|
Apologises if there is a more appropriate place for this post... I was recently a victim of a Remote Access attack, the person started controlling my pc and talking to me via chat windows and open txt files. I have Windows 7 64bit (with remote access off) windows firewall on, NOD32, and paid Malwarebytes Pro and a firewall on my router. So first how did this happen? Well i believe the attacker actually had access to my Pc physically when i wasn't there, which seems plausible... How do i fix it? Well I nuked the hard drive, reinstalled windows and started from scratch (note it was a reinstall), I reset my hub/router to factory default. (Paranoid he installed a trojan on my second harddrive 2TB of data) My main question is how do i prevent this from happening again? How can i check for remote access? How do i know if someone is snooping my every move? I feel like my privacy has been invaded and am very paranoid about using my machine now. My Pc is my little safe place, where I goto unwind and relax. The fact that it has been compromised despite security measures has me a little shaken. Any advice? I don't download dodgy files, I don't visit questionable sites and I assumed I had good security measures. Currently changing all passwords. In regards to the physical access, the pc was passworded and turned off, not left unattended logged in. Manac0r fucked around with this message at Mar 7, 2013 around 08:57 |
| # ? Mar 7, 2013 08:49 |
|
|
|
| # ? May 22, 2013 09:20 |
|
|
Does anyone else have physical access to your computer - the most common way for an attack of this kind (when you're locked down to external attacks) is via social engineering. Cold caller persuades a non-computer-literate relative to go onto your computer because they have detected you have a terrible, terrible virus that can cause terrible things to happen. They get them visit a legit remote control website, and allow full access to the nice 'technical support' guy who then has free access to your computer and can install some 'anti-virial' software for you. edit: You answered my question in an edit, so now my question is redundant! I'd still be looking at people with physical access (even in the past), since they 'chatted' with you, which is hardly regular practice for someone looking to steal your personal information. What did they chat about? cynic fucked around with this message at Mar 7, 2013 around 10:23 |
| # ? Mar 7, 2013 10:20 |
|
|
I have a very good idea who it was and how it happened. The person was a hired technician who was left unsupervised in the vicinity of my PC ( he wasn't working on my Pc). Needless to say this person will not get another chance to physically get at my PC again. My main concern is if it happens again (my machine is still vulnerable), or how to even check if it is happening again, my security software did not pick this attack up at all. I have done a reinstall, but a slight twinge of paranoia makes me uneasy using my machine ( I agree I don't think this was a malicious attack, as the intruder could have used my information without alerting me to their presence) it's more the invasion of personal/private space. Is there a program to check for intruders or attacks of this kind? I went into windows firewall and despite remote access being turned off, certain Remote rules were enabled, so I disabled them.
|
| # ? Mar 7, 2013 11:21 |
|
|
Always lock your computer when you're not on it.
|
| # ? Mar 7, 2013 11:54 |
|
|
Ana5000 posted:Always lock your computer when you're not on it. The Pc was powered off, and passworded.
|
| # ? Mar 7, 2013 12:03 |
|
|
Is your PC set to boot from CDs/USB drives before the hard disks? And if it isn't, the the BIOS passworded or just Windows? e: If he was alone long enough, could've even opened up your PC and just directly accessed your harddisk via eSATA or something like this: http://www.amazon.com/Sabrent-Drive...2/dp/B004JKD0U4 Tamba fucked around with this message at Mar 7, 2013 around 12:16 |
| # ? Mar 7, 2013 12:07 |
|
|
Just a windows password, this is a home Pc so the threat of a physical attack is rare.
|
| # ? Mar 7, 2013 12:14 |
|
|
Well then it's just - Turn on the PC, press whatever key you need to get into the BIOS - Set it to boot from USB - Boot from your USB drive, install whatever you need - Reboot, revert the BIOS-settings Should be doable in less than 10 minutes if you're prepared.
|
| # ? Mar 7, 2013 12:26 |
|
|
Yeah I absolutely understand how he carried out the attack, although I can't prove it. I'm hoping the reinstall will sort out whatever exploit he setup... To reiterate: My main question is how do I prevent this from happening again? (Solved Bios password). How can I check for remote access? How do I know if someone is snooping my every move? Is there a program that views all connections into my Pc and highlights suspicious activity?
|
| # ? Mar 7, 2013 12:39 |
|
|
One option is Full Disk Encryption. Check out BitLocker (Windows 7 Pro/Ultimate only) or TrueCrypt. If the disk is encrypted, an attacker will have a much harder time installing an exploit offline (e.g. via bootable USB) even if they do have physical access to your machine for a time.
|
| # ? Mar 7, 2013 13:52 |
|
|
So yeah using TCPview seems like a solution... What is TCPview? http://www.allscoop.com/tcp-view.php http://www.watchingthenet.com/how-t...in-windows.html Where can I download this? http://technet.microsoft.com/en-us/...ernals/bb897437
|
| # ? Mar 7, 2013 14:38 |
|
|
nvm
|
| # ? Mar 7, 2013 18:23 |
|
|
You can't trust software on the possibly compromised PC to tell you whether or not it's compromised (including network connections). You'd have to use some kind of network monitoring software running elsewhere to be 100% sure (well, not 100%...). Maybe this doesn't apply for you, but the vast majority of attackers don't gain access via physical access, it's gained by people downloading malicious software or visiting a malicious site (or a site with malicious ads running unintentionally), even when they believe that's not the case.
|
| # ? Mar 7, 2013 21:25 |
|
|
This might not be what you want to hear but I wouldn't spend too much effort on locking down your PC from someone getting to it physically. If you do have proof it was the technician that "hacked" your computer I would start making his life hell. If the proof is sound I would probably lawyer up first then contact his employer, law enforcement, and the local news about this. Privacy is a real big deal and I bet you could get a great piece done on this.
|
| # ? Mar 7, 2013 22:47 |
|
|
I think it would be more effective to lock the door to the room your computer is in.
|
| # ? Mar 8, 2013 02:09 |
|
|
Install truecrypt, use a strong password, and never worry about this happening again. Call the non-emergency line for the police and report the technician.
|
| # ? Mar 8, 2013 02:29 |
|
|
Good call on the disk encryption. When you set it up you probably want to use a pass-phrase instead of a password. Easier to remember than v2334$$^^Yvfdsds or whatever.
|
| # ? Mar 8, 2013 02:38 |
|
|
Do you have any real reason to think that technician is the one who compromised your system other than this happened some time after he was there? How much longer after he was there did this happen?
|
| # ? Mar 8, 2013 04:41 |
|
|
I think what the OP's asking is how they can make sure everything's cleaned up (like no malware lurking on the data drive), and how to keep an eye on things so they can be sure nothing suspicious is going on, not how to stop someone getting physical access in future
|
| # ? Mar 9, 2013 22:05 |
|
|
baka kaba posted:I think what the OP's asking is how they can make sure everything's cleaned up (like no malware lurking on the data drive), and how to keep an eye on things so they can be sure nothing suspicious is going on, not how to stop someone getting physical access in future This. So much this!
|
| # ? Mar 12, 2013 23:07 |
|
|
Manac0r, be honest with me. You're somewhere in Asia. I am guessing India but Malaysia/Indonesia/Philippines are also possible. Am I right?
|
| # ? Mar 13, 2013 00:54 |
|
|
Manac0r posted:This. So much this! You nuked the Windows install, so that side should be fine. Only downside is now its really hard to find out what method of access was used. My bets are really not on a virus but a legit VNC client or remote access program. Run your data drive through a decent gamut of viral/malware scans from a boot CD without your system drive connected and call it a day? Don't launch unknown applications off the data drive. If this technician was really putting remote access capability on your computer, why would he start chatting with you and blow the cover? Any housemates/friends have access?
|
| # ? Mar 13, 2013 02:30 |
|
|
http://arstechnica.com/tech-policy/...-their-webcams/ Be afraid! One thing for the future might be to use system restore (built into windows backup). If anything weird happens you can revert to a previous system image. Of course you might still be vulnerable. 
|
| # ? Mar 13, 2013 02:35 |
|
|
Jago posted:http://arstechnica.com/tech-policy/...-their-webcams/ That would work for a VNC sort of thing, but malware loves to hide in system restore (though I imagine that's why you said it might still be vulnerable). As others have said, nuking was the best course to clean it and then I would still scan the data drive with AV just in case.
|
| # ? Mar 13, 2013 02:48 |
|
|
Thanks for all the input. Has provided some measure of relief. I am based in the Uk, not Asia as one goon was asking, and wasn't victim to one of the telephone scams that originate from that area. As to why, I believe the intruder got bored of watching me play Steam games, and decided to play with me instead. Putting up the service Tag of my laptop and then flashing it to get my attention was the first clue of many.
|
| # ? Mar 13, 2013 06:23 |
|
|
Pay the technician a friendly visit.
|
| # ? Mar 13, 2013 11:52 |
|
|
The first thing I'd be doing is calling this guy's boss, for sure. Another thing I'd probably do if I were you, and I'm not trying to sound like a dick here, but I'd probably book a session with a psychiatrist because you're throwing some pretty major schizophrenia red flags here, dude. (I've got a schizophrenic in the family, just saying) Comedy option, Buy yourself a safe. When you're not using your computer, lock your computer in the safe. Don't give out the combination to anyone. When you want to play your steam games, pull the computer out and hook it up. When you're done, lock it back up again.
|
| # ? Mar 13, 2013 17:33 |
|
|
Manac0r posted:Thanks for all the input. Has provided some measure of relief. I am based in the Uk, not Asia as one goon was asking, and wasn't victim to one of the telephone scams that originate from that area. The service tag can often be read from withing windows, that doesn't necessarily mean it was the service guy who did it.
|
| # ? Mar 13, 2013 18:05 |
|
|
flattening and reinstalling your system drive is comparable to glassing a planet since it's the only way to be sure. You did that, so you are fine there.
|
| # ? Mar 13, 2013 19:51 |
|
|
Ninja Rope posted:The service tag can often be read from withing windows, that doesn't necessarily mean it was the service guy who did it. I wasn't on my laptop, I was on my desktop and he also mentioned a problem that I had recently with it. That problem was only discussed on the phone with Dell. I cant prove it obviously.
|
| # ? Mar 13, 2013 19:53 |
|
|
originalnickname posted:Another thing I'd probably do if I were you, and I'm not trying to sound like a dick here, but I'd probably book a session with a psychiatrist because you're throwing some pretty major schizophrenia red flags here, dude. (I've got a schizophrenic in the family, just saying)
|
| # ? Mar 14, 2013 01:23 |
|
|
I'm not sure I would call it schizophrenia but a victim of any crime usually displays some form of paranoia afterwards. While it was only my 'cyberspace' that was invaded, it was still intrusive, and it was done by someone who was in a position of trust and violated that trust. These messages may come off paranoid but the incident was fresh when I started the thread, to realise someone had been watching me, for over 6 weeks was a shock. Its akin to waking up and finding your house bugged, Why? Who? What did they hear/see? Are there any more bugs in the house? Is that person schizophrenic for thinking those things? (they are if there weren't any bugs in the first place, but in this analogy there were.) I m assuming those thinking I need psychiatric help must read my messages in a certain tone, and have never had their personal space invaded/assaulted. Remember if a keylogger had been installed all my personal details, from online banking, to any online password I have would have been compromised and were at risk. I was looking for some advice on how to make sure my system was clean and the incident didn't repeat itself. That was all. And as time has moved on the paranoia subsides, I don't think my machine is still open to a cyber stalker and routine returns. Manac0r fucked around with this message at Mar 14, 2013 around 06:59 |
| # ? Mar 14, 2013 06:35 |
|
|
|
| # ? May 22, 2013 09:20 |
|
|
Manac0r posted:I m assuming those thinking I need psychiatric help must read my messages in a certain tone, and have never had their personal space invaded/assaulted. Remember if a keylogger had been installed all my personal details, from online banking, to any online password I have would have been compromised and were at risk. If you're concerned about this, one thing I can suggest is setting up a password manager and two-factor authentication, if you haven't already. I use LastPass; it generates random passwords for all my accounts and stores them in an encrypted file that I can only access if I have the master password and the time code from the google app on my phone. If any of my passwords are compromised, it takes no time at all to update the password on Paypal or wherever and save the new password to LastPass - no memorisation required. I also have two-factor authentication on my email, so if a keylogger gets that password they still can't log in without my phone. Obviously none of that is going to stop an attacker who has remoted into your computer, but it goes a long way towards damage control and improving your internet security in general. I used to share the same password between my email, Paypal, Facebook, and so on... now they're all unique passwords and I can change them in seconds if I'm worried someone else has access to them.
|
| # ? Mar 14, 2013 08:44 |
|
