[URGENT] Possible to retreive user info from tapping onto wireless network?

Hi,

I'm experiencing a hacker situation whereby i suspect that he's tapping onto my wifi network, and from there get to know all my passwords. But i need to know if it's possible.

Because I've set up another account at work, which belongs to a totally different network/username/password. I will only log into that account using my work place network. And until now he has yet done anything to that account.

However, he've recently hacked into my fb/msn/tumblr all the accounts you can name, he has hacked into it. And done destructive work such as deleting friends, changing passwords, sending nonsensical emails.

Every account was touched except for the one i setup at work.

So i just want to ask if it is possible that he hacked into my WPA-PSK network at home, monitor my activities, collect data and use my accounts?

 

If you used a simple password, it's possible but still much less likely than someone hacking into your computer over the internet...

Here's what I would do against a wlan hack:
Disconnect all devices
Press the reset button on your router.
Boot up from a trusted live CD, trusted means don't download and burn it on your possible infected systems.
Go into the router and set it up with strong passphrases.

Against the more probable internet vector:
restore from trusted backups
reset and change router passphrases
change all online credentials

 

Yes it's very possible, WEP and WPA already have published hacks. WPA2 is only a matter of time. I suggest using WPA2 and a 10+ long password.

 

The most serious WPA-TKIP weakness needs QoS enabled, is this even a default setting? Also it only allows one to read data sent to the client, you can't intercept login credentials that way, certainly not if it's sent over TSL.

WPA2 being only a matter of time sounds like spreading FUD to me. AES is secure for the foreseeable future, given WPA2 has been designed more than 6 years ago any obvious implementation weaknesses would have surfaced already. So why now?

 

You should check this out, talks about WPA attacks.
Packet Injection, WPA Attacks, Virtualization - Rev3, Hak5

They also have episodes on ARP Spoofing, NetCat, WEP, WPA2
Don't forget to check out the Aircrack website as well.

 

So it is possible to hack my computer using my internet? Okay, I think not hack my computer. But probably able to retrieve data from my browser and everything?

My wireless is WPA-PSK, AES? with a 10 digi password. Would that be secured enough?

 

I'd go with the recommended 13+ random(!) password or choose a 20+ pass-phrase if you want something more memorable but less random.

How does your host security look like? Everything up to date (OS, browser, plugins and other software), good Antivirus or other security layers?

 

I'm only using AVG, nothing much also. However the OS is quite old (4years old laptop).

 

From what you have told us so far I suspect a malware infection.
I'd start reading here:
https://www.wilderssecurity.com/showthread.php?t=252253

 

Also, i've actually re-formatted my laptop a few times and the situation continues. And i've noticed unfirmiliar IP address logins from my gmail account.

Dont think it's a malware infection?

 

You reformatted and then changed ALL passwords and he got in again?
Is it possible you installed from an infected backup/installer?

Just a thought, if you signed up for all those services with your gmail email a cracker only needs to break into gmail (did you use strong passwords?) and can then reset most other account passwords, he wouldn't have to even touch your laptop or network.
Also, do you use different passwords for each online account?

 

Yes. I didnt do any backup. Only have the recovery in Drive D.

Also, my passwords consist of Caps, Numbers and symbols. And there's couple of time I changed my password, but the next day when i tried to log in, it got changed back to my old password. which is kinda creepy?

And I do use different passwords for different account.

 

You restored from a recovery partition, stored on the same disk as the OS?
I haven't yet heard of malware infecting those but I sure wouldn't be surprised...

 

First I would scan the heck out of that system with an AV then AM, and finally check with an ARK.

Try Ettercap, start sniffing then view connections and just watch, writing down all addresses that are not the gateway or the computer.
If gateway is 192.168.1.1 and your computer is 192.168.1.3 and you see a connection at 192.168.1.253, then a MITM could occur.

Try running an nmap scan to see what is connected and has open ports.
"nmap -F -d -T5 -sSV 192.168.1-254.1-254" should take about 15-20 minutes.

Check the router logs for activity and IP addresses, maybe from a Linux Live CD.

Is the network at home yours or did you find an open network to connect to?
Maybe it reconnects after a disconnection to the strongest signal instead of your router.
Maybe for some reason your router disappeared from the list and you might not notice that you were connected to another network.

 

My area's network are all protected network, so it's very little chance of my laptop connecting a open network.

And what you mentioned sounded confusing, but will tryyyy them through AV, AM. Trackin cookie is harmless right? I always have trackin cookie popping out from AV scans. And always have to get rid of them.

 

Then maybe check that building. Now what building was that?

 

I hope Silverstein doesn't "Pull it!" on my laptop.

Ettercap is easy peasy. Nothing too difficult.
Your not trying to poison, just using it for recon.
It's much simpler than Wireshark, another tool I didn't mention.

nmap will scan for open ports so you can see what is open on other systems inside your network.
Your mainly looking for Open, not worried about closed or reset ports.
Or maybe try Capsa Free instead of nmap, the vendor has a section here at Wilder's.