• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

I've been hacked...

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Well, someone has, somehow, managed to attack my network, and steal some personal images. Unfortunately, I know nothing of this sort of stuff. I know nothing about hacking, or how to defend against a hacker.

All I know is I'm pretty sure which computer was attacked. Is there any way I may be able to find out when it happened, how they got in, how to stop them from gaining access again, and who might have done it?

I thought my stuff was pretty reasonably secure until now. I use AES wifi encryption... the password isn't fantastic but strong enough. I don't even have any ports open/forwarded. We use OpenDNS, every computer uses Windows 10 (stays updated). On my machine, I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything... not sure exactly how the other systems are set up. Is it possible for an attacker to have initially computerized my computer, and then attacked another from there?
 
Joined
Oct 17, 2012
Messages
9,781 (2.34/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest
Well, someone has, somehow, managed to attack my network, and steal some personal images. Unfortunately, I know nothing of this sort of stuff. I know nothing about hacking, or how to defend against a hacker.

All I know is I'm pretty sure which computer was attacked. Is there any way I may be able to find out when it happened, how they got in, how to stop them from gaining access again, and who might have done it?

I thought my stuff was pretty reasonably secure until now. I use AES wifi encryption... the password isn't fantastic but strong enough. I don't even have any ports open/forwarded. We use OpenDNS, every computer uses Windows 10 (stays updated). On my machine, I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything... not sure exactly how the other systems are set up. Is it possible for an attacker to have initially computerized my computer, and then attacked another from there?

I'm very far from an expert, but I'm fairly certain that disabling your firewalls is pretty bad idea(For future reference, maybe a hw firewall). Where they disabled on the computer that you feel was hacked?

Also is there a possibility that these images have been missplaced ,I know it's silly and basic but sometimes the simplest answer is the most likely.i'm just trying to think of the motivation to go through the trouble of getting into someone's network to take a couple images unless there's some stuff you haven't realized Or noticed yet

Is it possible for you to elaborate on how you arrived at the conclusion of hacking being the most likely scenario
 
  • Like
Reactions: hat
Joined
Nov 13, 2007
Messages
10,209 (1.71/day)
Location
Austin Texas
Processor 13700KF Undervolted @ 5.6/ 5.5, 4.8Ghz Ring 200W PL1
Motherboard MSI 690-I PRO
Cooling Thermalright Peerless Assassin 120 w/ Arctic P12 Fans
Memory 48 GB DDR5 7600 MHZ CL36
Video Card(s) RTX 4090 FE
Storage 2x 2TB WDC SN850, 1TB Samsung 960 prr
Display(s) Alienware 32" 4k 240hz OLED
Case SLIGER S620
Audio Device(s) Yes
Power Supply Corsair SF750
Mouse Xlite V2
Keyboard RoyalAxe
Software Windows 11
Benchmark Scores They're pretty good, nothing crazy.
did they hack your router or did you download something? Download fiddler and see if you have strange activity.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
The images for sure weren't misplaced. They were found up on some website somewhere... we didn't put them there. My fiancee also says somebody was texting her friend on TextNow (an online texting service) while they were talking on Facebook... and she wasn't even on TextNow at the time. So there's definitely suspicious activity going on. We also have reason to believe there's a certain individual who may be behind it, as this person has had some issues with us and they don't like us very much...

@phanbuey I'm pretty sure it was my fiancee's laptop that was targeted, not my computer. As such I have no idea what might have happened that might give somebody access...
 

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,436 (2.43/day)
Location
Mid-Atlantic
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
to understand how a hacker got what he/she got you have to get into their mind. that being said, were the images *cough* personal in nature?
 
Joined
Nov 13, 2007
Messages
10,209 (1.71/day)
Location
Austin Texas
Processor 13700KF Undervolted @ 5.6/ 5.5, 4.8Ghz Ring 200W PL1
Motherboard MSI 690-I PRO
Cooling Thermalright Peerless Assassin 120 w/ Arctic P12 Fans
Memory 48 GB DDR5 7600 MHZ CL36
Video Card(s) RTX 4090 FE
Storage 2x 2TB WDC SN850, 1TB Samsung 960 prr
Display(s) Alienware 32" 4k 240hz OLED
Case SLIGER S620
Audio Device(s) Yes
Power Supply Corsair SF750
Mouse Xlite V2
Keyboard RoyalAxe
Software Windows 11
Benchmark Scores They're pretty good, nothing crazy.
well even if they broke through your wireless they would still have to get access to the share, so it's most likely she downloaded something... if thats the case then it will show up on an app that monitors your/her pc's network activity. find it, see if you can trace it back to that person, kill it, and have her change her passwords.

there are a ton of ways to get hacked... but most of them involve getting a hold of a commonly used password.

Do you have a static IP?
 
  • Like
Reactions: hat
Joined
Sep 2, 2011
Messages
702 (0.15/day)
Location
Where the hand of man has never set foot
Processor AMD Ryzen 5 3600X
Motherboard ASUS TUF GAMING X570-PLUS
Cooling Noctua NH-D15 SE-AM4
Memory 2x8GB G.SKILL Ripjaws V DDR4-3200MHz CL16 1.35V
Video Card(s) MSI Radeon RX 6600 XT Gaming X 8G
Storage Crucial MX100 512GB + Samsung 870 EVO 2TB
Display(s) MSI Optix MAG24C
Power Supply Seasonic FOCUS GX-550
Mouse Razer Viper Ultimate
Keyboard Corsair K60
1- Enable Windows firewall
2- To find when you were hacked you could check your router logs, but it can be a real pain in the ass to find anything relevant.
3- Reset your router and use a new password
4- Scan your computers with MBAM and with an antivirus. If you don't want to install one you can download Kaspersky Virus Removal Tool. You should also do a scan with an AV before Windows starts. You can use Kaspersky Rescue Disk to do so.

If you find proof that you were hacked by someone you know, you can report them to the police. It is illegal to hack a network without the owner's permission.
But it's unlikely that you were actually hacked.

If you were actually hacked it's probably IMO with a backdoor.
 
  • Like
Reactions: hat

cdawall

where the hell are my stars
Joined
Jul 23, 2006
Messages
27,680 (4.29/day)
Location
Houston
System Name All the cores
Processor 2990WX
Motherboard Asrock X399M
Cooling CPU-XSPC RayStorm Neo, 2x240mm+360mm, D5PWM+140mL, GPU-2x360mm, 2xbyski, D4+D5+100mL
Memory 4x16GB G.Skill 3600
Video Card(s) (2) EVGA SC BLACK 1080Ti's
Storage 2x Samsung SM951 512GB, Samsung PM961 512GB
Display(s) Dell UP2414Q 3840X2160@60hz
Case Caselabs Mercury S5+pedestal
Audio Device(s) Fischer HA-02->Fischer FA-002W High edition/FA-003/Jubilate/FA-011 depending on my mood
Power Supply Seasonic Prime 1200w
Mouse Thermaltake Theron, Steam controller
Keyboard Keychron K8
Software W10P
Router through the cable company and rented? If so tell them you need a new one.

If it is just someone being a jerk I wouldn't worry much past actually securing the network, changing passwords and turning on firewalls.
 
  • Like
Reactions: hat

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
18,914 (2.86/day)
Location
Piteå
System Name Black MC in Tokyo
Processor Ryzen 5 5600
Motherboard Asrock B450M-HDV
Cooling Be Quiet! Pure Rock 2
Memory 2 x 16GB Kingston Fury 3400mhz
Video Card(s) XFX 6950XT Speedster MERC 319
Storage Kingston A400 240GB | WD Black SN750 2TB |WD Blue 1TB x 2 | Toshiba P300 2TB | Seagate Expansion 8TB
Display(s) Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case Fractal Design Define R4
Audio Device(s) Line6 UX1 + some headphones, Nektar SE61 keyboard
Power Supply Corsair RM850x v3
Mouse Logitech G602
Keyboard Cherry MX Board 1.0 TKL Brown
VR HMD Acer Mixed Reality Headset
Software Windows 10 Pro
Benchmark Scores Rimworld 4K ready!
The images for sure weren't misplaced. They were found up on some website somewhere... we didn't put them there. My fiancee also says somebody was texting her friend on TextNow (an online texting service) while they were talking on Facebook... and she wasn't even on TextNow at the time. So there's definitely suspicious activity going on. We also have reason to believe there's a certain individual who may be behind it, as this person has had some issues with us and they don't like us very much...

@phanbuey I'm pretty sure it was my fiancee's laptop that was targeted, not my computer. As such I have no idea what might have happened that might give somebody access...

It's actually pretty good if someone is just out to mess with you. You don't want cryptoviruses, or someone making purchases in your name.

Reset passwords. All of them. Have she gotten mails about logins she does not recognize? If the photos exists on a cloud platform it is more likely the person has found out the password rather than compromised a computer. And how are her password habits?
 
  • Like
Reactions: hat
Joined
Feb 22, 2016
Messages
1,458 (0.49/day)
Processor Intel i5 8400
Motherboard Asus Prime H370M-Plus/CSM
Cooling Scythe Big Shuriken & Noctua NF-A15 HS-PWM chromax.black.swap
Memory 8GB Crucial Ballistix Sport LT DDR4-2400
Video Card(s) ROG-STRIX-GTX1060-O6G-GAMING
Storage 1TB 980 Pro
Display(s) Samsung UN55KU6300F
Case Cooler Master MasterCase Pro 3
Power Supply Super Flower Leadex III 750w
Software W11 Pro
While you are beefing up on personal protection give some thought to keeping sensitive materials offline in a home safe that won't survive a fire. If the worst came that isn't the personal legacy you want to leave for your families to collect. :fear:
 
  • Like
Reactions: hat
Joined
Oct 17, 2012
Messages
9,781 (2.34/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest
The images for sure weren't misplaced. They were found up on some website somewhere... we didn't put them there. My fiancee also says somebody was texting her friend on TextNow (an online texting service) while they were talking on Facebook... and she wasn't even on TextNow at the time. So there's definitely suspicious activity going on. We also have reason to believe there's a certain individual who may be behind it, as this person has had some issues with us and they don't like us very much...

@phanbuey I'm pretty sure it was my fiancee's laptop that was targeted, not my computer. As such I have no idea what might have happened that might give somebody access...

OK that clarifies it quite a bit. I agree with the other posts saying you should enable firewall but also have your Internet provider replace your modem and router if their provided by them otherwise you can assign them new Mac addresses I've done it before to get around IP bans, I believe it was on the Netgear.

In my opinion ( for what it's worth ), The fact that it involves both your significant other and you , as well as personal images, makes me feel that this is a personal attack if the word attack fits.

And when I use the word personal, if I had to bet I want to say that it was someone who knew you.

Regardless of Who it was, it's totally invasive, and entirely inappropriate and I'm sure has left you feeling very insecure to say the least. I'd start by getting your firewall is turned on, getting new modem/router , and as much of a pain in the ass it's going to be change all your passwords.

Also either reinstalling your operating systems or using back ups that are older just to be safe.

I know I've read about "hackers" using email hacks to reach out to peoples contacts, pretending to be the friend as a means of spreading their shit. But the posting of images doesn't seem to fit that category
 

Mussels

Freshwater Moderator
Staff member
Joined
Oct 6, 2004
Messages
58,413 (8.21/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
Well, someone has, somehow, managed to attack my network, and steal some personal images. Unfortunately, I know nothing of this sort of stuff. I know nothing about hacking, or how to defend against a hacker.

All I know is I'm pretty sure which computer was attacked. Is there any way I may be able to find out when it happened, how they got in, how to stop them from gaining access again, and who might have done it?

I thought my stuff was pretty reasonably secure until now. I use AES wifi encryption... the password isn't fantastic but strong enough. I don't even have any ports open/forwarded. We use OpenDNS, every computer uses Windows 10 (stays updated). On my machine, I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything... not sure exactly how the other systems are set up. Is it possible for an attacker to have initially computerized my computer, and then attacked another from there?

can you give me details on your wifi network? B/G/N/AC? is pin based WPS active? Do you have network shares on your PC, is your PC always left on?
Were these images only on the PC, or other devices? (phone?)

Being hacked is very rare to be an external event, and VERY likely to have been done in person - someone gained access to the wifi password in the past, or a physical laptop in person for a few minutes (or even access to a phone or dropped USB stick, and quickly copied)
 
Joined
Nov 1, 2008
Messages
4,213 (0.75/day)
Location
Vietnam
System Name Gaming System / HTPC-Server
Processor i7 8700K (@4.8 Ghz All-Core) / R7 5900X
Motherboard Z370 Aorus Ultra Gaming / MSI B450 Mortar Max
Cooling CM ML360 / CM ML240L
Memory 16Gb Hynix @3200 MHz / 16Gb Hynix @3000Mhz
Video Card(s) Zotac 3080 / Colorful 1060
Storage 750G MX300 + 2x500G NVMe / 40Tb Reds + 1Tb WD Blue NVMe
Display(s) LG 27GN800-B 27'' 2K 144Hz / Sony TV
Case Xigmatek Aquarius Plus / Corsair Air 240
Audio Device(s) On Board Realtek
Power Supply Super Flower Leadex III Gold 750W / Andyson TX-700 Platinum
Mouse Logitech G502 Hero / K400+
Keyboard Wooting Two / K400+
Software Windows 10 x64
Benchmark Scores Cinebench R15 = 1542 3D Mark Timespy = 9758
If they ever had physical access to your fiancee's laptop, then malware is much more likely.
It may even have been a phishing kind of attack and your significant other clicked through an e-mail she shouldn't.

Afaik, if you are using strong passwords and DD-WRT it's pretty tough to gain access to your network (WAN or otherwise).
 
  • Like
Reactions: hat

Kursah

Super Moderator
Staff member
Joined
Oct 15, 2006
Messages
14,666 (2.30/day)
Location
Missoula, MT, USA
System Name Kursah's Gaming Rig 2018 (2022 Upgrade) - Ryzen+ Edition | Gaming Laptop (Lenovo Legion 5i Pro 2022)
Processor R7 5800X @ Stock | i7 12700H @ Stock
Motherboard Asus ROG Strix X370-F Gaming BIOS 6203| Legion 5i Pro NM-E231
Cooling Noctua NH-U14S Push-Pull + NT-H1 | Stock Cooling
Memory TEAMGROUP T-Force Vulcan Z 32GB (2x16) DDR4 4000 @ 3600 18-20-20-42 1.35v | 32GB DDR5 4800 (2x16)
Video Card(s) Palit GeForce RTX 4070 JetStream 12GB | CPU-based Intel Iris XE + RTX 3070 8GB 150W
Storage 4TB SP UD90 NVME, 960GB SATA SSD, 2TB HDD | 1TB Samsung OEM NVME SSD + 4TB Crucial P3 Plus NVME SSD
Display(s) Acer 28" 4K VG280K x2 | 16" 2560x1600 built-in
Case Corsair 600C - Stock Fans on Low | Stock Metal/Plastic
Audio Device(s) Aune T1 mk1 > AKG K553 Pro + JVC HA-RX 700 (Equalizer APO + PeaceUI) | Bluetooth Earbuds (BX29)
Power Supply EVGA 750G2 Modular + APC Back-UPS Pro 1500 | 300W OEM (heavy use) or Lenovo Legion C135W GAN (light)
Mouse Logitech G502 | Logitech M330
Keyboard HyperX Alloy Core RGB | Built in Keyboard (Lenovo laptop KB FTW)
Software Windows 11 Pro x64 | Windows 11 Home x64
It could've been a browser or OS exploit, something planted if this individual is able to get near you guys.

Getting through that kind of wireless encryption is doable, but someone really will want to do it. Check your other service accounts for suspicious activity ASAP. Change passwords, use a hidden SSID if you can...though if this person cracked your wireless password out of WPA2 a hidden SSID won't be anything. But to someone else it might be enough to make em go elsewhere. Hidden SSID's still send a ping out, just not as frequently as a broadcasted SSID.

You could also just run a guest network if you need no file sharing. Most routers feature it. You can manage bandwidth limitations on many as well. Another good reason for this is because then your devices all run in isolated mode...meaning they have Internet access but not LAN resource access. So they can't see other devices.

Have you disconnected the culprit PC from the network? With Windows 10 you can spoof the MAC address for your wireless NIC pretty easily, I'd start there before reconnecting it.

I'd enable Windows firewalls as well. What kinda router you running? Might be time to look into something capable of doing some IDS/IPS for you if this keeps up.

Another option is to disable wireless and run Ethernet. You'll have a different MAC address for the Ethernet NIC, and can simply unplug it if you feel there's been a compromise.

Depending on what you have and want to do about it, there's options. As-far-as tracing down who-dun it and how now...that would take some work, time and advanced network abilities and comprehension. Better to lock things down, restrict shares and access, increase security...what were the share permissions for that folder?

Another good idea is to kill your wireless when you're not home or using it, which is doubly handy when using a hidden SSID because it'll be harder to scan for between not being on and when on, not being broadcast frequently.

You could always setup a honey pot to lure and monitor for someone hacking your network, give them something that looks like what they want. Track what they're doing, and where they're doing it from and add that IP to your blacklist.

In reality though, someone probably either got onto the machine physically, or if they were capable and desired enough to do so, got into that laptop through an exploit of some sort...more likely than hacking your wireless unless they knew the password or it was easily guessed. Sorry this happened to you, but hopefully we can get you confident in your network and its security again!

:toast:
 
Joined
Aug 13, 2009
Messages
3,187 (0.60/day)
Location
Czech republic
Processor Ryzen 5800X
Motherboard Asus TUF-Gaming B550-Plus
Cooling Noctua NH-U14S
Memory 32GB G.Skill Trident Z Neo F4-3600C16D-32GTZNC
Video Card(s) Sapphire Radeon Rx 580 Nitro+ 8GB
Storage HP EX950 512GB + Samsung 970 PRO 1TB
Display(s) HP Z Display Z24i G2
Case Fractal Design Define R6 Black
Audio Device(s) Creative Sound Blaster AE-5
Power Supply Seasonic PRIME Ultra 650W Gold
Mouse Roccat Kone AIMO Remastered
Software Windows 10 x64
So you obviously know little to nothing about computers (or at least about networking), and yet
I don't use any AV or firewall (even disabled Windows firewall), as I find it's more of an annoyance than anything...
You deserved to be hacked (or whatever it really was) then.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
well even if they broke through your wireless they would still have to get access to the share, so it's most likely she downloaded something... if thats the case then it will show up on an app that monitors your/her pc's network activity. find it, see if you can trace it back to that person, kill it, and have her change her passwords.

there are a ton of ways to get hacked... but most of them involve getting a hold of a commonly used password.

Do you have a static IP?

I plan on checking her laptop, making sure firewall is on and AV is installed and working. I recall installing Panda on it at some point, but I'm not sure if it's on there now. Maybe I'll try a hijackthis log, though I admit I don't understand all of it...

IP isn't static, but it rarely, if ever, changes. I could force it to change if I spoof my router's MAC...

1- Enable Windows firewall
2- To find when you were hacked you could check your router logs, but it can be a real pain in the ass to find anything relevant.
3- Reset your router and use a new password
4- Scan your computers with MBAM and with an antivirus. If you don't want to install one you can download Kaspersky Virus Removal Tool. You should also do a scan with an AV before Windows starts. You can use Kaspersky Rescue Disk to do so.

If you find proof that you were hacked by someone you know, you can report them to the police. It is illegal to hack a network without the owner's permission.
But it's unlikely that you were actually hacked.

If you were actually hacked it's probably IMO with a backdoor.

1. Gonna do that
2. Looked there, nothing of value or interest... last entry is from December 12th. :wtf:
3/4. Yeah, I plan on doing that too.

Router through the cable company and rented? If so tell them you need a new one.

If it is just someone being a jerk I wouldn't worry much past actually securing the network, changing passwords and turning on firewalls.

Nah, I own it. Gonna do what we can to secure our shit.

It's actually pretty good if someone is just out to mess with you. You don't want cryptoviruses, or someone making purchases in your name.

Reset passwords. All of them. Have she gotten mails about logins she does not recognize? If the photos exists on a cloud platform it is more likely the person has found out the password rather than compromised a computer. And how are her password habits?

Not sure about that one. I'll tell her she'll have to change her passwords.

While you are beefing up on personal protection give some thought to keeping sensitive materials offline in a home safe that won't survive a fire. If the worst came that isn't the personal legacy you want to leave for your families to collect. :fear:

We might do that too.

OK that clarifies it quite a bit. I agree with the other posts saying you should enable firewall but also have your Internet provider replace your modem and router if their provided by them otherwise you can assign them new Mac addresses I've done it before to get around IP bans, I believe it was on the Netgear.

In my opinion ( for what it's worth ), The fact that it involves both your significant other and you , as well as personal images, makes me feel that this is a personal attack if the word attack fits.

And when I use the word personal, if I had to bet I want to say that it was someone who knew you.

Regardless of Who it was, it's totally invasive, and entirely inappropriate and I'm sure has left you feeling very insecure to say the least. I'd start by getting your firewall is turned on, getting new modem/router , and as much of a pain in the ass it's going to be change all your passwords.

Also either reinstalling your operating systems or using back ups that are older just to be safe.

I know I've read about "hackers" using email hacks to reach out to peoples contacts, pretending to be the friend as a means of spreading their shit. But the posting of images doesn't seem to fit that category

Yeah, it it's who we think it is, it's definitely someone who knew us... and now doesn't like us anymore.

can you give me details on your wifi network? B/G/N/AC? is pin based WPS active? Do you have network shares on your PC, is your PC always left on?
Were these images only on the PC, or other devices? (phone?)

Being hacked is very rare to be an external event, and VERY likely to have been done in person - someone gained access to the wifi password in the past, or a physical laptop in person for a few minutes (or even access to a phone or dropped USB stick, and quickly copied)

Not likely to have been done in person at all. This guy showed up at the door one day, and we, wanting nothing to do with him, shut the door in his face... he never stepped foot in the house. Give it about a week and bam, this happens. Anyways... the router runs two SSIDs, one for 2.4 and one for 5, B/G/N mixed. No WPS, WPA2-AES only.

The images were only on PC (mine and hers). Network file sharing is enabled, but these images weren't in any shared location.

If they ever had physical access to your fiancee's laptop, then malware is much more likely.
It may even have been a phishing kind of attack and your significant other clicked through an e-mail she shouldn't.

Afaik, if you are using strong passwords and DD-WRT it's pretty tough to gain access to your network (WAN or otherwise).

No physical access. I'd imagine it would be tough to guess our passwords, as well.

It could've been a browser or OS exploit, something planted if this individual is able to get near you guys.

Getting through that kind of wireless encryption is doable, but someone really will want to do it. Check your other service accounts for suspicious activity ASAP. Change passwords, use a hidden SSID if you can...though if this person cracked your wireless password out of WPA2 a hidden SSID won't be anything. But to someone else it might be enough to make em go elsewhere. Hidden SSID's still send a ping out, just not as frequently as a broadcasted SSID.

You could also just run a guest network if you need no file sharing. Most routers feature it. You can manage bandwidth limitations on many as well. Another good reason for this is because then your devices all run in isolated mode...meaning they have Internet access but not LAN resource access. So they can't see other devices.

Have you disconnected the culprit PC from the network? With Windows 10 you can spoof the MAC address for your wireless NIC pretty easily, I'd start there before reconnecting it.

I'd enable Windows firewalls as well. What kinda router you running? Might be time to look into something capable of doing some IDS/IPS for you if this keeps up.

Another option is to disable wireless and run Ethernet. You'll have a different MAC address for the Ethernet NIC, and can simply unplug it if you feel there's been a compromise.

Depending on what you have and want to do about it, there's options. As-far-as tracing down who-dun it and how now...that would take some work, time and advanced network abilities and comprehension. Better to lock things down, restrict shares and access, increase security...what were the share permissions for that folder?

Another good idea is to kill your wireless when you're not home or using it, which is doubly handy when using a hidden SSID because it'll be harder to scan for between not being on and when on, not being broadcast frequently.

You could always setup a honey pot to lure and monitor for someone hacking your network, give them something that looks like what they want. Track what they're doing, and where they're doing it from and add that IP to your blacklist.

In reality though, someone probably either got onto the machine physically, or if they were capable and desired enough to do so, got into that laptop through an exploit of some sort...more likely than hacking your wireless unless they knew the password or it was easily guessed. Sorry this happened to you, but hopefully we can get you confident in your network and its security again!

:toast:

I'm thinking it has to be some sort of exploit or sneaky virus... the kind that might be hidden in something else (like an image). Apparently there's spooky things going on with that laptop that sounds like remote control to me. I have an RTN66R. I'm sure it's capable of nifty things with a custom firmware... but most of that stuff is over my head, at least at this time.

So you obviously know little to nothing about computers (or at least about networking), and yet

You deserved to be hacked (or whatever it really was) then.

Thanks... I admit I may have been a bit careless with my network security, but I'm no fool... however, despite your attitude, I still hope the same won't happen to you.
 
Joined
Nov 5, 2015
Messages
501 (0.16/day)
Location
Skopje, Macedonia
System Name The Tesseract Cube
Processor AMD Ryzen 5 3600
Motherboard MSI X570A-PRO
Cooling DeepCool Maelstrom 240mm, 2 X DeepCool TF120S (radiator fans), 4 X DeepCool RF120 (case fans)
Memory 2 x 16gb Kingston HyperX 3200mhz
Video Card(s) Sapphire Radeon RX 6800 Nitro + 16GB
Storage Corsair MP400 G3 1TB, Western Digital Caviar Blue 1TB
Display(s) MSI MAG241C Full HD, 144hz FreeSync
Case DeepCool Matrexx 55
Audio Device(s) MB Integrated, Sound Blaster Play 3 (Headset)
Power Supply Corsair CX650M Modular 80+ Bronze
Mouse Corsair Dark Core Pro Wirless RGB
Keyboard MSI GK30 Mecha-Membrane
Software Windows 10 Pro
Benchmark Scores CPUZ: Single Thread - 510 Multi Thread - 4.050 Cinebench R20: CPU - 3 500 score
About the WiFi security, you can do a Mac filtering if your routher supports it, so that only those devices with MAC numbers that are in the routher database can access.
I had similar issue. Someone was stealing from my internet years ago, and i did this, and guess what, no more burgulars in my network.
 
  • Like
Reactions: hat

Mussels

Freshwater Moderator
Staff member
Joined
Oct 6, 2004
Messages
58,413 (8.21/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
if the files were not shared, then they cant have been accessed by remote wifi hacking. I'm not convinced this was a wifi hack (i've hacked a few neighbours wifi networks in my time)

He clearly knows where you live, so perhaps there is some missing piece you dont know (could he have been let into the house without your knowledge? forgive the examples, but a daughter letting a guy in for relations, cheating spouse, etc etc)
Could he have got access to a laptop out of the house? broken into a car for example? Your partners workplace if a laptop is taken there?
 

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,708 (1.48/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
So you obviously know little to nothing about computers (or at least about networking), and yet

You deserved to be hacked (or whatever it really was) then.
not really productive.....
 
Joined
Jun 2, 2015
Messages
110 (0.03/day)
Location
Charleston, SC
System Name EchelonV
Processor AMD Ryzen 5 2600X
Motherboard Asus Prime X470-Pro
Cooling Corsair H115i
Memory G.Skill Flare X 2x8GB (F4-3200C16-8GFX)
Video Card(s) Sapphire Radeon 5700XT
Storage Intel 660P 2TB NVMe; 6xWD5000HHTZ RAID-0
Display(s) Dell U3415W
Case Corsair Carbide 678c
Audio Device(s) SteelSeries Siberia 800
Power Supply Corsair RM650X; CyberPower CP1500PFCLCD
Mouse SteelSeries Rival 100
Keyboard Cooler Master CK550
Software Windows 10 Professional 1903
Benchmark Scores Cinebench R15 3.9GHz = 1404
OpenDNS pointing back to your home IP where all your personal devices are connected. No AV or firewall on your PC.

^^This would be my point of entry if you were my target. A quick nmap scan would reveal any open ports through the router's firewall straight to your machine. My guess is your PC stays on most of the time, making a john attack on your windows credentials viable. This is like 3/10 difficulty for an intermediate hacker.

My gut says that you were not targeted by someone you know, rather you were an easy test of some script kiddie on the other side of the country that happened across your domain name.
 
Joined
Oct 17, 2012
Messages
9,781 (2.34/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest
not really productive.....

I know right?

I can understand the feeling of like "why would you disable firewalls and antivirus"!!?

But making someone feel s****y or brow beating them isn't helping.

If anything hopefully the OP will come away with this with a new respect for the firewalls and antivirus's "annoyanceS" and learn to live with them since they may be annoying when you don't need them but they're sure as hell nice to have when you do. Especially since most of the time you don't know when you need them.

Based on the type of activity and what was posted by the OP my guess is someone they know personally knew that their network and machines were vulnerable. They use that information to malicious ends.

I'd like to find someone if they did this to me .....in person omg, It would be so rewarding
:laugh:
 
Joined
May 2, 2013
Messages
178 (0.04/day)
System Name Echo
Processor Intel Core I5-6500
Motherboard Asrock H170-PRO4S
Cooling Stock cooler
Memory 2x8 GB Crucial DDR4 2133MHz CL16 (CT2K8G4DFD8213)
Video Card(s) Integrated (For the moment)
Storage SSD A-DATA Premier Pro SP920 (2.5, SATA3, 256GB MLC,) (ASP920SS3-256GM-C)
Display(s) Philips Brilliance 220SW
Case Zalman Z3 Plus
Audio Device(s) Integrated
Power Supply CoolerMaster V550S (550w, 80+Gold)
Software Windows 10 Pro 64bit
Well, can't really give any concrete answers, but these might help in giving your PC a thorough clean of anything malware.

TDSSKiller run this first
RogueKillerX64 second
Emisoft emergency kit third
adwcleaner forth
JRT fifth

After that, do pretty much what others have said, new passwords for everything you use and maybe try to re-enable firewall.
 
Last edited:
  • Like
Reactions: hat
Joined
Oct 17, 2012
Messages
9,781 (2.34/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest
@hat
I just remembered, if I may be so bold. If you don't mind the wait of taking delivery of an actual physical copy, Malwarebytes pro 1 year license ( installs on up to three different PCs at once )
Is currently on sale the lowest I've ever seen it.

Just use promo code : Emcrbbc29

https://m.newegg.com/Product/Index?itemNumber=N82E16832562009

It ends up costing $15 after shipping charges of course that's dependent on what shipping method you choose and also email delivery is not available for this deal but if you can wait four days you can get it at this price for three of your PCs. I remember you mentioned you have more than one machine I recommend it highly

summarized product info:

  • Detects and protects against malware in real-time
  • Blocks hacking and phishing attempts
  • Schedules automatic scanning
  • Offers three flexible scanning modes
  • Advanced malware removal
 

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,708 (1.48/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
@hat
I just remembered, if I may be so bold. If you don't mind the wait of taking delivery of an actual physical copy, Malwarebytes pro 1 year license ( installs on up to three different PCs at once )
Is currently on sale the lowest I've ever seen it.

Just use promo code : Emcrbbc29

https://m.newegg.com/Product/Index?itemNumber=N82E16832562009

It ends up costing $15 after shipping charges of course that's dependent on what shipping method you choose and also email delivery is not available for this deal but if you can wait four days you can get it at this price for three of your PCs. I remember you mentioned you have more than one machine I recommend it highly

summarized product info:

  • Detects and protects against malware in real-time
  • Blocks hacking and phishing attempts
  • Schedules automatic scanning
  • Offers three flexible scanning modes
  • Advanced malware removal
Excellent product, does really well. I recommend this with a side of an AntiVirus of your choice...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Turn off homegroup
 
  • Like
Reactions: hat
Top