Someone hacked into all of our accounts right under our noses, and here is how

[iamdarkyoshi]

So we have had over $3000 spent on various crap ranging from itunes gift cards, computers, cell phones, and clothes.

 

How did this happen? Well, it all started with our Plex server which has RDP enabled, and is accessible from outside the network, it is port forwarded. My dad uses this machine as his PC, and had multiple accounts saved in chrome and IE. The best part? The PC's login password was 'p' and the password hint states this.

 

Now: someone's found the external IP that leads to this PC's RDP, and remoted into it. They changed the password, which is what confused us. This PC has had viruses and stuff on it in the past, so we just assumed that a virus was fucking with us, should have wiped it clean long ago but wanted to keep the purchased software. We just cracked it with ubuntu and left it alone, so we could continue watching movies from it.

 

BAD PLAN.

 

At this point, the hacker was on to something. So last night, he logged in again, changed the PC's password again, and made over 3 grand in purchases on lots of different sites.

 

To fix this, the mediaserver is no longer connected to the internet, the router has had a new firmware flashed that has logging support, and we are working with everyone that purchases have been made to get our money back. But the issue here is that the purchases have been made from the same PC as legitimate purchases, so ebay does not want to consider them fraudulent charges!

 

 

Now here is the "lucky" part. Stuff ordered here is obviously going to be shipped somewhere, and this "somewhere" is probably going to have the police waiting. Also, here is my favorite part: The hacker didn't delete ANY of the history here, it is ALL saved on the PC and is visible. What a dumbass. Actually we are probably the dumbass here.

 

So we are going to get the police involved here, but let this be a lesson to you:

 

Don't store autosaved passwords on a machine with a crude password, and ESPECIALLY not a machine with a crude password with port forwarding and DNS services!

[themctipers]

Fuck......

*goes to 192.168.0.1*

*disables all my port forwarding ports*

safe.

[8uhbbhu8]

2 minutes ago, iamdarkyoshi said:

So we have had over $3000 spent on various crap ranging from itunes gift cards, computers, cell phones, and clothes.

 

How did this happen? Well, it all started with our Plex server which has RDP enabled, and is accessible from outside the network, it is port forwarded. My dad uses this machine as his PC, and had multiple accounts saved in chrome and IE. The best part? The PC's login password was 'p' and the password hint states this.

 

Now: someone's found the external IP that leads to this PC's RDP, and remoted into it. They changed the password, which is what confused us. This PC has had viruses and stuff on it in the past, so we just assumed that a virus was fucking with us, should have wiped it clean long ago but wanted to keep the purchased software. We just cracked it with ubuntu and left it alone, so we could continue watching movies from it.

 

BAD PLAN.

 

At this point, the hacker was on to something. So last night, he logged in again, changed the PC's password again, and made over 3 grand in purchases on lots of different sites.

 

To fix this, the mediaserver is no longer connected to the internet, the router has had a new firmware flashed that has logging support, and we are working with everyone that purchases have been made to get our money back. But the issue here is that the purchases have been made from the same PC as legitimate purchases, so ebay does not want to consider them fraudulent charges!

 

 

Now here is the "lucky" part. Stuff ordered here is obviously going to be shipped somewhere, and this "somewhere" is probably going to have the police waiting. Also, here is my favorite part: The hacker didn't delete ANY of the history here, it is ALL saved on the PC and is visible. What a dumbass. Actually we are probably the dumbass here.

 

So we are going to get the police involved here, but let this be a lesson to you:

 

Don't store autosaved passwords on a machine with a crude password, and ESPECIALLY not a machine with a crude password with port forwarding and DNS services!

Really sucks that this happened to you. This is why I never have weak passwords and save any information that could be used to make purchases on my pc.  Good luck getting everything back and I hope the bitch that did this gets caught.

[tt2468]

2 minutes ago, iamdarkyoshi said:

So we have had over $3000 spent on various crap ranging from itunes gift cards, computers, cell phones, and clothes.

 

How did this happen? Well, it all started with our Plex server which has RDP enabled, and is accessible from outside the network, it is port forwarded. My dad uses this machine as his PC, and had multiple accounts saved in chrome and IE. The best part? The PC's login password was 'p' and the password hint states this.

 

Now: someone's found the external IP that leads to this PC's RDP, and remoted into it. They changed the password, which is what confused us. This PC has had viruses and stuff on it in the past, so we just assumed that a virus was fucking with us, should have wiped it clean long ago but wanted to keep the purchased software. We just cracked it with ubuntu and left it alone, so we could continue watching movies from it.

 

BAD PLAN.

 

At this point, the hacker was on to something. So last night, he logged in again, changed the PC's password again, and made over 3 grand in purchases on lots of different sites.

 

To fix this, the mediaserver is no longer connected to the internet, the router has had a new firmware flashed that has logging support, and we are working with everyone that purchases have been made to get our money back. But the issue here is that the purchases have been made from the same PC as legitimate purchases, so ebay does not want to consider them fraudulent charges!

 

 

Now here is the "lucky" part. Stuff ordered here is obviously going to be shipped somewhere, and this "somewhere" is probably going to have the police waiting. Also, here is my favorite part: The hacker didn't delete ANY of the history here, it is ALL saved on the PC and is visible. What a dumbass. Actually we are probably the dumbass here.

 

So we are going to get the police involved here, but let this be a lesson to you:

 

Don't store autosaved passwords on a machine with a crude password, and ESPECIALLY not a machine with a crude password with port forwarding and DNS services!

I dont really have this problem, as any remote access I do is done through openvpn or l2tp

[themctipers]

5 minutes ago, themctipers said:

Fuck......

*goes to 192.168.0.1*

*disables all my port forwarding ports*

safe.

https://gyazo.com/88122af24c70a0b171f7db7df7344b13

erm..

 

[Jacktastic-Mofo]

That's why all my passwords are atleast 12 characters with all sorts of symbols and I have no saved purchasing information on any of my systems. Just make sure to not make the same mistakes in the future

[iamdarkbowser]

Some of the insecurity may have been caused by us trying to make it so things connected to the network can access it's files which worked only HALF the time...  

[iamdarkbowser]

1 minute ago, Jacktastic-Mofo said:

That's why all my passwords are at least 12 characters with all sorts of symbols and I have no saved purchasing information on any of my systems. Just make sure to not make the same mistakes in the future

And that is what history is for!

[Mitchell 3]

9 minutes ago, themctipers said:

Fuck......

*goes to 192.168.0.1*

*disables all my port forwarding ports*

safe.

speaking of which...

[Mitchell 3]

why was that enabled by default netgear is getting  a strongly worded letter

 

[iamdarkyoshi]

1 minute ago, Mitchell 3 said:

why was that enabled by default netgear is getting  a strongly worded letter

 

Use DD-WRT

[givingtnt]

saving passwords is a baaaaddd idea

where ever you happen to be

[Mitchell 3]

Good point,lol I'm just learning wireless networking though if I ever get an ethernet port on my cellphone,or unlimited data again .I'm running a wired only setup.mom can deal with it laptops suck lol

[beavo451]

20 minutes ago, themctipers said:

Fuck......

*goes to 192.168.0.1*

*disables all my port forwarding ports*

safe.

 

7 minutes ago, Mitchell 3 said:

why was that enabled by default netgear is getting  a strongly worded letter

 

1. Port forwarding is not the issue here. It is a combination of many seriously bad ideas that happened.

 

2. You knowingly used a computer that has had virus infections? And on top of that, you entered personal information knowing that it was infected/knew had been infected before? Anything short of a complete wipe will not guarantee removal of a virus.

 

3. You noticed strange behavior and ignored it because you assumed it was a virus? So you also chose to ignore viruses?

 

4. You don't go to each individual retailer to dispute fraudulent purchases. You contact the credit card company and they take care of it.

 

5. Weak password on a remotely accessible device. Enough said.

[PlayStation 2]

Good thing I give absolutely no shits about my Steam account, or the only account I have of any monetary value.

[handymanshandle]

Well that sucks, I guess if I ever made a file server and set up my network and server to SSH into that server, I might want to look at ways of hardening that link from the outside world to that server. My Wifi network is pretty basicsauce and might want to look into hardening that connection too even though I use a pretty long password string for the wifi router.

 

I mean I use pretty good passwords and don't download things at random but still good idea to try to reinforce your network(s).

 

[thekeemo]

So I called it?

[iamdarkyoshi]

Its worse than we thought, sensitive info has been obtained from forwarded emails. We will be busy for a while.

[iamdarkyoshi]

Someone is pretty stupid, they signed into our google account WITHOUT A VPN. WE HAVE HIS IP ADDRESS.

[KuJoe]

5 hours ago, iamdarkyoshi said:

Someone is pretty stupid, they signed into our google account WITHOUT A VPN. WE HAVE HIS IP ADDRESS.

Hopefully they are in the US so his parents can give them a stern talking to, otherwise it sucks that nothing will really happen to him.

[Noah0h]

Man that must have been devastating but I guess rewarding. Well one thing that anyone can take from this is KEEP CLOSE EYES ON THINKS THAT CONTAINS MONEY, CONTAINS VIDAL DATA or PASSWORDs.

[8uhbbhu8]

8 hours ago, iamdarkyoshi said:

Someone is pretty stupid, they signed into our google account WITHOUT A VPN. WE HAVE HIS IP ADDRESS.

Love how stupid people are. It seems to me that they never thought someone would notice stuff going on.  I wonder how many others they have done this to with out them noticing? 

 

IDEA!

You should use this to make a guide on how to protect you network! Make sure it's idiot and stupid person proof though......

[iamdarkyoshi]

19 minutes ago, 8uhbbhu8 said:

Love how stupid people are. It seems to me that they never thought someone would notice stuff going on.  I wonder how many others they have done this to with out them noticing? 

 

IDEA!

You should use this to make a guide on how to protect you network! Make sure it's idiot and stupid person proof though......

I might just do that! And yes, it is a USA IP

[thething55]

In this case the problem wasn't really with your router, or your firewall but with your computer. port forwarding is totally safe providing that your protect any device you port forward to or you could just a non standard destination port and convert it to the correct port when you hit your router/NAT.

There are plenty of ways to protect yourself while keeping your system available and accessible.

[Scheer]

10 hours ago, iamdarkyoshi said:

Someone is pretty stupid, they signed into our google account WITHOUT A VPN. WE HAVE HIS IP ADDRESS.

Is there a way to tell that someone wasn't using a VPN that I don't know about? Because he could have just VPN'd into another "hacked" system and did everything from there. I'm pretty sure there is no way of knowing.

 

Also, even if you have his IP, it likely won't do you any good unless he has a static IP and you can find some information online pointing that back to him. You need a lot of pull and proof to get an ISP to give up the exact customer whom had that specific dynamic IP on that date. Its unlikely that would happen for relatively measly $3,000 in stolen goods. Just call the credit card company, claim fraud, protect your computers better, and be on your merry way. May as well power cycle your router and pick up a new IP as well or call and ask for one.