for three of your PCs. I remember you mentioned you have more than one machine I recommend it highly

    summarized product info:

    • Detects and protects against malware in real-time
    • Blocks hacking and phishing attempts
    • Schedules automatic scanning
    • Offers three flexible scanning modes
    • Advanced malware removal
     
    hat, Kursah and Ahhzz say thanks.
  24. Ahhzz

    Ahhzz

    Joined:
    Feb 27, 2008
    Messages:
    3,923 (1.16/day)
    Thanks Received:
    3,159
    Excellent product, does really well. I recommend this with a side of an AntiVirus of your choice...
     
    hat, jboydgolfer and Kursah say thanks.
  25. eidairaman1

    eidairaman1 The Exiled Airman

    Joined:
    Jul 2, 2007
    Messages:
    17,409 (4.82/day)
    Thanks Received:
    3,758
    Turn off homegroup
     
    hat says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)