I've been hacked...

eidairaman1 · Jan 13, 2017

FordGT90Concept said:
Seriously, I'd just erase all the machines that may have been compromised (after getting important stuff off first, of course). Starting from scratch with a strong security policy (e.g. all admin accounts are passworded) is the only way to create a good foundation to work off of. Whenever a computer is compromised, only one hole has to be missed for it to be compromised again.

Id disconnect the ethernet cords, and the phone cord/cable and cycle power on the modem for a fresh IP.

Kursah · Jan 13, 2017

eidairaman1 said:
I dont allow my ssid to be transmitted. I have to tell someone what it is.

Even when SSID's aren't set to broadcast, they still send a transmit out at intervals and can be seen by those that are looking.

Want proof? Download Acrylic Wifi Free which is a wireless detection and monitoring program for Windows. You'll see whatever your wireless adapter does over the air.

There's also other programs and options that can do the same thing relatively easily. SSID hiding is a great supplement to other security measures though! Don't get me wrong I support it, but it is surely no solution on its own.

Also, double-posting are we?

Frick · Jan 13, 2017

human_error said:
Considering Teamviewer got badly hacked in June last year I wouldn't have that anywhere near my PCs (especially as the company initially denied any problems, then later admitted that something didn't seem right with how many accounts were compromised).

Off topic a bit, but I think that hack turned out to be a case of people reusing passwords.

silkstone · Jan 14, 2017

eidairaman1 said:
I dont allow my ssid to be transmitted. I have to tell someone what it is.

For anyone who wants to hack your network, not broadcasting your SSID will not hinder them in the slightest.
Most of the security blogs I have read say not to do this.

From my reading, again I'm no expert, the best way to secure a home network seems to be to set up an unbridged guest wifi for visitors.
Make sure that firmware is patched and use strong passwords and encryption.

@hat were you using WPA2-Personal with AES (No TKIP) for your wifi security? Anything else can be hacked from what I've learned.

revin · Jan 14, 2017

Aquinus said:
port scan or ping my IP

Steve Gibson has a nice online tool for that at GRC, ShieldsUp. This is just using COMODO thru my ATT router

Steevo said:
what IP/machine is connecting and sending packets to what IP/Machine on the internet

For real time monitoring maybe Process Lasso or even Comodo Kill Switch good to watch and track what's happening also?

Kursah said:
consider running standard user accounts and have a locked down admin account you use to enter credentials for when you need to install or modify something. That will help quite a bit.

This is what I have heard the most by far that is a real good defense to the hackers, and make sure in Explorer view properties check box's to "keep system files and folders Hidden" and "Hide protected operating system files"

Ahhzz · Jan 14, 2017

revin said:
Steve Gibson has a nice online tool for that at GRC, ShieldsUp. This is just using COMODO thru my ATT router

For real time monitoring maybe Process Lasso or even Comodo Kill Switch good to watch and track what's happening also?

This is what I have heard the most by far that is a real good defense to the hackers, and make sure in Explorer view properties check box's to "keep system files and folders Hidden" and "Hide protected operating system files"

This, this, a thousand times this. GRC has been running this site forever, excellent tool, and excellent software.

hat · Jan 22, 2017

Yeah, I know about ShieldsUp! Nothing was open, everything reported Stealth. I've been busy doing this and that... changed my wifi password, checked all the computers (except the suspect laptop of course... I can never get a chance to get to it).

I flashed Merlin to my router, but I went back to stock firmware because I like manually assigning DHCP addresses and Merlin won't do that. There's an option for it, but as soon as I hit apply, the circling "Applying Settings" just stays forever. If I refresh the page, log back in to the router settings... the settings don't stick. I'm still not sure what security advanced firmware might offer me though...

Solaris17 · Jan 22, 2017

It looks already pretty covered but what you need is more secure practices not more secure hardware.

silkstone · Jan 22, 2017

Solaris17 said:
It looks already pretty covered but what you need is more secure practices not more secure hardware.

hat said:
Yeah, I know about ShieldsUp! Nothing was open, everything reported Stealth. I've been busy doing this and that... changed my wifi password, checked all the computers (except the suspect laptop of course... I can never get a chance to get to it).

I flashed Merlin to my router, but I went back to stock firmware because I like manually assigning DHCP addresses and Merlin won't do that. There's an option for it, but as soon as I hit apply, the circling "Applying Settings" just stays forever. If I refresh the page, log back in to the router settings... the settings don't stick. I'm still not sure what security advanced firmware might offer me though...

I'd say that getting to the laptop is a priority. It is highly unlikely that you were hacked via WiFi, assuming you were using WPA2.
It's just as unlikely that you were hacked over WAN, with no ports showing and the built-in firewall and (i'm guessing) non-default router pw.

One more thing to do is to disable uPNP, it's been a known exploitable feature in the past and, though it should have been patched, you won't generally need it and make sure that you keep your router's firmware up-to date.

The security that open source firmware grants is that exploits are patched pretty quickly and generally, it just doesn't have many when compared to stock.
DD-WRT has a huge user base and anything exploitable is usually caught and patched quickly. You also get other security features, like only allowing certain MAC addresses to connect over wifi as well as the ability to set-up a guest (unbridged) wifi connection for visitors. You might like to try a slightly older Merlin build to see if the problem is persistent in that and report the issue as a bug on the forums.

If I had to guess what happened, and assuming the laptop comes back clean, you might have given a friend/visitor your home wifi password who then went on to share it with the person that hacked you.
It is a very good idea to set up a separate signal for guests.

hat · Jan 22, 2017

UPNP is always disabled, as are guest networks. Nobody would have had our password either... but I changed it anyway, just cause. Non-default router password as well... changed that also.

I did go back a few versions with Merlin... the problem persisted. :/

silkstone · Jan 22, 2017

Then I highly suspect that there is something on the Laptop. Possibly a R.A.T. or even just a key-logger.

It would take a lot of skill, and knowledge of 0-day exploits, to hack a home network with non-default admin password and WPA2 wifi protection.

One other thing that is recommended is to choose a subnet other than 0 or 1. For example, choose something like 192.168.x.13 for your router. Some malware works on the principle that your router's address is 192.168.0/1.1.
I doubt that was the problem in your case, but as you are re-securing your network anyway, there's no reason not to.

Guest networks are actually set up for security. They aren't bridged with your LAN so giving out the password to it, wouldn't compromise security. If you never have any need for visitors to use your wi-fi connection, then I guess there is no reason to set one up.
If you ever think you will though. You should.

Also what you said here:

"I'm thinking it has to be some sort of exploit or sneaky virus... the kind that might be hidden in something else (like an image). Apparently there's spooky things going on with that laptop that sounds like remote control to me. I have an RTN66R. I'm sure it's capable of nifty things with a custom firmware... but most of that stuff is over my head, at least at this time."

Tells me that you need to take a look at your fiancee's laptop ASAP. All the work you are doing now to secure your network will be for nowt, if they have got a remote access tool on your other half's computer.

System Name	PCGOD
Processor	AMD FX 8350@ 5.0GHz
Motherboard	Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling	Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory	16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s)	AMD Radeon 290 Sapphire Vapor-X
Storage	Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s)	NEC Multisync LCD 1700V (Display Port Adapter)
Case	AeroCool Xpredator Evil Blue Edition
Audio Device(s)	Creative Labs Sound Blaster ZxR
Power Supply	Seasonic 1250 XM2 Series (XP3)
Mouse	Roccat Kone XTD
Keyboard	Roccat Ryos MK Pro
Software	Windows 7 Pro 64

System Name	Kursah's Gaming Rig 2018 (2022 Upgrade) - Ryzen+ Edition \| Gaming Laptop (Lenovo Legion 5i Pro 2022)
Processor	R7 5800X @ Stock \| i7 12700H @ Stock
Motherboard	Asus ROG Strix X370-F Gaming BIOS 6203\| Legion 5i Pro NM-E231
Cooling	Noctua NH-U14S Push-Pull + NT-H1 \| Stock Cooling
Memory	TEAMGROUP T-Force Vulcan Z 32GB (2x16) DDR4 4000 @ 3600 18-20-20-42 1.35v \| 32GB DDR5 4800 (2x16)
Video Card(s)	Palit GeForce RTX 4070 JetStream 12GB \| CPU-based Intel Iris XE + RTX 3070 8GB 150W
Storage	4TB SP UD90 NVME, 960GB SATA SSD, 2TB HDD \| 1TB Samsung OEM NVME SSD + 4TB Crucial P3 Plus NVME SSD
Display(s)	Acer 28" 4K VG280K x2 \| 16" 2560x1600 built-in
Case	Corsair 600C - Stock Fans on Low \| Stock Metal/Plastic
Audio Device(s)	Aune T1 mk1 > AKG K553 Pro + JVC HA-RX 700 (Equalizer APO + PeaceUI) \| Bluetooth Earbuds (BX29)
Power Supply	EVGA 750G2 Modular + APC Back-UPS Pro 1500 \| 300W OEM (heavy use) or Lenovo Legion C135W GAN (light)
Mouse	Logitech G502 \| Logitech M330
Keyboard	HyperX Alloy Core RGB \| Built in Keyboard (Lenovo laptop KB FTW)
Software	Windows 11 Pro x64 \| Windows 11 Home x64

System Name	Black MC in Tokyo
Processor	Ryzen 5 5600
Motherboard	Asrock B450M-HDV
Cooling	Be Quiet! Pure Rock 2
Memory	2 x 16GB Kingston Fury 3400mhz
Video Card(s)	XFX 6950XT Speedster MERC 319
Storage	Kingston A400 240GB \| WD Black SN750 2TB \|WD Blue 1TB x 2 \| Toshiba P300 2TB \| Seagate Expansion 8TB
Display(s)	Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case	Fractal Design Define R4
Audio Device(s)	Line6 UX1 + some headphones, Nektar SE61 keyboard
Power Supply	Corsair RM850x v3
Mouse	Logitech G602
Keyboard	Cherry MX Board 1.0 TKL Brown
VR HMD	Acer Mixed Reality Headset
Software	Windows 10 Pro
Benchmark Scores	Rimworld 4K ready!

System Name	Gaming System / HTPC-Server
Processor	i7 8700K (@4.8 Ghz All-Core) / R7 5900X
Motherboard	Z370 Aorus Ultra Gaming / MSI B450 Mortar Max
Cooling	CM ML360 / CM ML240L
Memory	16Gb Hynix @3200 MHz / 16Gb Hynix @3000Mhz
Video Card(s)	Zotac 3080 / Colorful 1060
Storage	750G MX300 + 2x500G NVMe / 40Tb Reds + 1Tb WD Blue NVMe
Display(s)	LG 27GN800-B 27'' 2K 144Hz / Sony TV
Case	Xigmatek Aquarius Plus / Corsair Air 240
Audio Device(s)	On Board Realtek
Power Supply	Super Flower Leadex III Gold 750W / Andyson TX-700 Platinum
Mouse	Logitech G502 Hero / K400+
Keyboard	Wooting Two / K400+
Software	Windows 10 x64
Benchmark Scores	Cinebench R15 = 1542 3D Mark Timespy = 9758

System Name	Firebird
Processor	Intel i7 2600K @5.0'ish 24/7 stock core Voltage {5.2 w/102 bCLK}
Motherboard	Intel Extreme DZ68BC SkullTrail Z68 Cougerpoint, Excellent MCH !
Cooling	Scythe NINJA PLUS Rev.B[skt478] Modded to 1155 Scythe SH12 fan
Memory	Samsung 32nm 16Gb 4x4 (@19xxmhz} low profile[ better than 2133 banwidth]
Video Card(s)	Gigabyte Aurosus 1080Ti
Storage	Intel 512 SSD,Samsung 9701Tb, Toshiba 3Tbx2,Hitachi 320,1TBx2,'Cuda 400 7200.10, WD1TBUSB,to SATA
Display(s)	Acer K272HUL 1440 27" WQHD, Samsung 226W, Vizio M60C3 4K 60",Vizio XVT3D554SV
Case	CoolerMaster HAF 932
Audio Device(s)	Intel 10ch[9+1] HD Audio X540> Pioneer VSX39TX[copper chasis,Rosewood sides 5x6LCD remote
Power Supply	Seasonic X750 @ 24/7
Mouse	Logictech G300s
Keyboard	Saitek Cyborg v7
Software	Windows 7 ROG E3 X64 by Neuropass/tweakscene
Benchmark Scores	4642@665/1600 220/GAT F1 4544 220/667strap 2.5/3/2/6 Bliss 650/1500 6490 Q6700 Bliss 690/1500

I've been hacked...

eidairaman1

The Exiled Airman

Kursah

Super Moderator

Frick

Fishfaced Nincompoop

silkstone

revin

Ahhzz

Moderator

hat

Enthusiast

Solaris17

Super Dainty Moderator

silkstone

hat

Enthusiast

silkstone

System Name	OrangeHaze / Silence
Processor	i7-13700KF / i5-10400 /
Motherboard	ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling	Corsair H75 / TT ToughAir 510
Memory	64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s)	Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage	Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s)	22" Dell Wide/24" Asus
Case	Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s)	SB Audigy 7.1
Power Supply	Corsair Enthusiast TX750
Mouse	Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard	K68 RGB — CHERRY® MX Red
Software	Win10 Pro \ RIP:Win 7 Ult 64 bit

System Name	Starlifter :: Dragonfly
Processor	i7 2600k 4.4GHz :: i5 10400
Motherboard	ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling	Cryorig M9 :: Stock
Memory	4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s)	PNY GTX1070 :: Integrated UHD 630
Storage	Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s)	Onn 165hz 1080p :: Acer 1080p
Case	Antec SOHO 1030B :: Old White Full Tower
Audio Device(s)	Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply	FSP Hydro GE 550w :: EVGA Supernova 550
Software	Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores	>9000

System Name	Rocinante
Processor	I9 14900KS
Motherboard	EVGA z690 Dark KINGPIN (modded BIOS)
Cooling	EK-AIO Elite 360 D-RGB
Memory	64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s)	MSI SUPRIM Liquid X 4090
Storage	1x 500GB 980 Pro \| 1x 1TB 980 Pro \| 1x 8TB Corsair MP400
Display(s)	Odyssey OLED G9 G95SC
Case	Lian Li o11 Evo Dynamic White
Audio Device(s)	Moondrop S8's on Schiit Hel 2e
Power Supply	Bequiet! Power Pro 12 1500w
Mouse	Lamzu Atlantis mini (White)
Keyboard	Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD	Quest 3
Software	Windows 11
Benchmark Scores	I dont have time for that.