Hacked and Attacked (Long)

Status
Not open for further replies.
Joined
Apr 11, 2003
Messages
2,781
Location
USA
I have had several unnerving issues occur with my iPad, router, and laptop over the past year and I am at a loss as to what to do.

In December 2015, someone placed a picture in my iPad photo album. That IPad was on the cellular network (Verizon), Wi-Fi was off, as was "photo sharing" and related apps. My Facebook account has long been inactive.
I will admit that most of the restrictions under "general" and "settings" were not locked down as they are now.
The photo itself was not illicit, though it could have just as easily been. The "details" were absent from that photo as to time, date, and place taken.

In October 2016, I had a Netgear EA6100 router set up with a Time Warner cable modem. I had set up both channels with very strong passwords (no names, dates, or dictionary words) and as always, I left the guest network off and the password field blank.

Since I had my top secret security clearance file stolen from the Office of Personnel Mis-Management in December 2014, an IT friend suggested I check my router settings at least once a month. Two weeks after I set up the Netgear passwords, I went into administrative settings and was shocked to see the guest network had been turned on and the password "pepper06" inserted.

I ditched the Netgear for a TP Link Archer C7 router and a Netgear CM400 cable modem. Again, very strong passwords for both channels. I ensured the guest network was off. However, I filled that field with a third, very strong password.

My laptop was running NIS and MBAM Premium, but no anti-key logging software.

In December, when I tried to login to my laptop, it kept saying "wrong password." Now, admittedly, for the actual physical login of the laptop, I have always used the same password. Shockingly, when I asked for the password hint, I received the hint: "S**.

I could not believe it!!

Apparently, someone managed to access my laptop and change the password and password hint. I actually tried to hack the password over a 36 hour period with absolutely no luck. At that point, I expected some sort of ransomware to kick in or an e-mail message demanding Bitcoin.

My IT friend cautioned me against taking the laptop to a Geek to have the machine broken into, citing the fact that if they could access my laptop and change the password, there was no telling what was on that laptop. He said even if I could hack the password and there was nothing obviously illegal on it, the hackers could have placed hidden files on the HD or imbedded objects in Office files.

In short, he considered the HD to be toast. Ultimately, I installed a new HD and the Win 10 O/S. But I have not connected to the router in fear that someone has somehow managed to hack that device.

I checked the settings page for the router and everything looks normal in terms of settings and passwords. And the guest network is off.

If I connect to the internet on that router, it's via my iPad, not my laptop.

Two weeks later, I received an e-mail message from my wife with a photo attachment. It was a picture of one of the cats we had rescued who is now residing with her Mom. I sent back a reply "cute," and immediately received a phone call from her.

She said she had not sent that e-mail or photo!! I had her go into g-mail account and change her account password. She then checked her sent file and that message was not in the sent file. Google security could not explain it either, other than to say "change your password a couple of times over the next week."

Three days ago, I was working on my work laptop at my MIL (she has the same TP Link Router and my wife and I connect to it frequently). The fairly new Spectre with Eset, MBAM, and Spy Shelter ran fine, as usual.

The next day? "No boot device found." In spite of hours of trying to run self-diagnostic tests, it ended up with the Geeks. Result? Corrupted Windows 10 O/S and the hard drive had been wiped clean.

One day later, I receive an e-mail from the "monitoring service" that OPM is paying for based on the 26 pages of info in my top secret file that was taken in the hack of their system. The message said they detected that my login info and related "data" for my g-mail account, Time Warner e-mail account, and LinkedIn had been seen on the dark net.

I immediately renewed my ID theft alert with the credit bureaus.

Life with technology has not been good the past few months for us.

I can deal with closing down my e-mail accounts and LinkedIn. The corrupted O/S may have just been an aberration.

The more startling events are the hack of my Netgear and TP Link routers and the hack into my laptop with a password reset that effectively locked me out.

Any constructive thoughts as to what happened and how I should proceed?

Thanks.
 
actually it is quite easy, the hacker just has to run a bot, most home routers are FULL of security holes

http://routersecurity.org/bugs.php

you can search your router to see if it has an unpatched vuneralbility, you may be surprised to see your hardware listed:

https://www.cvedetails.com/index.php

this is why you must run a software firewall when behind a home router, getting past a router firewall is really a trival nuisance for most script kiddies, particulary when bots to exploit the security holes are posted on bulletin boards (no i won't give you the link)

you need to secure your router (at least make it a smaller target), some tips are here

http://www.pcworld.com/article/3093362/how-to-secure-your-router-and-home-network.html
 
12/2015: There isn't enough information.

10/2016: It's quite possible someone was able to determine your passwords or that you left the admin password as default and someone turned this on. The correct course would be to look at the logs on the status page and record the MAC addresses and see if there was a device who received and IP that wasn't yours.

Dec: Who knows. Someone changed your password or you were a victim of a malware.

Two weeks later: Seriously. You think someone hacked your wife's account and sent you a picture of your mother's cat. This has me rethinking the above potentially real issues. Now I'm wondering if you butt dialed a pic in 12/2015 and forgot your password in Dec 2016. Sure, the Russians used their spy satellites to take a picture of your cat, then hacked your wifes email to send it to you. WATCH FOR DRONES ABOVE YOUR HOUSE!

3 days ago: Maybe a coincidence? I don't feel like we're getting the full story here. No boot device found would be a hardware/MBR level error and which it could also involve Windows being corrupt, it wouldn't necessarily. My guess would be physical damage due to shock on a laptop that travels.

One day later: yeah, change the passwords on those asap. I have no idea if the threat is real, why chance it?
 
Originally Posted By: 2004tdigls
you need to secure your router (at least make it a smaller target), some tips are here

http://www.pcworld.com/article/3093362/how-to-secure-your-router-and-home-network.html


Article fails to mention the obvious, which is changing your password often enough and turning stuff off when not using it. I'd add that using real answers to your answers to security questions is probably a real bad idea too. I.E. - Your real mothers maiden name isn't something that you should ever use, make up an internet mother's maiden name.
 
Originally Posted By: zzyzzx
Obligatory comment about how you should be using Linux at home.
Splain your self!!! I know nothing other then I own some.
 
One thing you didn't mention was whether your secured the routers themselves with complex passwords, not just the wireless networks. Was this the case? And as 2004tdigls mentioned, consumer-grade stuff is often full of security holes and vulnerabilities. Were you using WPA2-AES exclusively?

You probably had a key logger and/or bot installed on that laptop, which would allow for all of the above to happen.
 
OK, we have ourselves a little weekend project here. This will be "planned downtime", so tell your family ahead of time.

1) Write down ALL your passwords - your router password, WiFi password, Windows passwords, email passwords, et cetera.

2) Power down your router and modem.

3) Backup your data. Do you have tax returns saved on your computer? Are your phone contacts being backed up to the cloud? Don't backup your smartphone apps. An untrustworthy app could be the root of your issue.

4) Power down all remaining devices, from PCs to tablets and phones.

5) Factory reset your smart phone(s) and tablet(s).

6) Perform clean installs of Windows on your PCs.

7) Factory reset your router. Access the router settings from a fresh PC. Set restrictive/secure settings (firewall, no remote management, no management over WiFi, only allow management from the current MAC address, et cetera)

8) Factory reset your modem. Lock down modem settings as needed.

9) Connect all devices to WiFi.

10) Configure a MAC address whitelist (any devices that aren't on your network right now that try to connect in the future will be denied.

11) Allow all your devices to run software updates.

12) Install modern browsers with adblockers.

13) Change ALL your website passwords. Don't re-use any passwords ever. Seriously, if your BITOG password is the same as your BIOS password, you're doing this wrong.

14) Don't let anyone on your WiFi. No nieces and nephews, nobody. But that wouldn't work anyway because you did the MAC address whitelist, right? Right? ...right?
 
Originally Posted By: JMJNet
Use "hidden" or "non-broadcasting" network feature on your router?


That's the equivalent of taking the numbers off the side of your house to prevent burglary. It's very easy to see the networks available even if they aren't broadcasting. Grab wifi analyzer for your phone, you can see this firsthand and it's useful for setting channels and dealing with congestion, and free.
 
Originally Posted By: Ethan1
OK, we have ourselves a little weekend project here. This will be "planned downtime", so tell your family ahead of time.

1) Write down ALL your passwords - your router password, WiFi password, Windows passwords, email passwords, et cetera.

2) Power down your router and modem.

3) Backup your data. Do you have tax returns saved on your computer? Are your phone contacts being backed up to the cloud? Don't backup your smartphone apps. An untrustworthy app could be the root of your issue.

4) Power down all remaining devices, from PCs to tablets and phones.

5) Factory reset your smart phone(s) and tablet(s).

6) Perform clean installs of Windows on your PCs.

7) Factory reset your router. Access the router settings from a fresh PC. Set restrictive/secure settings (firewall, no remote management, no management over WiFi, only allow management from the current MAC address, et cetera)

8) Factory reset your modem. Lock down modem settings as needed.

9) Connect all devices to WiFi.

10) Configure a MAC address whitelist (any devices that aren't on your network right now that try to connect in the future will be denied.

11) Allow all your devices to run software updates.

12) Install modern browsers with adblockers.

13) Change ALL your website passwords. Don't re-use any passwords ever. Seriously, if your BITOG password is the same as your BIOS password, you're doing this wrong.

14) Don't let anyone on your WiFi. No nieces and nephews, nobody. But that wouldn't work anyway because you did the MAC address whitelist, right? Right? ...right?


That's a ton of work! I won't comment on it except to say the MAC whitelist is probably something the OP is interested in and should take a look at. At the very least they should know the MAC's that have connected and what they are.

Of the 6 listed issues 2 are unknown, one is a MIL's cat, one seems like hardware, and one is very obviously the router being compromised in some way. If there was a limited time to spend on this I'd start there, better admin password and perhaps the MAC whitelist, though I would want to catch the perp and would be tempted to leave it up to find them!
 
Originally Posted By: JMJNet
Use "hidden" or "non-broadcasting" network feature on your router?


That's a relatively useless feature. Capturing the SSID isn't overly difficult.
 
Given the network has already been compromised, I will note that it is quite possible for the MAC addresses for existing devices to have already been captured and subsequently if we are dealing with a proximity device exploit where we believe the 3rd party is gaining access through the wireless and not a compromised device within that a MAC can be spoofed very easily.

Two-factor authentication on all accounts like your Apple, Google...etc is necessary, with fresh passwords. De-authenticate all existing devices and re-authenticate them one at a time. If your Apple ID is compromised, that's another potential "in" here. Though it doesn't explain the laptop getting buggered up. That sounds more like there was a malicious piece of software on that.
 
Originally Posted By: Ethan1
OK, we have ourselves a little weekend project here. This will be "planned downtime", so tell your family ahead of time.

1) Write down ALL your passwords - your router password, WiFi password, Windows passwords, email passwords, et cetera.

2) Power down your router and modem.

3) Backup your data. Do you have tax returns saved on your computer? Are your phone contacts being backed up to the cloud? Don't backup your smartphone apps. An untrustworthy app could be the root of your issue.

4) Power down all remaining devices, from PCs to tablets and phones.

5) Factory reset your smart phone(s) and tablet(s).

6) Perform clean installs of Windows on your PCs.

7) Factory reset your router. Access the router settings from a fresh PC. Set restrictive/secure settings (firewall, no remote management, no management over WiFi, only allow management from the current MAC address, et cetera)

8) Factory reset your modem. Lock down modem settings as needed.

9) Connect all devices to WiFi.

10) Configure a MAC address whitelist (any devices that aren't on your network right now that try to connect in the future will be denied.

11) Allow all your devices to run software updates.

12) Install modern browsers with adblockers.

13) Change ALL your website passwords. Don't re-use any passwords ever. Seriously, if your BITOG password is the same as your BIOS password, you're doing this wrong.

14) Don't let anyone on your WiFi. No nieces and nephews, nobody. But that wouldn't work anyway because you did the MAC address whitelist, right? Right? ...right?


Make sure you turn UPNP off always on the router. ICloud gets hacked all the time. Back up your info and drives your self. Every password you use has to be a very strong password, Everyone.

Do not link any accounts to another Ever. Social Media is just a bad idea for security. Do not access any social media over any network but your own.
Dont watch Porn ever, Dont download Porn, dont download anything except from trusted sources. Apps only download and or use them from the Systems store (Android or Apple).

Dont click anything from an email ever. Run a Great Firewall like Comodo firewall. Anti Virus, Bit-defender should catch keyloggers Avast should as well under Potentially Unwanted Programs or PUP.

https://www.geckoandfly.com/17960/anti-k...llance-malware/ A good read.
https://www.bleepingcomputer.com/download/adwcleaner/ ADW cleaner is pretty good to use weekly or if you think your infected.
http://forums.majorgeeks.com/index.php?t...hijacker.35407/ A good guide if infected.
 
Originally Posted By: OVERKILL
Originally Posted By: JMJNet
Use "hidden" or "non-broadcasting" network feature on your router?


That's a relatively useless feature. Capturing the SSID isn't overly difficult.


mac filtering is even more useless

http://www.howtogeek.com/204458/why-you-shouldn%E2%80%99t-use-mac-address-filtering-on-your-wi-fi-router/
 
If in the neighboorhood have 10 houses all with WIFI and yours is hidden.

Do you think people will try to find the hidden one or attack the one that is obvious????
 
I got a letter from OPM, that they have been hacked and offered me I think 2-3 years monitoring. I am retired from a very large defense contractor & had numerous clearances. But I did not have anything classified. I have been watching my OPM provided report and so far safe.
 
Status
Not open for further replies.
Back
Top