[URGENT] Possible to retreive user info from tapping onto wireless network?

Discussion in 'privacy problems' started by chuan, Jan 24, 2011.

Thread Status:
Not open for further replies.
  1. chuan

    chuan Registered Member

    Joined:
    Jan 24, 2011
    Posts:
    6
    Hi,

    I'm experiencing a hacker situation whereby i suspect that he's tapping onto my wifi network, and from there get to know all my passwords. But i need to know if it's possible.

    Because I've set up another account at work, which belongs to a totally different network/username/password. I will only log into that account using my work place network. And until now he has yet done anything to that account.

    However, he've recently hacked into my fb/msn/tumblr all the accounts you can name, he has hacked into it. And done destructive work such as deleting friends, changing passwords, sending nonsensical emails.

    Every account was touched except for the one i setup at work.

    So i just want to ask if it is possible that he hacked into my WPA-PSK network at home, monitor my activities, collect data and use my accounts?
     
  2. katio

    katio Guest

    If you used a simple password, it's possible but still much less likely than someone hacking into your computer over the internet...

    Here's what I would do against a wlan hack:
    Disconnect all devices
    Press the reset button on your router.
    Boot up from a trusted live CD, trusted means don't download and burn it on your possible infected systems.
    Go into the router and set it up with strong passphrases.

    Against the more probable internet vector:
    restore from trusted backups
    reset and change router passphrases
    change all online credentials
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Yes it's very possible, WEP and WPA already have published hacks. WPA2 is only a matter of time. I suggest using WPA2 and a 10+ long password.
     
  4. katio

    katio Guest

    The most serious WPA-TKIP weakness needs QoS enabled, is this even a default setting? Also it only allows one to read data sent to the client, you can't intercept login credentials that way, certainly not if it's sent over TSL.

    WPA2 being only a matter of time sounds like spreading FUD to me. AES is secure for the foreseeable future, given WPA2 has been designed more than 6 years ago any obvious implementation weaknesses would have surfaced already. So why now?
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
  6. chuan

    chuan Registered Member

    Joined:
    Jan 24, 2011
    Posts:
    6
    So it is possible to hack my computer using my internet? Okay, I think not hack my computer. But probably able to retrieve data from my browser and everything?

    My wireless is WPA-PSK, AES? with a 10 digi password. Would that be secured enough?
     
  7. katio

    katio Guest

    I'd go with the recommended 13+ random(!) password or choose a 20+ pass-phrase if you want something more memorable but less random.

    How does your host security look like? Everything up to date (OS, browser, plugins and other software), good Antivirus or other security layers?
     
  8. chuan

    chuan Registered Member

    Joined:
    Jan 24, 2011
    Posts:
    6
    I'm only using AVG, nothing much also. However the OS is quite old (4years old laptop).
     
  9. katio

    katio Guest

  10. chuan

    chuan Registered Member

    Joined:
    Jan 24, 2011
    Posts:
    6
    Also, i've actually re-formatted my laptop a few times and the situation continues. And i've noticed unfirmiliar IP address logins from my gmail account.

    Dont think it's a malware infection?
     
  11. katio

    katio Guest

    You reformatted and then changed ALL passwords and he got in again?
    Is it possible you installed from an infected backup/installer?

    Just a thought, if you signed up for all those services with your gmail email a cracker only needs to break into gmail (did you use strong passwords?) and can then reset most other account passwords, he wouldn't have to even touch your laptop or network.
    Also, do you use different passwords for each online account?
     
  12. chuan

    chuan Registered Member

    Joined:
    Jan 24, 2011
    Posts:
    6
    Yes. I didnt do any backup. Only have the recovery in Drive D.

    Also, my passwords consist of Caps, Numbers and symbols. And there's couple of time I changed my password, but the next day when i tried to log in, it got changed back to my old password. which is kinda creepy?

    And I do use different passwords for different account.
     
  13. katio

    katio Guest

    You restored from a recovery partition, stored on the same disk as the OS?
    I haven't yet heard of malware infecting those but I sure wouldn't be surprised...
     
  14. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    First I would scan the heck out of that system with an AV then AM, and finally check with an ARK.

    Try Ettercap, start sniffing then view connections and just watch, writing down all addresses that are not the gateway or the computer.
    If gateway is 192.168.1.1 and your computer is 192.168.1.3 and you see a connection at 192.168.1.253, then a MITM could occur.

    Try running an nmap scan to see what is connected and has open ports.
    "nmap -F -d -T5 -sSV 192.168.1-254.1-254" should take about 15-20 minutes.

    Check the router logs for activity and IP addresses, maybe from a Linux Live CD.

    Is the network at home yours or did you find an open network to connect to?
    Maybe it reconnects after a disconnection to the strongest signal instead of your router.
    Maybe for some reason your router disappeared from the list and you might not notice that you were connected to another network.
     
    Last edited: Jan 28, 2011
  15. chuan

    chuan Registered Member

    Joined:
    Jan 24, 2011
    Posts:
    6
    My area's network are all protected network, so it's very little chance of my laptop connecting a open network.

    And what you mentioned sounded confusing, but will tryyyy them through AV, AM. Trackin cookie is harmless right? I always have trackin cookie popping out from AV scans. And always have to get rid of them.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Then maybe check that building. Now what building was that?

    wtc-7-small.gif
     
  17. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I hope Silverstein doesn't "Pull it!" on my laptop. :blink:

    Ettercap is easy peasy. Nothing too difficult.
    Your not trying to poison, just using it for recon.
    It's much simpler than Wireshark, another tool I didn't mention.

    nmap will scan for open ports so you can see what is open on other systems inside your network.
    Your mainly looking for Open, not worried about closed or reset ports.
    Or maybe try Capsa Free instead of nmap, the vendor has a section here at Wilder's.
     
Loading...
Thread Status:
Not open for further replies.