Planet Descent
Community => Mess Hall => Topic started by: VANGUARD on September 29, 2011, 07:38:09 AM
-
My mom has a friend who is married to a computer nerd. He has his own computer business and has been doing that for many years. He knows quite a bit.
He is also quite a sneak and possibly a hacker. He has gotten into his wifes' emails, and attempted to get into my moms voicemail.
He also managed to get into his wifes' friends email and retrieve some files.
I tell you this to give you an idea of what kind of a person/hacker this person is.
We basically have an iMac, a macbook, and a laptop that will either contain PCLinuxOS or Mandriva.
My mom is concerned that he may try to hack into her computer and read documents, email, etc..
Are there ways to know if someone is hacking into her computer? Does a firewall work well or not?
-
Wow, what a bastard.
I'm no security guru but I would think that these would be reasonable precautions:
Just make sure you have a good hardware firewall as part of your home's wireless router.
Make sure your passwords to *everything* are strong and cryptic.
You might be wise to turn off things like Remote Assistance in Windows.
Make sure you have Either Microsoft Security Essentials or [ Windows Defender + another antivirus ] on your Windows boxes.
Use a really solid browser like Chrome or Opera. I've found that Firefox is pretty easy to hijack these days.
I would run CCleaner and Spybot once in a while as well. Clear your browser's saved form history every so often to make sure that credit card details aren't stored long-term.
Don't add anyone you don't know to MSN or anything. They can screw you pretty badly through there.
Any really critical/sensitive data - store it on a USB key and disconnect it from the PC when you're not accessing it and lock it away in a safe / whatever.
Start shredding your papers - anything with an account/phone number.
Regarding phones: there's nothing you can really do about them. GSM and voicemail security is just awful. It's a scandal.
-
I did suggest a USB card to my mom, and I also want to say we discussed about having the computers off more often.
is there ANY chance to hack into a PC that is turned off? I don't see how it's possible.
yeah, clearing the cookies, password reminders. a friend of mine did mention about having letters, numbers and symbols (some I know don't accept symbols in passwords)
not to save password info.
with firewalls, what are you preventing? just the out of the blue person trying to get in? you can still download things and still steam videos, etc, right? just need to give them permission? I'm sure we've had firewalls up before, just not sure how they really work. may have to look more into that.
-
If you have proof about your claims, you can report him to the police, because then what he is doing would be illegal.
-
Unless you're in the UK, where the police will probably help him out. :)
No way on God's green earth to jack a PC when it's off or in standby or in hibernation. It has to be *fully running* for it to be doing anything.
It's like stealing your car without it leaving the garage otherwise.
The hard disks have to be turning to access your data, the CPU, OS, everything has to be running to control the disk and the network has to be connected and running to get the data onto the internet.
Don't bother installing a special software firewall if the PC isn't really leaving the house. Most antivirus suites have them built-in anyway. Windows obviously has its own and anything with "Internet Security" written on it is always: [ Antivirus + Software Firewall + maybe a couple of other things ].
99.9% of routers have a hardware firewall, which is much more effective in general because the router stops the goings-on before it even touches the PC itself.
With a software firewall the thing your trying to stop is already *on* the PC before it's detected.
You can always get at your router control panel through your browser *if* you're already connected to your wireless network. (ie. Joe Public can't get at it obviously).
Normally, if you type 192.168.1.254 into your brower's address bar, it'll take you there and you can see if its firewall is running.
If your router doesn't give you "WPA"-level security (ie. it only gives you "WEP" security) you need to get a new one because WEP is quite easy to break into.
Basically, the firewall stops trojan programs from sending sensitive data (which it collects from your browsing etc and keystrokes) from your PC to the bastards stealing the data.
The firewall just looks at the signal and if it's dodgy it blocks it from going out. That's why you used to have to open a port for bittorrent clients to run across a hardware firewall. But they're much cleverer now so there's none of that anymore.
I'm not sure how watertight effective router / hardware firewalls are because everyone has them but they're much better than software.
-
Turning off the computer entirely isn't really necessary.
She could just disconnect from the internet and the home network (if there is a home network) when she's not using her computer.
It's more convenient and definitely a lot faster than booting up every time she wants to use the computer.
-
The BEST thing you can immediately do, is change passwords for EVERTHING. Usernames for accessing the computer (ALL of them, not just the ones that are getting used), email accounts, etc. Use strong passwords (contains upper and lower case, letters and numbers, at least 10 to 12 characters...). DO NOT use the same password for multiple items.
If he can hack around all that, most safety/security products wouldn't be able to stop him. As is, doesn't sound like he's anywhere near that sophisticated anyway.
-
I highly doubt this is a case of actual hacking so much as password guessing. As it is, true hacking is 99.999~% impossible for computer behind a router. The very nature of IP addressing over the internet and NAT prevents it. For a computer behind a router to get "hacked", the user has to initiate it somehow. Viewing a bad web page or email being the most common, along with downloading and running a bad file. That aside, your email is not even technically on your computer, it's at a datacenter somewhere. The same goes for your voicemail, except you can't really get your home phone keylogged. So... Antivirus + don't click on ANY ad banners, period, no exceptions + A good browser and adblocker (makes #2 redundant, but meh) + don't open suspicious emails, etc. Fairly common stuff. You wouldn't believe how many viruses come from malicious ads. I had, before I installed adblock, numerous attempts from banners ads to install malware without any interaction from me at all besides loading the page. I mean it... Install adblock! It'll make your browsing faster too!
And if for some insane reason you're not using a router (A near impossibility with wireless devices, mind you) get one. Like, now.
-
The criminal's best chance is to get some software onto your PC.
In order for him to do that specifically to you, he has to enter into communication with you.
Easiest way is by Email but like I say, be careful who you add on MSN etc.
Whether or not your email is on your PC depends on whether you use a webmail like hotmail/gmail (in which case it's all stored by your email provider) or whether you use a program that downloads it to the computer like Thunderbird / Outlook.
I like to have my email on my PC and nowhere else. If anything, it's more secure that way because it's a question of anyone somehow hacking your PC and then finding some remarkable way of getting the email data back to them.
With webmail, all they have to do is guess the password to the website as long as they know your address.
Different and complex passwords, like TP describes is the best advice.
Having said that, you'd be surprised how shockingly bad the security is on some sites. Anything written with Dreamweaver just does the most childlike-simple encryption on passwords, (as in A = B, B = C etc.).
If you had a conversion table you could figure out someone's password very easily (which is just one reason why Dreamweaver is useless).
This is all a bit irrelevant but ... anyway.
-
... As it is, true hacking is 99.999~% impossible for computer behind a router. The very nature of IP addressing over the internet and NAT prevents it. For a computer behind a router to get "hacked", the user has to initiate it somehow.
...
...
And if for some insane reason you're not using a router (A near impossibility with wireless devices, mind you) get one. Like, now.
In actuality, Firewalls are not that good. Firewalls (hardware or software based) only close openings that computers/software can converse through. Sadly, the same 'openings' that you commonly use for Internet communications are the same ones hackers target for getting to your systems (they, like the firewall makers, know what those openings are). A Firewall only reduces how many of the openings are sitting open waiting for someone to use it, which in turn makes it more difficult for the hacker. A really capable hacker would not be stopped by a firewall, only has to work a bit harder.
That said, a Firewall is (like IHateHackers said) a necessity because it greatly reduces the chances of getting hacked.
If the IMac and MacBook that Vanguard mentioned have current Mac OS on them, they have firewalls in the OS. Since he mentions at least 3 or 4 computers, I'd assume they have wireless which would have a hardware firewall at the router... So all that helps. The rest is up to passwords and safe computer usage.
-
Unless you're in the UK, where the police will probably help him out. :)
No way on God's green earth to jack a PC when it's off or in standby or in hibernation. It has to be *fully running* for it to be doing anything.
It's like stealing your car without it leaving the garage otherwise.
The hard disks have to be turning to access your data, the CPU, OS, everything has to be running to control the disk and the network has to be connected and running to get the data onto the internet.
Don't bother installing a special software firewall if the PC isn't really leaving the house. Most antivirus suites have them built-in anyway. Windows obviously has its own and anything with "Internet Security" written on it is always: [ Antivirus + Software Firewall + maybe a couple of other things ].
99.9% of routers have a hardware firewall, which is much more effective in general because the router stops the goings-on before it even touches the PC itself.
With a software firewall the thing your trying to stop is already *on* the PC before it's detected.
You can always get at your router control panel through your browser *if* you're already connected to your wireless network. (ie. Joe Public can't get at it obviously).
Normally, if you type 192.168.1.254 into your brower's address bar, it'll take you there and you can see if its firewall is running.
If your router doesn't give you "WPA"-level security (ie. it only gives you "WEP" security) you need to get a new one because WEP is quite easy to break into.
Basically, the firewall stops trojan programs from sending sensitive data (which it collects from your browsing etc and keystrokes) from your PC to the bastards stealing the data.
The firewall just looks at the signal and if it's dodgy it blocks it from going out. That's why you used to have to open a port for bittorrent clients to run across a hardware firewall. But they're much cleverer now so there's none of that anymore.
I'm not sure how watertight effective router / hardware firewalls are because everyone has them but they're much better than software.
Even a slight suggestion to the FBI and they will be on his case...they are very keen to investigate these people as who knows what else he is doing, he seems to be showing off at the moment, I have worked with the feds on cases in England...trust me a visit from those guys will curb him proper
-
If you have proof about your claims, you can report him to the police, because then what he is doing would be illegal.
Exactly what I was going to suggest. While all these other suggestions will no doubt help and probably a good idea to do either way, going to the police and getting him arrested would probably help the most, as that takes your known hacker out of the picture, circumstances pending.
-
... As it is, true hacking is 99.999~% impossible for computer behind a router. The very nature of IP addressing over the internet and NAT prevents it. For a computer behind a router to get "hacked", the user has to initiate it somehow.
...
...
And if for some insane reason you're not using a router (A near impossibility with wireless devices, mind you) get one. Like, now.
In actuality, Firewalls are not that good. Firewalls (hardware or software based) only close openings that computers/software can converse through. Sadly, the same 'openings' that you commonly use for Internet communications are the same ones hackers target for getting to your systems (they, like the firewall makers, know what those openings are). A Firewall only reduces how many of the openings are sitting open waiting for someone to use it, which in turn makes it more difficult for the hacker. A really capable hacker would not be stopped by a firewall, only has to work a bit harder.
That said, a Firewall is (like IHateHackers said) a necessity because it greatly reduces the chances of getting hacked.
If the IMac and MacBook that Vanguard mentioned have current Mac OS on them, they have firewalls in the OS. Since he mentions at least 3 or 4 computers, I'd assume they have wireless which would have a hardware firewall at the router... So all that helps. The rest is up to passwords and safe computer usage.
Even so, the router needs to know which computer to forward the hacker's connection to, which it can't without a forwarded port. My understanding is that HTTP, etc. gets through because the connection is triggered from the inside. Is this not correct?
-
The thing I hate are these sites that seem to reveal your stuff. my sister pointed out that our names, and parents names were somewhere on the web. out in the open.
I don't like reunion, mylife, facebook, twitter, etc. partially because of this.
thank you all for your replies. Instead of quoting each person, for me anyways, that may take time to copy+paste original topics.
I'll just do my best here:
Firewalls can help, maybe with the average novice hacker, but not the more advance one.
USB flash cards can at least protect your documents, etc; as long as you also unplug it.
Clearing cookies/cache.
Password with letters, numbers, and if available, symbols.
I think someone on here mentioned it; know my friend did; not to have your real birth date if sites like yahoo asks for it.
A computer that is off is safe.
It'd be nice to find some way to know who may be hacking into our computers. So far, it was just my moms voicemail.
I'm guessing he's too smart to use his own PC, so an IP tracer may not work; but you never know. Every criminal at some point slips up.
am I missing something?
-
I have no time for social networking/notworking sites.
It's a self-inflicted invasion of privacy and a vain exercise in self-publicity/self-aggrandizement.
I think the way that twitter divulged information about its users fairly recently who were making various (and probably very true) allegations about footballers as well as a certain local authority right here in the North of England was disgraceful and I will never use their service as a result.
Facebook's owners laugh at and regard as fools people who put personal details on their website.
-
am I missing something?
You pretty well summarized the main points to it.
-
Even so, the router needs to know which computer to forward the hacker's connection to, which it can't without a forwarded port. My understanding is that HTTP, etc. gets through because the connection is triggered from the inside. Is this not correct?
Yes that's correct but in order for that to work the requesting computer (yours) must reveal it's IP to the server (website) so that the server can send the requested data. That data is tagged with where it's headed and the router knows it's in response to a request. What the router never truly knows, it how much of the data is what the requesting computer asked for the server/sender/website could include additional data/files/code and the router would think it was asked and thus let it through. That's how "drive-by" hacking/malware/etc happens while users browse the Internet.
This is just one of the reasons (there are quite a few more) why good Anti-virus + Internet protection software is a MUST in addition to a good firewall. There is no such thing as a truly secure method, and no such thing as a "immune" OS (despite what some may say). There is only degrees vulnerability.
-
Even so, the router needs to know which computer to forward the hacker's connection to, which it can't without a forwarded port. My understanding is that HTTP, etc. gets through because the connection is triggered from the inside. Is this not correct?
Yes that's correct but in order for that to work the requesting computer (yours) must reveal it's IP to the server (website) so that the server can send the requested data. That data is tagged with where it's headed and the router knows it's in response to a request. What the router never truly knows, it how much of the data is what the requesting computer asked for the server/sender/website could include additional data/files/code and the router would think it was asked and thus let it through. That's how "drive-by" hacking/malware/etc happens while users browse the Internet.
This is just one of the reasons (there are quite a few more) why good Anti-virus + Internet protection software is a MUST in addition to a good firewall. There is no such thing as a truly secure method, and no such thing as a "immune" OS (despite what some may say). There is only degrees vulnerability.
"drive-by" hacking is not really hacking at all, it's malware infection. The most true definition of "hacking" requires no action by the target, everything is done to gain access remotely. Which can't be done for a computer behind a router because the computer doesn't exist on the internet, only the router. When a PC requests web data (or any other TCP connection), the router puts its own IP in the source header, and forwards the return data to the proper PC, using the specific dynamic port used by that connection to determine which PC to forward it to. You can't make another connection on that port (IE a hacking attempt) because the socket is already taken. Your only option is to trick the PC into downloading something else, which isn't hacking anymore, it's a virus.
Of course, if you have ports open (like, for example, a server does), all bets are off. Which is why servers can be hacked, they must be exposed to the internet to some extent in order to do servery stuff. Which is where a hardware firewall comes into play, going beyond the capabilities of a simple router to filter packets based on certain criteria. (For example, if it's not a valid HTTP request packet on port 80, burn it with fire).
I'm still learning about the intricacies of IP, so correct me if I'm wrong anywhere.
EDIT: I suppose theoretically you could spoof the source IP to trick the router into thinking it was part of the existing connection, but you'd then run into issues with how TCP sorts incoming packets and you'd end up dropping either the spoofed packets or the real packets because they were "duplicates". And as far as I know, web browsing rapidly opens and closes many different TCP sockets (one for every file? Or every page?) so the window is very small. Your best bet is still to downloading something "legitimately" in the sense that it is actually in the page and not just randomly inserted packets. There's still the problem that the receiving computer won't do anything with these spoofed packets because it's not what the browser was expecting (Unless you had a file larger than the MTU, then maybe you could insert it into the middle of the file, IE: Packet 1: File header + first 1/3, Packet 2: Spoofed packet containing malicious code, Packet 3: End of File). Either way, malicious content embedded in the web pages is a far greater threat than any kind of packet spoofing one might encounter. It's too much effort for too little reward. Plus, how is this hacker getting the session data in the first place? If he's sitting between the server and the client, he might as well just spoof the entire server connection. (Is he sitting in the ISP's hub or something?)
-
Well, the media calls DDOSing a goddam website hacking, which is just an insult to proper hackers with actual skill and knowledge.
It just depends how unnaturally far you want to stretch the definition.
-
I'm not going to quibble over the specific definition(s) of "hacking" and "malware" especially since both are used by the same nefarious people to obtain the same nefarious end results. ::)
The point was (and still is) what steps can a person take to protect or better protect their computers and their personal data, not the methodologies of IP and HTML spoofing.
Let's get back on topic.
Oh and by the way, IHateHackers, you said open ports is why servers can be hacked (which is correct) ... But you would have been more correct to state that's why (and how) any computer can be hacked. Servers are typically a target more often (largest possible payoff for the hacker) and can be targeted at any time because they are usually on 24/7 and usually found at the same Internet address. However nearly ALL personal computers are much more vulnerable to hacking (the personal 'workstation' OS has far fewer security measures in place than most 'server' OS designs) and rarely have as many additional security steps applied to them. ALL are susceptible to the same vulnerabilities if the operator doesn't avail himself/herself to the recommended security steps.
That is all.
-
Well, of course, I didn't specifically say only servers can be hacked through open ports, that was really just an example. A clueless home user more than likely doesn't have any open ports, not knowing how to do so in the first place. But my point was that all servers can be hacked, because they are all open to the internet to some extent. Far fewer home PCs are going to be, but if they do have open ports then they, too, can be hacked in the traditional sense.
-
They went to some counselor last Thursday; and in a nutshell, they're divorcing.
She is planning on buying a Mac, and hopefully not have him getting into her stuff. He's quite the expert in Windows, and I can imagine he would soon learn any type of computer soon enough.
-
She should really get the authorities involved, seriously.
-
Yeah, if there is evidence that he was hacking or doing anything along those lines, the police would have no diplomacy with him.
-
Yeah, if there is evidence that he was hacking or doing anything along those lines, the police would have no diplomacy with him.
Doesn't matter if she has evidence or not, report it. They can investigate and most likely find some evidence.