Tracing a hacker

[Falconevo]

This so called 'hacker' it is very doubtful he has 'hacked' a router unless it was open to the public on the default login credentials or with an extremely poor password.  You can check if your router is enable for login on its WAN port in the admin web portal.  If its enabled, disabled it asap.

 

It is more likely that the 'hacker' gained access to the network through a machine that has been infected, giving them command and control from inside the network to infect other machines.  If they did gain access to the network via malware, if you left the default user credentials on the router it would be easy to add port forwards etc and get more access across any other networks that exist (doubtful for a cheapo router).

 

In relation to tracing them, it won't bare any fruit as the authorities won't pursue low level digital crimes.  Even with the best logging in the world, you are unlikely to catch the perpetrator.

 

[leadeater]

15 hours ago, corrado33 said:

So again, I'm really confused as to how the hacker would get past the router, access a computer, and not have it logged at all. Maybe I'm ignorant. Maybe I don't know the latest methods, but it seems like an impossibility from my end. 

It is rather rare that someone will be able to outright break through or in to your router, there are known routers with security issues that have been identified but in the general sense this isn't happening to home users. There have been some rather big news stories of routers that have been compromised recently and used for bot nets and ddos attacks so it's not as if I'm saying it doesn't happen but it is unfortunately something we have no control over, other than keeping an eye on the news and replacing anything that is flawed.

 

Also most routers never get firmware updates, particularly ISP provided ones.

 

You are correct your router will have some logs of things going on but it may not be enough to do any useful tracing if needed. Plus if someone breaks in to the actual router deleting the logs is something that they and I would do.

 

15 hours ago, corrado33 said:

"Brute force" hacking today doesn't really exist. I can't connect to any router and brute force my way into it. It doesn't work like that. Most, if not all modern routers have safeguards against this. 

Very glad you are aware of this . Basically what I was meaning with my first post in this thread. Security breaches come from user error, configuration error and temporary security holes during configuration changes.

 

Clearly you are educated enough and know what is actually going on and aren't getting suckered in to all this media hype about "hacking".