PDA

View Full Version : How can I defeat the hackers?



savafan
08-04-2006, 04:33 AM
Clearly, someone has access to my PC. My ebay account was hacked for the second time in less than a month, and this time they took over my e-mail account as well. I was able to retrieve my e-mail account, change my password and my security question, but they have somehow managed to hack it again and change my password and security question so that I don't know the answers. This person is pretending to be me, only claiming they are a doctor. They have access to all of my bank and credit card statements via that e-mail account, as well as to all of my family and friends, and I can't get into it to put a stop to it.

It is a hotmail account, but I can't figure out a way to contact hotmail without first needing to login with my e-mail address and password. Any ideas?

I've ran spybot and antivirus everyday, but they still have to be getting my information somehow....I don't get it.

Coffeybro
08-04-2006, 04:40 AM
I suggest doing the following. First off take the machine offline. Next copy all information you need to keep to cd's. Then reformat the hard drive and reinstall windows. I would also contact Microsoft (hotmail) to let them know that someone is using the account without your permission and to reset the password to something only you would know.

savafan
08-04-2006, 05:09 AM
I suggest doing the following. First off take the machine offline. Next copy all information you need to keep to cd's. Then reformat the hard drive and reinstall windows. I would also contact Microsoft (hotmail) to let them know that someone is using the account without your permission and to reset the password to something only you would know.

I don't have the disks to reinstall windows. I can't figure out a way to contact Microsoft without my e-mail address.

TeamCasey
08-04-2006, 06:47 AM
Set up another email account in yahoo or gmail and email them from there.

For the future, because these accounts are internet based, I wouldn't store sensitive information in them.

Actually, I think you could go ahead and log into hotmail and email from there. The hacker already has the account.

savafan
08-04-2006, 08:28 AM
I did this TC and here is what he sent to me:

Hi Friend,

I need your help and i would return your pass back to you.

All i need from you is just 400.00 or your credit card info and i would
return your account back to you.

I am online on jocenten1@yahoo.com send me a IM and we could talk

SandyD
08-04-2006, 08:51 AM
I think TC meant to microsoft/hotmail from there. Also contact your ISP.

If he has a yahoo addy, report him to yahoo. Notify your bank/credit card companies if you feel he has access. Set up a new account to use, and do not e-mail him from that one.

ChaseReds
08-04-2006, 09:36 AM
Savafan- what protection are you using?

ZoneAlarm or anything like that? Additionally are you using any P2P programs (Kazaa, LimeWire).

Which programs do you actively use on your computer? Let me know because I used to hack my way around....:)

ChaseReds
08-04-2006, 09:45 AM
Spybot will not help you. You need Preventative software. As soon as a hacker is (most often) they will mess with your Registry (DOS: RegEdit) and install a tracker.

Registry is your computers brains. It stores all of the functions that your computer does. Having access to this is every hackers dreams.

You can get a new email and such BUT before you do that we need to work on how you will prevent this from happing again. New emails and such will do nothing if the hacker is a bit experienced. He now has your IP and personal identity tokens that will allow him in your comp pretty much anytime he/she wants.

StillFunkyB
08-04-2006, 10:13 AM
Sava,

Sounds pretty nasty. Your going to have to give a phone call to ebay. I would also call your bank, CC, and all that and let them know what has happened. Most likely your going to have to get new account numbers, and credit cards. I don't know where you live, but if there is an internet crimes division, call the police. You need to report this.

You might have a trojan horse that your anti virus is not detecting. I am sure there is a way to remove it and clean up your hard drive, but the easiest thing to do would be a clean install, as Coffeybro said.

I'll send you a PM.

ochre
08-04-2006, 10:34 AM
If you've been rootkitted, the only solution is a complete wipe and reinstall. you can not longer trust any file on your computer, especially any binary/executable file. Polymorphic root kits are teh suck.

Unassisted
08-04-2006, 10:37 AM
Sava, you're being blackmailed, which is a crime. Time to involve law enforcement.

IslandRed
08-04-2006, 10:40 AM
First, I hope you're reading this from a different computer, because you shouldn't go online with the other one until you resolve its problem.

StillFunkyB is right -- this is a crime situation. Notify the police. Notify eBay. Notify your bank and anyone else where you have online account access. Explain your computer has been hacked and possibly your identity stolen. Tell your friends (via phone if possible) that you won't be e-mailing them from that account anymore.

For the future, it's a good idea to:

* Use an e-mail address for online banking/account management that isn't used for anything else.

* Absolutely make sure you have a two-way firewall like ZoneAlarm. It's not enough to stop inbound hacks, you also need to stop programs from "phoning home" if they should happen to get onto your computer.

StillFunkyB
08-04-2006, 10:42 AM
rootkits are teh suck.

thanks sony.

Joseph
08-04-2006, 10:43 AM
Sava, you're being blackmailed, which is a crime. Time to involve law enforcement.

I kind of agree here. I don't know if you need to 'agree' to pay him the money to get some real info on him you can turn over to authorities or go right to authorities and see what they say, but this is blackmail/extortion whatever you want to call it and its illegal. Big house illegal even.

MrCinatit
08-04-2006, 10:54 AM
This might not even be a virus.
Have you ever logged onto eBay in any other ways than through your bookmarks, or by typing in eBay?
Beware of email links to eBay. Many of these are none other than phishing schemes. The same goes for links from other websites to eBbay - especially those needing you to sign in again.
In fact, this lies true with anysite: Paypal, your bank - whatever site requires log on or personal information. The only time I log onto these sites is from one of my bookmarks, or physically typing in the name of that web address.

However, it could be a virus. My suggestion is this: too much protection is a good thing. I have a firewall (ZoneAlarm), an antivirus (eTrust) and two adware detectors (Spyware Doctor and Ad-Ware) running on my system. Sure, there is a slight lag at times - but the protection is worth it. In addition, I have paid for all of these, but IMHO, the protection you pay for is worth more than that which is free - and the money lost in this payments is far less than the potential money lost from a hacker.

BTW, once you get things settled down, it might not be a bad idea to save that Yahoo email addy he gave you - and perhaps send it over to Yahoo. It does not sounds like the fool has your CC information. Get a new card, too - just in case.
I hope you get this straightened out - I was in the same boat several years ago, but not as ugly as you have it.

TeamBoone
08-04-2006, 12:01 PM
Wow! What a mess.

I agree, it's illegal. Notify everyone, including your ISP, law enforcement, and Crime Stoppers (keep a copy of the email you received)... even if CS can't do anything, they can get the story out to the public with suggestions regarding what to do if it happens to others.

Change all your account numbers but do NOT put them back on the internet until this is resolved. If the hacker is that good, he/she will just get into your new accounts too, complicating the problem even more.

And yes, you should get your entire hard drive wiped clean and reinstall windows. The Micro Center provides both these services (and more) and is priced reasonably... all they need is your CPU. Take advantage of their knowledge too. I'm 99.9% certain they can offer beneficial advice on how to deal with this problem and how to avoid it in the future. If you don't already know, they're located in Sharonville (Mosteller Road Exit off I-275; it's right across the street from the exit ramp in the back of the building). You can see their sign from the highway. (513) 782-8500

GAC
08-04-2006, 12:08 PM
Definitely a time for law enforcement. No If, Ans, or Butts. Do it!

dabvu2498
08-04-2006, 12:12 PM
Sava, you're being blackmailed, which is a crime. Time to involve law enforcement.
I agree. 100%

HotCorner
08-04-2006, 12:18 PM
Sava, you're being blackmailed, which is a crime. Time to involve law enforcement.

I agree 100%. You might want to keep the computer "as is" until after speaking with law enforcement. They may want to analyze your PC since it could be considered evidence.

TeamCasey
08-04-2006, 01:13 PM
I'll be damned if I didn't get my first virus after reading this thread.

Sava ....... you're cursed! :laugh:

KronoRed
08-04-2006, 03:37 PM
Good luck Sava :(

savafan
08-04-2006, 07:47 PM
I have contacted the FBI. They said they will look into it, but that they have limited resources...

What? They're the FBI....!

Reds4Life
08-04-2006, 08:34 PM
I have contacted the FBI. They said they will look into it, but that they have limited resources...

What? They're the FBI....!

If he is using your info to create accounts and buy things, that is identity theft, which is investigated by the US Secret Service. Report it to them, they take it more seriously than the FBI and will investigate it. Also, forward the email he sent you to your email provider right away.

savafan
08-04-2006, 09:04 PM
I can't figure out a way to simply contact hotmail without using my account there.

savafan
08-04-2006, 09:05 PM
I did trace his IP address to Redmond, Washington.

I also have saved a transcript of a yahoo IM chat he had with me...this guy's ballsy.

Reds4Life
08-04-2006, 10:22 PM
I did trace his IP address to Redmond, Washington.

I also have saved a transcript of a yahoo IM chat he had with me...this guy's ballsy.

If you know his ISP provider, report it to them, they will shut him off.

savafan
08-04-2006, 10:23 PM
If you know his ISP provider, report it to them, they will shut him off.

I don't know how to get that information...

Reds4Life
08-04-2006, 10:37 PM
PM me his IP address.

LoganBuck
08-04-2006, 10:47 PM
If this guy is from the states he needs to be sent to the klink and roomed with a guy named Bubba. You need to contact your Credit Card company and your bank with all this information the take this kind of thing very seriously and will lean on law enforcement to get things done.

TeamBoone
08-04-2006, 11:51 PM
Sava, I think I found a way for you to contact them via a different email account. It asks for your Primary e-mail address/member ID associated with the account you are inquiring about AND asks for the email address that you want them to respond to:

Go directly here and scroll down to # 1: MSN Hotmail Support for the form (if it doesn't let you go directly to the page below, follow the path at the end of this, numbers 1-4):

http://support.msn.com/eform.aspx?productKey=hotmail&page=support_home_options_form_byemail&ct=eformts

1 - http://signout.msn.com/?lc=1033
2 - at the bottom of the page, click on 'Feedback'
3 - at the bottom of the box, click on 'Technical Support for Hotmail'
4 - scroll down to # 1: MSN Hotmail Support for the form

MrCinatit
08-05-2006, 03:42 AM
I just hope the guy's IP address is his own, and the Yahoo account he is using is his own too. He deserves a bit of jail time.
Unfortunately, I have run into instances where some users are able to change their IPs seemingly at will. Further experiences have shown that people who do this are "up to something."

KalDanielsfan
08-05-2006, 04:04 AM
I just hope the guy's IP address is his own, and the Yahoo account he is using is his own too. He deserves a bit of jail time.
Unfortunately, I have run into instances where some users are able to change their IPs seemingly at will. Further experiences have shown that people who do this are "up to something."


you are probably right. IP addresses are worthless. He is most likely using a a proxy server or something to hide is real IP.

sorry to hear about your plight Savafan. You seem to be pretty cool about things..i would be losing my head right now

WebScorpion
08-08-2006, 02:48 PM
Sava, you need to report it to IC3 as soon as possible. http://www.ic3.gov/ Personally, I'd report it to them, the FBI, Secret Service, Immigration and Customs Enforcement, US Postal Inspection Service, Bureau of Alcohol Tobacco and Firearms, and anyone else who will listen. http://www.cybercrime.gov/reporting.htm The more people you get on the case the better. I'd take that computer offline (physically detach the network cable) and keep it as evidence. I'd buy another computer and make sure it had all the latest MS Security patches loaded and KEEP THEM UPDATED. If you can't afford a new computer, then I'd reformat the one you have but if anyone does decide to investigate the computer is one of their best pieces of evidence. It's not a virus or trojan, although they've probably loaded some of their own on your PC for their use. So you want to have anti-virus and adware protection and keep those updated as well. Good luck and God Bless.

Puffy
08-08-2006, 03:38 PM
How much do you wanna bet this is some 13 year old.

savafan
08-11-2006, 10:17 AM
The guy is apparently running my fantasy baseball teams on yahoo...anyone care to give me an update on how he's doing?

TeamBoone
08-11-2006, 01:43 PM
Sava, please give us an update about what's going on about getting this thing resolved. We're worried about you.

LoganBuck
09-14-2006, 10:31 PM
Sava can we get an update on this? Are things working out for you?

savafan
09-15-2006, 03:10 AM
Sava can we get an update on this? Are things working out for you?

I got an entirely new hard drive, so everything is good now :thumbup:

TeamBoone
09-15-2006, 02:14 PM
OK, Sava... I'm officially confused. How does replacing your hard drive solve all the problems because that just seems like an awfully easy fix for the serious dilemma you described below.




Clearly, someone has access to my PC. My ebay account was hacked for the second time in less than a month, and this time they took over my e-mail account as well. I was able to retrieve my e-mail account, change my password and my security question, but they have somehow managed to hack it again and change my password and security question so that I don't know the answers. This person is pretending to be me, only claiming they are a doctor. They have access to all of my bank and credit card statements via that e-mail account, as well as to all of my family and friends, and I can't get into it to put a stop to it.

It is a hotmail account, but I can't figure out a way to contact hotmail without first needing to login with my e-mail address and password. Any ideas?

I've ran spybot and antivirus everyday, but they still have to be getting my information somehow....I don't get it.

savafan
09-15-2006, 04:23 PM
OK, Sava... I'm officially confused. How does replacing your hard drive solve all the problems because that just seems like an awfully easy fix for the serious dilemma you described below.

Well, that was the final solution. I had previously cancelled my ebay and paypal accounts, and never logged into any of my banking or credit card sites from my computer, so I checked them from a friend's house, and they were safe. My old hard drive is sitting here marked as evidence if the Internet Crimes Police ever need it.

The hacker did instant message me and commend me on defeating him, and made me an offer to work together on some scheme. I politely ignored him.

CrackerJack
09-15-2006, 06:54 PM
Are you on a broadband connection?


I would very much recommend Avast! Anti-Virus scanner program - it's free and works like a charm - runs in your system tray whenever your PC is running and detects any intrusions or trojan horse programs etc..., and updates itself automatically (with prompt).

Make sure you at least have Windows built-in firewall turned on as well, and any wireless routers secured.

savafan
09-15-2006, 07:08 PM
Are you on a broadband connection?


I would very much recommend Avast! Anti-Virus scanner program - it's free and works like a charm - runs in your system tray whenever your PC is running and detects any intrusions or trojan horse programs etc..., and updates itself automatically (with prompt).

Make sure you at least have Windows built-in firewall turned on as well, and any wireless routers secured.

Yep...I have all of that now CJ, thanks for the recommendation though! :thumbup:

TeamBoone
09-15-2006, 07:13 PM
Wow! He's a headcase!

I'm surprised that he can't still hack into your bank accounts if the numbers are the same... but then, when it gets into the hard stuff, I know nothing!

Anyway, I'm so glad that things worked out, and I will remember this if anything similar ever happens to me.

savafan
09-15-2006, 07:16 PM
Wow! He's a headcase!

I'm surprised that he can't still hack into your bank accounts if the numbers are the same... but then, when it gets into the hard stuff, I no nothing!

Anyway, I'm so glad that things worked out, and I will remember this if anything similar ever happens to me.

He probably could have if I'd have ever logged into my bank accounts while he had control of my computer. I was smarter than that. That's why he wanted me to trade him my bank info for my e-mail account...idiot...

Unassisted
11-11-2007, 12:23 AM
This blog article made me think of this thread.


http://blog.washingtonpost.com/securityfix/2007/11/security_pro_admits_to_hijacki.html?nav=rss_blog

Security Pro Admits to Hijacking PCs for Profit

A Los Angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware that was used to steal personal data and serve victims with online advertisements.

John Kenneth Schiefer, 26, variously known online as "acid" and "acidstorm," agreed to plead guilty to at least four felony charges of fraud and wiretapping, charges punishable by $1.75 million in fines and nearly 60 years in prison.

Investigators say Schiefer and two minors -- identified in the complaint only by their online screen names "pr1me" and "dynamic" -- broke into about 250,000 PCs. On at least 137,000 of those infected systems, Schiefer and his cohorts installed programs that allowed them to control the machines remotely. The malicious "bot" programs also allowed the attackers to steal any user names and passwords that victims had saved in Internet Explorer.

Schiefer is thought to be the first in the United States to be accused of violating federal wiretapping laws by operating a "botnet" -- the term for a large grouping of hacked, remotely controlled computers -- according to Mark Krause, an assistant U.S. attorney in Los Angeles.

In an exclusive interview with Security Fix, Schiefer said he's been experimenting with computers and writing software in one form or another since 1991, when he first discovered Internet relay chat(IRC) forums, a vast sea of text-based communications networks that predates instant-messaging software. There are tens of thousands of IRC channels all over the world catering to almost every imaginable audience or interest, including quite a few frequented exclusively by hackers, virus writers and loose-knit criminal groups. IRC channels have traditionally been among the most popular means of controlling botnets.

For the past several years, Schiefer has acted as an administrator for "#bottalk" and "#rizon," two of the more active hacker chat rooms on IRC, where the discussion ranges from pop culture to methods for improving the latest bot programs and identifying which Web sites most recently got hacked.

Schiefer said he and his friends spread the bot programs mainly over AOL Instant Messenger (AIM). By using malicious "spreader" programs such as Niteaim and AIM Exploiter, Schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. Anyone who took the bait had a "Trojan horse" program downloaded to their machine, an invader that then tried to fetch the malicious bot program.

Schiefer admits he and friends used several hjacked PayPal accounts to purchase Web hosting that helped facilitate the spreading of their bot programs.

Schiefer's employer -- Los Angeles-based Internet telephony provider 3G Communications -- let him go in March 2006 after he filed a series of disability claims. His job at the time was to help secure communications networks for businesses.

Schiefer claims that he stopped all of the malicious activity in early January 2006.

"Ever since then, I've been more trying to create a positive thing and trying to prevent crap like this happening," he said. "I kind of saw the error of my ways and decided I'd had enough."

Later that month, federal agents raided his home, seizing computer equipment and other evidence.

Schiefer also said he had installed adware on machines he and his friends controlled, making a 20 cent commission each time they installed a piece of software from TopConverting, a now defunct adware company formerly owned by Simpel Internet, a marketing company based in the Netherlands.

Schiefer acknowledged that in mid-2005, he made more than $19,000 in commissions from TopConverting by installing to hijacked computers. The government claims he made the money installing adware over a period of a month in June 2005. Schiefer said he earned that sum in less than one week's time.

Schiefer admitted that he spent most of that week's earnings the following month entertaining himself and friends at DefCon, a massive hacker and security research conference held annually in Las Vegas.

Interestingly, I featured TopConverting in a February 2006 story I wrote for The Washington Post Magazine, which chronicled the exploits of "0x80," a hacker who -- like Schiefer -- made thousands of dollars a month installing adware on machines he had seeded with bot programs.

From that story: "Majy says TopConverting, which did not respond to requests for comment for this article, paid him an average of $2,400 every two weeks for installing its programs. He got 20 cents per install for computers in the United States and five cents per install for PCs in 16 other countries, including France, Germany and the United Kingdom. A nickel per install doesn't sound like much, unless you control a botnet of tens of thousands of computers."

According to an FBI informant who asked not to be named, Schiefer was a member of Defonic, a hacker group that included the individuals identified in the paragraph above as Zach "Majy" Mann, as well as "0x80". Another member of Defonic --- Cameron "cam0" LaCroix -- earned his reputation after breaking into Paris Hilton's cell phone account and later leading the group in breaching data giant LexisNexis, a stunt in which cam0 and several others pulled sensitive records on more than 310,000 people, including a number of Hollywood celebrities.

Most former members of the Defonic crew are now either in jail or have only recently been released from prison.

Schiefer said he regrets his actions, and hopes that the cooperation he has shown with law enforcement in the case so far will lighten his sentence.

"I don't think anyone should feel sorry for me," Schiefer said. "What I was doing was wrong [and] stupid, and I got caught."

Redlegs23
11-12-2007, 02:48 PM
I have a security related question. I recently got wireless internet in my house and the guy that set it up did not make it a secured connection. Does anybody know how do I go about securing my connection?

KronoRed
11-12-2007, 03:52 PM
I have a security related question. I recently got wireless internet in my house and the guy that set it up did not make it a secured connection. Does anybody know how do I go about securing my connection?

Check your router manual, should all be there, pretty easy to do.

If you don't have the manual, a google search with your routers model number should bring you all the info you need.

Redlegs23
11-12-2007, 04:50 PM
Check your router manual, should all be there, pretty easy to do.

If you don't have the manual, a google search with your routers model number should bring you all the info you need.

I'll check it out tonight. Thanks!