 |
| |
| |
|
Who's Online |
|
We have 29 guests online |
|
| |
|
|
 |
|
EH-Net
|
|
May 24, 2013, 02:33:24 PM
|
 Show Posts
|
|
Pages: [1]
|
|
1
|
Ethical Hacking Discussions and Related Certifications / Incident Response / Re: Hacked: Advice Needed
|
on: February 11, 2010, 10:47:01 PM
|
Ketchup, I will respond in parenthesis within the quote of your post. Ravenquille,
The Feds are not going to be interested in your case. They are backlogged at all times.
( The FBI is interested, but yes, I am completely aware of their extreme workload. )
I would need to know what damage has occurred from this incident before I can tell you whether state or local police would be interested.
( Local and State Police in my area are unable to deal with this, they have told me. The damage is a hacked phone account and constant phone monitoring, my internet service being used by hackers, running up extreme bandwidth, 4 computers being hijacked and being used to hide and channel files, photographs, tv/video, and I believe possible telephone and cell phone communications. I do not believe that the object here is the usual stealing of banking, credit card info, or identity theft. There has been nothing like that with us, as we have never done any sort of online accounting or purchases; and I do not store personal info of that kind on my systems. )
There are quite a few towns in PA, especially around major cities that have forensics capabilities, but I am not yet sure if they would take your case.
( There is nothing anywhere near my location. I have researched this and know where they are. )
I will await more details before I make my final recommendation, but your best bet is to get an attorney and engage a forensics investigator that is trained in intrusions, with the attorney's help.
( I have discussed this with an attorney ( DA ). Nothing can be done as there is no crime per-se; and no way to really identify the hacker or hackers. If out of the US, there is that issue as well. This is in the jurisdiction of the FBI, according to what everyone has told me. My only recourse is police/FBI as far as forensics are concerned; unless someone private wants to take on a challenge, or I learn to do it myself. I have no financial resources to pay an attorney or private forensic specialist in any case; completely impossible. )
What you are describing is doable, but it's a lot of trouble for someone to go through to mess with you.
We are looking forward to some details. Don't post any IP addresses, passwords, or any other sensitive information.
( I posted before that recommendation. Oh well...they already have me hacked in any case. ) I just need to clear and secure, if I can't nail them. I would love to expose and enable prosecution of course, but I am getting sick of this now. )
Ravenquille
|
|
|
|
|
2
|
Ethical Hacking Discussions and Related Certifications / Incident Response / Re: Hacked: Advice Needed
|
on: February 11, 2010, 10:13:20 PM
|
|
To Everyone:
Details of what I am seeing, what I am finding, what I am experiencing which evidences hacking:
Have to post in parts, as this is so long.
I will just jump in somewhere, as all this is very complex.
1) My Belkin Router page is not accessible. My network name has been changed by the hackers. I had the most security available to that router, but it didn’t help. They are providing a network called Belkin54g which is supposedly unsecured now. This IS going through my ISP, but is being redirected from there.
2) Here is my laptop right now: netstat ( note the high ports )
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\DEBORAH>netstat
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:49161 DEBORAH-LAP:49537 TIME_WAIT
TCP 192.168.2.4:49324 iad04s01-in-f189:https ESTABLISHED
TCP 192.168.2.4:49442 s204887828:http CLOSE_WAIT
TCP 192.168.2.4:49448 s204887828:http CLOSE_WAIT
TCP 192.168.2.4:49472 vw-in-f100:http TIME_WAIT
TCP 192.168.2.4:49475 206-84:http TIME_WAIT
TCP 192.168.2.4:49476 iad04s01-in-f167:http TIME_WAIT
TCP 192.168.2.4:49480 66.211.169.2:http TIME_WAIT
TCP 192.168.2.4:49482 iad04s01-in-f167:http TIME_WAIT
TCP 192.168.2.4:49484 iad04s01-in-f154:http TIME_WAIT
TCP 192.168.2.4:49486 72.21.207.5:http TIME_WAIT
3) Here is my laptop right now, ipconfig:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\DEBORAH>ipconfig
Windows IP Configuration
Wireless LAN adapter BLACKWING2:
Connection-specific DNS Suffix . : Belkin
Link-local IPv6 Address . . . . . : fe80::d130:b9a8:7273:7c6c%11
IPv4 Address. . . . . . . . . . . : 192.168.2.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 21:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 22:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 23:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 27:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 28:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 30:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 31:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 33:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 34:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 36:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 37:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 38:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 40:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 41:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 42:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 43:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 44:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 45:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 46:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 47:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
C:\Users\DEBORAH>
4) I recently uninstalled ‘Microsoft Network Monitor 3’; which the hackers had installed in this laptop.
5) They have enabled all the Remote operations, which I have always kept disabled. I cannot disable any of these; and they enable File and Printer Sharing.
6) I disable Windows Messenger, they enable it.
7) This log is from Computer Management/Event Properties:
WLAN AutoConfig service has successfully connected to a wireless network.
Network Adapter: Intel(R) PRO/Wireless 3945ABG Network Connection
Interface GUID: {daf6ba8e-8071-48b4-82af-7e5bf8f22606}
Connection Mode: Connection to an unsecure network without a profile
Profile Name: belkin54g
SSID: belkin54g
BSS Type: Infrastructure
BSSID: 00:11:50:F3:53:78
PHY Type: 802.11g
Authentication: Open
Encryption: None
802.1x Enabled: No
|
|
|
|
|
3
|
Ethical Hacking Discussions and Related Certifications / Incident Response / Re: Hacked: Advice Needed
|
on: February 11, 2010, 08:54:50 PM
|
|
hayabasa,
No I wasn't offended, I understand your caution.
To Everyone,
Thanks for all your responses. I will read all over very carefully; and please know that I deeply appreciate them. I am sorry, I see I have a weird post here. Weird stuff was going on. I kept being logged-off for no reason; and I actually typed 3 very lengthy posts which I could not post to the forum. The posting window kept jumping all over the place making it a real trick to type at all. My guess is that my posting was possibly being intercepted, or they tried to do so. Nothing new.
It appears that only part of 2 posts showed up on the forum; which adds to the confusion. I had to go out, just got back. I will try to give you all some more details, although I feel that I must be somewhat careful.
In this post, I will give you some background info on what happened. In the next post, I will give you some examples of what I am seeing which evidences hacking.
1) No, This is not anyone close to me, either in location or otherwise. When this began, I had just moved to this location, from quite a distance away. I literally knew no one. No one has access to my computers, either. There was never a problem at the other residence.
2) Yes, it is safe to say that someone wants to watch me specifically. This is because of my connection monitoring, tracking, documenting, and reporting things all over the place. By ‘all over the place’, I mean places like some specific Computer Tech Forums, Microsoft, the Department of Homeland Security, the FBI. All of this started quite by accident: I literally stumbled onto something. I discovered a Windows Exploit. I observed that someone was ‘marking’ websites with strange icons. I do not mean Favicons. These were odd icons designed specific to each website, that appeared in whatever browser I was using, when I accessed various websites. I first noticed this in OurChurch.com, with Christian Ministry websites; soon, however, I noticed that they were appearing on other website searches as well. I had online friends in 2 different states, and 2 countries also checking these things out for me. The phenomenon was duplicated for everyone. This may have been adding the website owners and their visitors to a botnet. I reported this to Microsoft; they asked me to file a report in a very technical way, I had no idea how to do. I reported this on a few Forums, and kept detailed records. I reported this to the Department of Homeland Security after my posts on the Forums were suddenly intercepted, my email intercepted, or made in accessible. I actually had my printer prevented from printing ( putting ink on the page ) while in the midst of typing a report I actually did manage to email the Department of Homeland Security. I called them and spoke to someone who listened, believed me, and was as helpful as he could be. He could do nothing unless I could verify specific national security threats. He told me to wipe my systems, of course, but that did not help.
Shortly after that email and call, my landline home phone service ( private, unlisted number ) was hacked into. My local long distance was eliminated. At the same time, my separate long distance provider service was also hacked into: all long distance in my area code was suddenly removed from my account. My MySpace accounts were made inaccessible. My desktop was then programmed so that I was unable to get online at all.
I believe all this was done to keep me from contacting authorities. I left it all intact for forensic reasons. ( It still is intact, I have not used it at all. I use a new laptop at present. ) I have continued to study the 2 laptops and the other desktop connections, files, activities. I have discovered some very disturbing things.
As I mentioned, I went to my local police, who were frightened and completely unable to deal with my situation. They sent me to the State Police. The State Police were cocky and said I should go to the FBI because the phone thing was a federal issue. I contacted the County District Attorney, to try to discover who the county had available for forensics in a case such as this. I was told that this county literally does not have even one person trained and qualified in computer forensics. They told me that if they were faced with some sort of computer crime, they would have to contact the State of PA Forensic people in Harrisburg. ( Now, of course, I realize that there are IT Security people likely working in this county; but they are not available to the public, or private individuals. )
Next post, details of what I see in my systems.
Ravenquille
|
|
|
|
|
4
|
Ethical Hacking Discussions and Related Certifications / Incident Response / Re: Hacked: Advice Needed
|
on: February 11, 2010, 03:03:46 PM
|
|
submitting documentation and reports of what is happening to me, and what I have been able to discover. I requested a Forensic exam. They seem to want some Identity Theft or bank account hacking or something to equal a crime. Hacking into my phone service is a federal crime, but that is being ignored as well. I have not been able to do anything to stop any of this.
I need help. I can't work in this condition.hi hayabasa,
I can assure you that I am 100% legit. I am a Paralegal with Investigative training, and a Computer Consultant. working with Windows OS, other software, installations, instruction. I won't say I am a computer whiz, but I am definitely not a newbie. I am about to begin extensive Internet Investigation-related training with Joe Seanor. One of my courses will be preparatory for EH Exam, that I hope to eventually take. I am not currently a hacker in any level, and have no programming experience; nor do I have any Security training, other than the little bit I have taught myself. I have been studying computer forensics as well, and would like to become proficient in that too.
I was checking out the EH Exam Certification website just before posting the question about price; I hadn't read everything on the site at that point, so that did look fishy or stupid.
No, I have never tried to use any 'less than ethical' material; as of yet I wouldn't know how. What happened to me is that I stumbled onto something very nasty; and was put into something that is definitely not your usual botnet ( and I am familiar with them ).
Yes, I did clear all machines at the same time, did all work offline, did not re-install anything. I copied and printed any docs I wanted to keep. ISP was notified, they will not monitor usage of my account without orders from police or FBI. They control IPs, and will not allow static assignment to me. They tell me I am responsible to keep my network secure.
I did report to FBI. The agent I spoke to did not have specific computer network experience; but does consider this very serious. I have been
Thanks,
Ravenquille
|
|
|
|
|
6
|
Ethical Hacking Discussions and Related Certifications / Incident Response / Hacked: Advice Needed
|
on: February 11, 2010, 12:42:32 PM
|
Hi, I am in dire need of advice on how to eliminate hacking, and secure my systems. My home wireless network has been hacked and become part of a netbot. This has been going on for about 2 years, nothing I have done has stopped the hackers. I have 2 desktops, 2 laptops, cable modem, and wireless Belkin router, file sharing disabled; and have never done any online transactions. All computers are hacked ( in different ways ), the router is hacked, ISP is hacked, residential private unlisted phone is hacked. No help from local or state police. I have been completely unable to eliminate this problem. I have done the following: 1) consistently used good firewalls, anti-virus programs, anti-malware programs 2) have uninstalled and installed different programs when existing ones have been hacked and rendered inoperative 3) have changed ISP account names and passwords 4) have changed Email passwords, and/or closed Email accounts 5) have changed Wireless Network name 6) have changed Router Passwords 7) FDISKs and total reloads of OS and all else  Drive wiping with Drive Scrubber 9) have changed private unlisted phone number 10) have removed hacker's utilities and programs from systems when I have been able to identify them I have to eliminate this and secure my systems. Any advice you can give me will be greatly appreciated! Ravenquille |
|
|
|
|
Loading...
|
|
|
|
Tools : Symbolic Exploit Assistant project is looking for collaborators
