.

Hacked: Advice Needed

<<

Ravenquille

Newbie
Newbie

Posts: 6

Joined: Thu Feb 11, 2010 11:51 am

Location: PA

Post Thu Feb 11, 2010 1:42 pm

Hacked: Advice Needed

Hi,
I am in dire need of advice on how to eliminate hacking, and secure my systems. 
My home wireless network has been hacked and become part of a netbot.
This has been going on for about 2 years, nothing I have done has stopped the hackers.
I have 2 desktops, 2 laptops, cable modem, and wireless Belkin router, file sharing disabled; and have never done any online transactions.  All computers are hacked ( in different ways ), the router is hacked, ISP is hacked, residential private unlisted phone is hacked.  No help from local or state police.  I have been completely unable to eliminate this problem.
I have done the following:

1) consistently used good firewalls, anti-virus programs, anti-malware programs
2) have uninstalled and installed different programs when existing ones have been hacked and rendered inoperative
3) have changed ISP account names and passwords
4) have changed Email passwords, and/or closed Email accounts
5) have changed Wireless Network name
6) have changed Router Passwords
7) FDISKs and total reloads of OS and all else
8) Drive wiping with Drive Scrubber
9) have changed private unlisted phone number
10) have removed hacker's utilities and programs from systems when I have been able to identify them

I have to eliminate this and secure my systems.  Any advice you can give me will be greatly appreciated!

Ravenquille
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 11, 2010 2:18 pm

Re: Hacked: Advice Needed

Ravenquille...

First, I find it odd that you're asking about how much the CEH exam costs, in another thread, while asking about this.  It seems that MAYBE you've been poking around to learn some security (for whatever intention) and gotten yourself infected by trying to use some possibly 'less than ethical' material you've pulled down.

That said, IF you're legit... (I'm sorry, but this really does sound fishy to me... how about any other EH-net-ers reading this???)

All of the various things you've mentioned are helpful in eliminating spyware, viruses, rootkits (in the case of total drive wiping), etc.  If this truly keeps coming back, I'd only have a couple of good suggestions.

To begin with, if this is as serious as you lead us to believe, disconnect from the internet, before doing anything else.  Disconnect your entire home network.

1.) Wipe ALL machines, at the same time, all together, to ensure something isn't returning from one machine to another after cleaning up.

2.) Throw away ALL data you have stored, or at a minimum, have it professionally analyzed, to be sure that you don't have a remnant on USB key, external drives, or other storage media (ie - cdrom / dvd om backups)  This includes ANY installation media, with exception of store purchased CD / DVD install media for retail software, such as MS Windows, etc.  (Although, you COULD check them out to be safe, since you seem to be getting infected again so quickly, to ensure somehow, you didn't get some crazy, virus-laden media that somehow got onto shelves.)

3.) Email... print any you've wanted to keep saved (including those from online mail, such as GMAIL), then wipe all mail from your mailboxes, both on your local machine and the online mailboxes, to make sure something isn't slipping back in.

4.) remove yourself from ALL social media sites for a while (stop logging into facebook, myspace, etc, in the event you're somehow hitting someone's infected graphics posted therein, on a profile, etc.)

5.) Lastly, if you use a static IP, or if you host your own website and use DYNDNS or something to route to your local box with a hostname, change the hostname you use, or ask the ISP to change your static IP.  If EVERYTHING has been wiped, simultaneously, and you've done everything else, I find it hard to believe that someone randomly keeps finding you.

If none of this helps, and you keep getting hit again, then my advice would be to look at your close friends.  If your 'home' network has that much equipment, and you're looking to do security, etc, then I'd be willing to bet you've also had other folks you know, near your machines.

That said, though, I think, based on your two separate posts, that I'm not totally certain you're being totally honest here, so think hard before asking the next questions.............
Last edited by hayabusa on Thu Feb 11, 2010 2:21 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Feb 11, 2010 3:55 pm

Re: Hacked: Advice Needed

What are the symptoms you are seeing that makes you believe that you have been hacked?  Do you have logs, error messages, bandwidth reports, IDS logs, or anything else that has led you to believe that something is fishy? 

What encryption are you using on your Wireless router?  WEP?  WPA?  WPAv2??

Post some details about what you are seeing.
~~~~~~~~~~~~~~
Ketchup
<<

Ravenquille

Newbie
Newbie

Posts: 6

Joined: Thu Feb 11, 2010 11:51 am

Location: PA

Post Thu Feb 11, 2010 4:03 pm

Re: Hacked: Advice Needed

submitting documentation and reports of what is happening to me, and what I have been able to discover.  I requested a Forensic exam.  They seem to want some Identity Theft or bank account hacking or something to equal a crime.  Hacking into my phone service is a federal crime, but that is being ignored as well.  I have not been able to do anything to stop any of this.

I need help.  I can't work in this condition.hi hayabasa,
 I can assure you that I am 100% legit.  I am a Paralegal with Investigative training, and a Computer Consultant. working with Windows OS, other software, installations, instruction.  I won't say I am a computer whiz, but I am definitely not a newbie.  I am about to begin extensive Internet Investigation-related training with Joe Seanor.  One of my courses will be preparatory for EH Exam, that I hope to eventually take.  I am not currently a hacker in any level, and have no programming experience; nor do I have any Security training, other than the little bit I have taught myself.  I have been studying computer forensics as well, and would like to become proficient in that too.

 I was checking out the EH Exam Certification website just before posting the question about price; I hadn't read everything on the site at that point, so that did look fishy or stupid.

 No, I have never tried to use any 'less than ethical' material; as of yet I wouldn't know how.  What happened to me is that I stumbled onto something very nasty; and was put into something that is definitely not your usual botnet ( and I am familiar with them ).

 Yes, I did clear all machines at the same time, did all work offline, did not re-install anything.  I copied and printed any docs I wanted to keep.  ISP was notified, they will not monitor usage of my account without orders from police or FBI.  They control IPs, and will not allow static assignment to me.  They tell me I am responsible to keep my network secure.

 I did report to FBI.  The agent I spoke to did not have specific computer network experience; but does consider this very serious.  I have been


Thanks,

Ravenquille
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Thu Feb 11, 2010 5:54 pm

Re: Hacked: Advice Needed

Sounds like you need the help of an onsite professional, rather than remote individuals, if it is that serious.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 11, 2010 6:09 pm

Re: Hacked: Advice Needed

Ravenquill...

Hope you weren't offended.  just seemed odd (as you acknowledged  ;))

Keep us posted, and we'll help however we can, but as unsupported said, if it's THAT serious, you may need a professional, onsite, to look at this.

But again, we're here for help / advice, so if we can, we will.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

What90

Full Member
Full Member

Posts: 120

Joined: Sat Jun 09, 2007 2:23 am

Location: Syndey, Australia

Post Thu Feb 11, 2010 6:11 pm

Re: Hacked: Advice Needed

As unsupported suggests, if this is critical for your work, then hire a professional in to fix you up.

Without knowing the specifics of your case and how you're detecting the compromise, means that only general advice can be offered.

Turn off your wireless until it is locked down so you can prove only your machines are connecting to it. WPA2, mac filtering, the latest firmware (or a new wireless router) and a very long, complex key are a good start.

If you have started from a total fully patched clean system, then you need to lock down your firewall to only allow outbound traffic to a small number of highly trusted IP addresses.

Eg
Gmail via https
Open DNS servers for name resolution

Slowly add to that list when you need to access certain sites.

You should be logging all outbound connections. There's a great pre-built vm image called Open Source Security Information Management from http://www.alienvault.com/community.php?section=Vmware.

You should be able to point your router and other systems to this image for recording their logs and traffic. This will give you a great understanding of what is happening on your network. The learning curve isn't too bad.  

All of these suggestions will cripple your internet experience, but should get you to a safer place or at least give you clear evdience and logs of what is actually happening on your network.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 11, 2010 6:13 pm

Re: Hacked: Advice Needed

Also, even with the gmail / https suggested, be careful.  If whoever is attacking is good enough to be that deep, https / gmail likely isn't going to be 'secure'  HTTPS, if the attacker has access to your machines, is actually very easy to get around.

Again, we can only give some advice, and can't really defend for you, etc, but the more specifics you can give, the better we may be able to advise, a bit more.
Last edited by hayabusa on Thu Feb 11, 2010 6:16 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Thu Feb 11, 2010 7:04 pm

Re: Hacked: Advice Needed

Ok, let's step back and rewind this a little.  What exactly is happening?  How are they going after your cable modem, wireless router, phone, etc?


First, most importantly, use least privildge.  Log onto the machine as a user account and not an administrator.  Only use the admin as needed.

Ok, while everyone else is making suggestions, in addition to your firewall, install a Snort IDS, maybe even a web proxy if you so desire, and definately HIPS on all machines.

Also, you mention the private residential phone is being hacked, is it a VOIP phone or a regular land line (POTS)?  You also said they are going after your wireless, which may mean they are local.  Use OpenVPN on your wireless in order add another layer encryption over your wireless.

So, this is pretty serious.. you can keep patch working your security back together, but it may come to needing a professional.  I am sure we could recommend someone based upon your location.

Either that, or just go to your pantry, grab the tin foil, and make yourself a hat.  'Cause maybe it's The Man.
Last edited by unsupported on Thu Feb 11, 2010 7:10 pm, edited 1 time in total.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 11, 2010 7:44 pm

Re: Hacked: Advice Needed

All good points by unsupported.  And his questions are very valid, and really, to help ANY more than we are, we'd need much more detail on exactly what you're seeing, what data shows you're being hacked, etc.

That said...

Heck, were it me (and it's thankfully not,) I might even consider throwing a honeypot or two on your network, to help keep the person(s) occupied, while you utilize the other tools that were noted, both to protect, and to analyze the attacks to see if you can gather more info about the attacker.

These don't necessarily prevent the access they've gained, but at this point, whomever is doing the deed obviously has a decent grip on your setup and how to get to it, so at LEAST you could throw some 'interesting' stuff into the mix, to buy some time, especially if, for now, you've removed any private data you don't want them to see.

Again, I'd be very wary of people 'close to you,' as, based on the intensity they seem to have in coming after YOU, there's at least a very real chance that they're gunning specifically for YOUR data, for whatever reason.  I don't know of many hackers that would target your ISP, your home network, your phone lines, and all, knowing they're adding to the risk of being caught by spending so much effort on one 'home network,' if it's not someone that either knows you, has a bone to pick, is targeting you or your business, specifically, or is very close by, physically, to your home.

After all, you'd said:

"What happened to me is that I stumbled onto something very nasty; and was put into something that is definitely not your usual botnet ( and I am familiar with them )."

I'd follow the advice given here, by unsupported, myself and others, and look for an IT Security professional in your area to look at this.  Not your local Best Buy Geek Squad (I know you already know this) or your local repair folks, but someone with more background and experience specifically in Security.  If the FBI is asking for more data, then the right people can hopefully help you GET that data.  Again, we're here to help where we can, it's just that we can't offer much more than suggestions, without being directly involved in your situation and in possession of more info than we are really privileged to have, or have been given thus far, based on the circumstances.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ravenquille

Newbie
Newbie

Posts: 6

Joined: Thu Feb 11, 2010 11:51 am

Location: PA

Post Thu Feb 11, 2010 9:54 pm

Re: Hacked: Advice Needed

hayabasa,
  No I wasn't offended, I understand your caution.


To Everyone,

  Thanks for all your responses.  I will read all over very carefully; and please know that I deeply appreciate them.  I am sorry, I see I have a weird post here.  Weird stuff was going on.  I kept being logged-off for no reason; and I actually typed 3 very lengthy posts which I could not post to the forum.  The posting window kept jumping all over the place making it a real trick to type at all.  My guess is that my posting was possibly being intercepted, or they tried to do so.  Nothing new.
It appears that only part of 2 posts showed up on the forum; which adds to the confusion.  I had to go out, just got back.  I will try to give you all some more details, although I feel that I must be somewhat careful.
In this post, I will give you some background info on what happened.  In the next post, I will give you some examples of what I am seeing which evidences hacking.

1) No, This is not anyone close to me, either in location or otherwise.  When this began, I had just moved to this location, from quite a distance away.  I literally knew no one.  No one has access to my computers, either.  There was never a problem at the other residence.

2) Yes, it is safe to say that someone wants to watch me specifically.  This is because of my connection monitoring, tracking, documenting, and reporting things all over the place.  By ‘all over the place’, I mean places like some specific Computer Tech Forums,  Microsoft, the Department of Homeland Security, the FBI.  All of this started quite by accident:  I literally stumbled onto something.  I discovered a Windows Exploit.  I observed that someone was ‘marking’ websites with strange icons.  I do not mean Favicons.  These were odd icons designed specific to each website, that appeared in whatever browser I was using, when I accessed various websites.  I first noticed this in OurChurch.com, with Christian Ministry websites; soon, however, I noticed that they were appearing on other website searches as well.  I had online friends in 2 different states, and 2 countries also checking these things out for me.  The phenomenon was duplicated for everyone.  This may have been adding the website owners and their visitors to a botnet.  I reported this to Microsoft; they asked me to file a report in a very technical way, I had no idea how to do.  I reported this on a few Forums, and kept detailed records.  I reported this to the Department of Homeland Security after my posts on the Forums were suddenly intercepted, my email intercepted, or made in accessible.  I actually had my printer prevented from printing ( putting ink on the page ) while in the midst of typing a report I actually did manage to email the Department of Homeland Security.  I called them and spoke to someone who listened, believed me, and was as helpful as he could be.  He could do nothing unless I could verify specific national security threats.  He told me to wipe my systems, of course, but that did not help.
Shortly after that email and call, my landline home phone service ( private, unlisted number ) was hacked into.  My local long distance was eliminated.  At the same time, my separate long distance provider service was also hacked into: all long distance in my area code was suddenly removed from my account.  My MySpace accounts were made inaccessible.  My desktop was then programmed so that I was unable to get online at all.
I believe all this was done to keep me from contacting authorities.  I left it all intact for forensic reasons.  ( It still is intact, I have not used it at all.  I use a new laptop at present. )  I have continued to study the 2 laptops and the other desktop connections, files, activities.  I have discovered some very disturbing things.

As I mentioned, I went to my local police, who were frightened and completely unable to deal with my situation.  They sent me to the State Police.  The State Police were cocky and said I should go to the FBI because the phone thing was a federal issue.  I contacted the County District Attorney, to try to discover who the county had available for forensics in a case such as this.  I was told that this county literally does not have even one person trained and qualified in computer forensics.  They told me that if they were faced with some sort of computer crime, they would have to contact the State  of PA Forensic people in Harrisburg.  ( Now, of course, I realize that there are IT Security people likely working in this county; but they are not available to the public, or private individuals.  )
Next post, details of what I see in my systems.

Ravenquille
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Feb 11, 2010 10:19 pm

Re: Hacked: Advice Needed

Ravenquille,

The Feds are not going to be interested in your case.  They are backlogged at all times.  I would need to know what damage has occurred from this incident before I can tell you whether state or local police would be interested.  There are quite a few towns in PA, especially around major cities that have forensics capabilities, but I am not yet sure if they would take your case. 

I will await more details before I make my final recommendation, but your best bet is to get an attorney and engage a forensics investigator that is trained in intrusions, with the attorney's help. 

What you are describing is doable, but it's a lot of trouble for someone to go through to mess with you. 

We are looking forward to some details.  Don't post any IP addresses, passwords, or any other sensitive information.
~~~~~~~~~~~~~~
Ketchup
<<

Ravenquille

Newbie
Newbie

Posts: 6

Joined: Thu Feb 11, 2010 11:51 am

Location: PA

Post Thu Feb 11, 2010 11:13 pm

Re: Hacked: Advice Needed

To Everyone:

Details of what I am seeing, what I am finding, what I am experiencing which evidences hacking:
Have to post in parts, as this is so long.

I will just jump in somewhere, as all this is very complex.

1)  My Belkin Router page is not accessible.  My network name has been changed by the hackers.  I had the most security available to that router, but it didn’t help.  They are providing a network called Belkin54g which is supposedly unsecured now.  This IS going through my ISP, but is being redirected from there.

2)  Here is my laptop right now: netstat  ( note the high ports )

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\DEBORAH>netstat

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:49161        DEBORAH-LAP:49537      TIME_WAIT
  TCP    192.168.2.4:49324      iad04s01-in-f189:https  ESTABLISHED
  TCP    192.168.2.4:49442      s204887828:http        CLOSE_WAIT
  TCP    192.168.2.4:49448      s204887828:http        CLOSE_WAIT
  TCP    192.168.2.4:49472      vw-in-f100:http        TIME_WAIT
  TCP    192.168.2.4:49475      206-84:http            TIME_WAIT
  TCP    192.168.2.4:49476      iad04s01-in-f167:http  TIME_WAIT
  TCP    192.168.2.4:49480      66.211.169.2:http      TIME_WAIT
  TCP    192.168.2.4:49482      iad04s01-in-f167:http  TIME_WAIT
  TCP    192.168.2.4:49484      iad04s01-in-f154:http  TIME_WAIT
  TCP    192.168.2.4:49486      72.21.207.5:http      TIME_WAIT

3) Here is my laptop right now, ipconfig:

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\DEBORAH>ipconfig

Windows IP Configuration


Wireless LAN adapter BLACKWING2:

  Connection-specific DNS Suffix  . : Belkin
  Link-local IPv6 Address . . . . . : fe80::d130:b9a8:7273:7c6c%11
  IPv4 Address. . . . . . . . . . . : 192.168.2.4
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.2.1

Ethernet adapter Local Area Connection:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 6:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 7:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 21:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 22:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 23:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 27:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 28:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 30:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 31:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 33:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 34:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 36:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 37:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 38:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 40:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 41:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 42:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 43:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 44:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 45:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 46:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 47:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 12:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . : Belkin

C:\Users\DEBORAH>

4)  I recently uninstalled ‘Microsoft Network Monitor 3’; which the hackers had installed in this laptop.
5)  They have enabled all the Remote operations, which I have always kept disabled.  I cannot disable any of these; and they enable File and Printer Sharing.
6) I disable Windows Messenger, they enable it.
7) This log is from Computer Management/Event Properties:
WLAN AutoConfig service has successfully connected to a wireless network.

Network Adapter: Intel(R) PRO/Wireless 3945ABG Network Connection
Interface GUID: {daf6ba8e-8071-48b4-82af-7e5bf8f22606}
Connection Mode: Connection to an unsecure network without a profile
Profile Name: belkin54g
SSID: belkin54g
BSS Type: Infrastructure
BSSID: 00:11:50:F3:53:78
PHY Type: 802.11g
Authentication: Open
Encryption: None
802.1x Enabled: No
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 11, 2010 11:29 pm

Re: Hacked: Advice Needed

So first note (more to come, as we analyze further and dig more) is that the network they are providing (Belkin54g, as you mentioned) is the default for that router, so it looks as though, at some point, they completely reset it.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ravenquille

Newbie
Newbie

Posts: 6

Joined: Thu Feb 11, 2010 11:51 am

Location: PA

Post Thu Feb 11, 2010 11:47 pm

Re: Hacked: Advice Needed

Ketchup,
I will respond in parenthesis within the quote of your post.



Ketchup wrote:Ravenquille,

The Feds are not going to be interested in your case.   They are backlogged at all times.  

( The FBI is interested, but yes, I am completely aware of their extreme workload. )

I would need to know what damage has occurred from this incident before I can tell you whether state or local police would be interested.

( Local and State Police in my area are unable to deal with this, they have told me.  The damage is a hacked phone account and constant phone monitoring, my internet service being used by hackers, running up extreme bandwidth, 4 computers being hijacked and being used to hide and channel files, photographs, tv/video, and I believe possible telephone and cell phone communications.  I do not believe that the object here is the usual stealing of banking, credit card info, or identity theft.  There has been nothing like that with us, as we have never done any sort of online accounting or purchases; and I do not store personal info of that kind on my systems. )

 There are quite a few towns in PA, especially around major cities that have forensics capabilities, but I am not yet sure if they would take your case.  

( There is nothing anywhere near my location.  I have researched this and know where they are. )

I will await more details before I make my final recommendation, but your best bet is to get an attorney and engage a forensics investigator that is trained in intrusions, with the attorney's help.  

( I have discussed this with an attorney ( DA ).  Nothing can be done as there is no crime per-se; and no way to really identify the hacker or hackers.  If out of the US, there is that issue as well.  This is in the jurisdiction of the FBI, according to what everyone has told me.  My only recourse is police/FBI as far as forensics are concerned; unless someone private wants to take on a challenge, or I learn to do it myself.  I have no financial resources to pay an attorney or private forensic specialist in any case; completely impossible. )

What you are describing is doable, but it's a lot of trouble for someone to go through to mess with you.  

We are looking forward to some details.   Don't post any IP addresses, passwords, or any other sensitive information.

( I posted before that recommendation.  Oh well...they already have me hacked in any case. )  I just need to clear and secure, if I can't nail them. I would love to expose and enable prosecution of course, but I am getting sick of this now. )

Ravenquille
Next

Return to Incident Response

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software