Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WPA2 wi-fi hacked by neighbour....I think.


  • Please log in to reply
22 replies to this topic

#1 robby501

robby501

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 11 November 2014 - 07:35 AM

Firstly, I'd just like to introduce myself to the Community here. This is my first post. Hi. Nice to meet you all.

 

I'd like to share an experience that I (think) I have just been through regarding wi-fi security. An experience that has kind of left me feeling rather 'invaded' in my own home. But the worst thing about it is, is the actual uncertainty I am currently feeling as to whether it actually HAPPENED - or not! I just need to know, has my wi-fi been hacked? - or not? That's why I joined here today, I was just hoping some of you more knowledgeable guys and girls out there could confirm for me one way or another. So here's the story....

 

Re-wind back to end of May this year. Bank Holiday Monday at about midday..........I was sitting in my front room happily minding my own business watching the tele with a bacon sarnie in one hand and a mug of hot tea in my other when I noticed two pretty flash-looking cars pull up outside. Nothing too unusual there, but then one guy got out holding an I-pad or similar device and APPEARED to be using it to film the other guy......... who appeared to be filming his own slow journey down my street from inside his own convertible car. 

 

Now, here's where it gets interesting...... from my perspective at least......(The first thing to mention is that I live at the end of a cul-de-sac in a fairly affluent area of a London suburb). The guy that was out of his car holding his I-pad (or similar machine) MADE A POINT of standing in every driveway in the cul-de-sac where I live, or directly in front of EACH property for a couple of minutes at a time, whilst he was using his device. The other guy in his convertible car was coming down the close at a crawl, also using his tablet/pad whilst driving.

 

Naturally, these going's on got a few neighbour's curtains twitching, but I was the only one who actually went out to confront these two guys as I was pretty peeved to see this guy standing on my driveway, as he had been doing on other driveways too! The outcome of this?.......I got told to **** off back into my house (well not my house - my mother's! lol) as they were doing a 'filmshoot' of each other and that it was no good taking down their car's licence plates because they were stolen! So - at that.... I just cowled (pretty cowardly, tbh) back indoors and watched them from the front window, where they continued their antics of standing in driveways for about another 5 mins before finally leaving. YES....I was pretty scared by this. They were both big lumps of men and I certainly wasn't going to get into any sort of physical altercation with them because.... a, they knew where I lived and.... b, they seemed pretty villainous characters, were WAY bigger than me! 

 

Anyway, fast-forward several months.......Although not forgotten, my initial shock, intimidation and curiosity at what these guys were doing died down after a few weeks, and I kinda got on with my summer........

 

That was until last week when, after putting up with what I considered was pretty darn slow internet speeds at certain times of the day, especially during evenings and night, I was horrified when I noticed 600-700 megs of data were being clocked up on my router's data meter.....during the night whilst I was sleeping (obviously, I haven't been switching off my wi-fi at night. Silly me!). This happened on 3 consecutive nights.

 

I didn't know what the hell to make of this! I'm not particularly tech-minded. So I asked myself, "Is this normal?" Should my router be sending out data like this during the night, even when I am not online and my pc is OFF?? And I have NO OTHER devices in my house to feed off this data anyway. Is 700 mb a lot - or not?? Then I stopped to think about it for a moment........700mb is enough darn data to fill a blank music CD, so YES.....that must be a heck of a LOT of data, considering I am not connected to the internet at THAT particular time!

 

So, after following the necessary instructions and managing to reset both the Admin password and Wireless one too about 5 days ago, I was delighted (but kinda horrified at the same time!) to see that NO DATA WHATSOEVER was now being used during the night when I checked my data-meter next morning after waking. My feelings were mixed because I was delighted to see I'd stopped it happening, but I was horrified because the reality kinda hit me that it was highly likely someone had been hacking my connection, and what for, heaven only knows!!

 

And where do the two guys in the cars fit in to all this?..........

 

Well it just so happens that one of them moved in to my street at the time of the incident at the end of May. I found out from another neighbor that he is renting a properly about 50 meters away. 

 

Maybe I have put 2 and two together here and come up with 7, but you know when you just get this gut-feeling?? (or should I say - 'GUTTED' feeling!)

 

So folks, thanks for reading this if you have managed to........ without falling a-kip. lol !.....Maybe all pretty boring and that you might have heard it all before, I really don't know. But the whole thing has kinda freaked me out a bit.....more really because of the UNCERTAINTY of thinking, 'HAS this REALLY happened to me??'

 

IF any of you already-existing members would like to comment on what YOU think has happened here, please feel free to do so.....even of you think I am being a paranoid tw*t........It will only serve to put my mind at rest......because 'a paranoid tw*t' is how I feel right now!

 

Thanks

Robby.


Edited by robby501, 11 November 2014 - 07:40 AM.

Im a rookie and purely recreational pc user. Im utterly obsessed with security (even though I consider myself a safe and law-abiding internet user!) and run a combo of the following freeware security suites.....

Windows Defender/firewall

Regular scans with Malwarebytes, AdwCleaner, JRT, HitmanPro

 

 

 


BC AdBot (Login to Remove)

 


#2 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:04:49 PM

Posted 11 November 2014 - 09:06 AM

Hi robby501, it sounds to me like you really had been cracked at that time, and that these men were looking for wireless networks that they could crack their way into.

 

You probably retained your default password, which you have now changed.  That will increase your security no end.

 

Are you able to contact your ISP and advise them of the incident?  Even though there may not be a cost implication, the worry is that these downloads might not have been stolen music: they might have been illegal photographs and images or other illegal activity. It's worth getting your ISP to record that you've had an incident involving unauthorised access to your wireless network, and that you have taken steps to prevent it.

 

The fact that these men were abusive when you confronted them raises a huge red flag.


Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#3 robby501

robby501
  • Topic Starter

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 11 November 2014 - 09:34 AM

Hi robby501, it sounds to me like you really had been cracked at that time, and that these men were looking for wireless networks that they could crack their way into.

 

You probably retained your default password, which you have now changed.  That will increase your security no end.

 

Are you able to contact your ISP and advise them of the incident?  Even though there may not be a cost implication, the worry is that these downloads might not have been stolen music: they might have been illegal photographs and images or other illegal activity. It's worth getting your ISP to record that you've had an incident involving unauthorised access to your wireless network, and that you have taken steps to prevent it.

 

The fact that these men were abusive when you confronted them raises a huge red flag.

Bloodyhell. 

Reading this has sent a shiver down my spine - but thanks anyway. I needed to hear this for my own sanity and peace of mind!

I actually made a couple of posts previously about this on a BT forum. https://community.bt.com/t5/Other-Broadband-Queries/WiFi-hacked-how-can-I-report-it/m-p/1408135#M97096 , but to be honest, the answers I received were nowhere near as helpful (and blunt to the point!) as yours!

As you correctly assumed, I have been using the 'factory' password on my wi-fi ever since it was first installed back in April '13. I kinda overlooked the whole password/security issue after reading somewhere that WPA2 is supposedly 'safe' (something to do with a '4-way handshake' encryption system if my memory serves me right?)

 

In fact, I even got told previously that it would be not much use to report these 'goings on' as it is a FAILURE on my part because I am responsible for my own wi-fi security at home.

 

Since this is an issue which I have only been monitoring with any great eagerness during the last week (since finding out), I have researched the basics of doing a 'start>cmd>ipconfig' search to see if anyone is stealing my wi-fi, but as far as I am aware, doing this will only give me the IP's of those who are riding my network AT THAT GIVEN TIME. So my question here is that.... is there any way I can check out my BT router's IP HISTORY to see the IP's of any foreign computers/devices that have previously had connection to my wi-fi going back over the last few months??

 

Thanks for advising me for the need to contact my ISP. It kinda confirms to me what I already knew.  However, I will need to hand them some sort of evidence I guess, won't I? Just saying that I 'think' someone has hacked into me is not enough, I presume? Or will they then be obliged to look into this further on my behalf?

 

So yes thanks.....you made me realize the NEED to report this now....my only reservations being is that I am not quite sure how exactly to go about doing so at this moment in time?

 

I'm pleased I joined here today!

 

Yours

Robby


Edited by robby501, 11 November 2014 - 10:46 AM.

Im a rookie and purely recreational pc user. Im utterly obsessed with security (even though I consider myself a safe and law-abiding internet user!) and run a combo of the following freeware security suites.....

Windows Defender/firewall

Regular scans with Malwarebytes, AdwCleaner, JRT, HitmanPro

 

 

 


#4 Soldierbane

Soldierbane

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:10:49 AM

Posted 12 November 2014 - 09:39 AM

Hi robby501,

 

WPA2 is safer then protocols such as WEP, or not having any password, as well as you are correct about WPA2 using a 4-way handshake to help verify your identity to the router. Unfortunately with the right knowledge this handshake is incredibly easy to capture. Once that has been accomplished it is a simple, although possibly time consuming, task to preform what is called a dictionary attack. Essentially the way that this works is that the attacking PC uses a list of common and default passwords and just randomly guesses until it gets the correct one. 

 

The simplest way to prevent something like this from breaching your security is to ensure that you use a strong password. This applies not just to your home wifi but to any passwords you make online or anywhere else. A good rule of thumb that most websites enforce is to have a minimum of 8 characters, at least one upper case letter, one lower case letter, one number, and one special character. In addition you should try not to use actual words. While Passw0rd! meets the requirements it is something that people will think to try and will likely manage to gain access to your account.

 

As an added layer of security at your home ensure that you are using a strong password on both your router and your PC. Even if someone gains access to your network you can still make it difficult for them to gain access to your PC this way.

 

Like Angoid said  I would certainly recommend reporting this to your ISP even without solid proof just so that they have something on record to help keep yourself covered.



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 12 November 2014 - 04:00 PM

 

 

Naturally, these going's on got a few neighbour's curtains twitching, but I was the only one who actually went out to confront these two guys as I was pretty peeved to see this guy standing on my driveway, as he had been doing on other driveways too! The outcome of That was until last week when, after putting up with what I considered was pretty darn slow internet speeds at certain times of the day, especially during evenings and night, I was horrified when I noticed 600-700 megs of data were being clocked up on my router's data meter.....during the night whilst I was sleeping (obviously, I haven't been switching off my wi-fi at night. Silly me!). This happened on 3 consecutive nights.

 

I didn't know what the hell to make of this! I'm not particularly tech-minded. So I asked myself, "Is this normal?" Should my router be sending out data like this during the night, even when I am not online and my pc is OFF?? And I have NO OTHER devices in my house to feed off this data anyway. Is 700 mb a lot - or not?? Then I stopped to think about it for a moment........700mb is enough darn data to fill a blank music CD, so YES.....that must be a heck of a LOT of data, considering I am not connected to the internet at THAT particular time!

 

Can you tell us where you have this data meter?

And when you say "sending out", do you mean it was an upload?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 12 November 2014 - 04:03 PM

 

Hi robby501, it sounds to me like you really had been cracked at that time, and that these men were looking for wireless networks that they could crack their way into.

 

You probably retained your default password, which you have now changed.  That will increase your security no end.

 

Are you able to contact your ISP and advise them of the incident?  Even though there may not be a cost implication, the worry is that these downloads might not have been stolen music: they might have been illegal photographs and images or other illegal activity. It's worth getting your ISP to record that you've had an incident involving unauthorised access to your wireless network, and that you have taken steps to prevent it.

 

The fact that these men were abusive when you confronted them raises a huge red flag.


Since this is an issue which I have only been monitoring with any great eagerness during the last week (since finding out), I have researched the basics of doing a 'start>cmd>ipconfig' search to see if anyone is stealing my wi-fi, but as far as I am aware, doing this will only give me the IP's of those who are riding my network AT THAT GIVEN TIME. So my question here is that.... is there any way I can check out my BT router's IP HISTORY to see the IP's of any foreign computers/devices that have previously had connection to my wi-fi going back over the last few months??


 

 

ipconfig will not give you information about who is connected to your router.

 

I can not help you with your BT router, as I'm not familiar with it (I guess it's only used in the UK).

But many routers have logs, with MAC addresses and IP addresses.

 

Is it called a "BT Home Hub"? http://en.wikipedia.org/wiki/BT_Home_Hub


Edited by Didier Stevens, 12 November 2014 - 04:04 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:04:49 PM

Posted 13 November 2014 - 08:10 AM

As you correctly assumed, I have been using the 'factory' password on my wi-fi ever since it was first installed back in April '13. I kinda overlooked the whole password/security issue after reading somewhere that WPA2 is supposedly 'safe' (something to do with a '4-way handshake' encryption system if my memory serves me right?)

If I'm really honest, when I first had a wireless router I used to use the factory defaults but I try to keep up-to-date with security news and alerts, and it quickly became apparent that I had to change the passwords from the factory defaults otherwise it would be a matter of "when" and not "if" I got cracked.
WPA2 is far more secure than WEP but the crckers use sophisticated password-guessing techniques and also maintain lists of the standard ones that people use and the factory defaults, and try those first.
Soldierbane has covered the idea of a "dictionary attack" - which is literally that: a list of well-used passwords that can be tried in turn until yours is found (unless it's strong).
 

In fact, I even got told previously that it would be not much use to report these 'goings on' as it is a FAILURE on my part because I am responsible for my own wi-fi security at home.

That may well be true BUT you can prove that you are now doing something about it (asking for advice on forums, changing your passwords, etc) and just asking that the incident be noted so that if anything did come of it (unlikely) you'd be able to point to your report and say that it was due to unauthorised access to your network - an issue you subsequently resolved.
 

Thanks for advising me for the need to contact my ISP. It kinda confirms to me what I already knew.  However, I will need to hand them some sort of evidence I guess, won't I? Just saying that I 'think' someone has hacked into me is not enough, I presume? Or will they then be obliged to look into this further on my behalf?

If you can give them a date span - even something along the lines of "sometime between 1st April and 15th April 2014" then they can log it.  Make sure they do, and that your phonecall is recorded.  Also, don't forget to get the name of the person you speak to so you can quote them if need be.
As to how seriously they'll take you, unfortunately I cannot say.  All you can do is contact their Customer Services and if they sound disinterested, state why you are reporting this and that your connection might have been used for illegal purposes (the keyword here is 'might' as you don't know what they were doing, even though it's a fair bet that it was illegal).
 
Didier Stevens, it probably is a UK-only thing, or that version of this particular router might be.  BT stands for British Telecom, and it was the use of UK British terms in the OP's description of the problem that drew my attention to this thread!
 
As for your passwords, make them as long as possible.  It seems as though "CorrectHorseBatteryStaple" is probably not a good password after all, and Dropbox will even prevent you from using it!!!!!!
 
If that means nothing to you, then for kicks and giggles have a look here:
 

Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#8 robby501

robby501
  • Topic Starter

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 14 November 2014 - 08:05 AM

Hi folks!

There's no point in me quoting from any one (or any number of) members who have had input on this thread........Simply because you have ALL been exceptionally helpful and have obviously taken into account that I am not particularly 'tech-minded' - wording your replies in such a way that was clear to me and not over-complicated in any way. So thanks for that!

 

Since my last correspondence here, I have managed to access my router's log to see if any foreign IP's had logged onto my wi-fi, and I was relieved to see there weren't any, however I could only seem to access logs dating back to 2nd Nov this year, so obviously I am still rather concerned in the back of my mind as to what MAY have happened prior to that. 

 

However, if my memory serves me right, the nights of the 'high-data-usage' events were just about covered by the data-log history that I was able to access, and as there were no foreign IP's displayed on that log, I assume that maybe it was a false alarm and that no one else was up to any wrong-doings in as far as stealing my data is concerned. However, the subsequent improvement in internet speed and the much cooler-running of my pc since changing my passwords still leaves me rather concerned of some suspicious going-on in the past.

 

I am also concerned about 2 other networks which appear to be open and accessible to others in my area (if they wanted to be) that are emanating signals from my router, namely something called "BT wifi-X" and "BT Wifi-with-FON"..........I can't seem to secure these 2 other (networks?) with a password, and I am assuming that they can easily be used by my neighbors if they wanted to? Maybe it was one of these 'other' networks that got cracked into, and not the supposedly secure password-protected wi-fi network that I myself use when I am online? I would like to be able to switch these 2 'other' networks off as I never connect to them, but I can't seem to be able to! When I attempt to access my 'FON' network, I get a warning telling me that 'others' may see what I am doing over this network'........Not that I've got anything to hide, but it just kinda re-iterates to me that this is a FAR-FROM-SECURE network and that it may very well be open for anyone else to use - even when I am online myself. It's funny, because when I first started using wi-fi back in April 2013, these 2 'other' networks that seem to be emanating from my router weren't even available to me. They both seem to have popped up in the last few months showing a full signal strength.

 

I guess the ideal scenario (for me at least) is to stop using wi-fi altogether as it seems that no matter how much I try to find out as to how it works, I will never be able to understand the mechanisms of how it operates and until the day I do, I will never feel properly secure in using it!  :(

 

I have decided (for now) not to go down the path of reporting to ISP. I just have this feeling in the back of my head that they'd just laugh at me! As another member stated, I have at least made a log of these events on THIS site as well as on BT's own forums which I hope will serve as a future reference in the event that my wi-fi has been used illegally by someone in my neighborhood.

 

Once again, thanks for ALL your input. I learned a lot from reading your replies!

Robby


Im a rookie and purely recreational pc user. Im utterly obsessed with security (even though I consider myself a safe and law-abiding internet user!) and run a combo of the following freeware security suites.....

Windows Defender/firewall

Regular scans with Malwarebytes, AdwCleaner, JRT, HitmanPro

 

 

 


#9 robby501

robby501
  • Topic Starter

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 14 November 2014 - 08:19 AM

 

 

 

Naturally, these going's on got a few neighbour's curtains twitching, but I was the only one who actually went out to confront these two guys as I was pretty peeved to see this guy standing on my driveway, as he had been doing on other driveways too! The outcome of That was until last week when, after putting up with what I considered was pretty darn slow internet speeds at certain times of the day, especially during evenings and night, I was horrified when I noticed 600-700 megs of data were being clocked up on my router's data meter.....during the night whilst I was sleeping (obviously, I haven't been switching off my wi-fi at night. Silly me!). This happened on 3 consecutive nights.

 

I didn't know what the hell to make of this! I'm not particularly tech-minded. So I asked myself, "Is this normal?" Should my router be sending out data like this during the night, even when I am not online and my pc is OFF?? And I have NO OTHER devices in my house to feed off this data anyway. Is 700 mb a lot - or not?? Then I stopped to think about it for a moment........700mb is enough darn data to fill a blank music CD, so YES.....that must be a heck of a LOT of data, considering I am not connected to the internet at THAT particular time!

 

Can you tell us where you have this data meter?

And when you say "sending out", do you mean it was an upload?

 

I swipe in from bottom-right to access settings, then click networks, then I have the option to switch data-usage meter on/off or reset as required.

 

 

 

Hi robby501, it sounds to me like you really had been cracked at that time, and that these men were looking for wireless networks that they could crack their way into.

 

You probably retained your default password, which you have now changed.  That will increase your security no end.

 

Are you able to contact your ISP and advise them of the incident?  Even though there may not be a cost implication, the worry is that these downloads might not have been stolen music: they might have been illegal photographs and images or other illegal activity. It's worth getting your ISP to record that you've had an incident involving unauthorised access to your wireless network, and that you have taken steps to prevent it.

 

The fact that these men were abusive when you confronted them raises a huge red flag.


Since this is an issue which I have only been monitoring with any great eagerness during the last week (since finding out), I have researched the basics of doing a 'start>cmd>ipconfig' search to see if anyone is stealing my wi-fi, but as far as I am aware, doing this will only give me the IP's of those who are riding my network AT THAT GIVEN TIME. So my question here is that.... is there any way I can check out my BT router's IP HISTORY to see the IP's of any foreign computers/devices that have previously had connection to my wi-fi going back over the last few months??


 

 

ipconfig will not give you information about who is connected to your router.

 

I can not help you with your BT router, as I'm not familiar with it (I guess it's only used in the UK).

But many routers have logs, with MAC addresses and IP addresses.

 

Is it called a "BT Home Hub"? http://en.wikipedia.org/wiki/BT_Home_Hub

 

Yes, BT Hub3-JM25

 

 

As you correctly assumed, I have been using the 'factory' password on my wi-fi ever since it was first installed back in April '13. I kinda overlooked the whole password/security issue after reading somewhere that WPA2 is supposedly 'safe' (something to do with a '4-way handshake' encryption system if my memory serves me right?)

If I'm really honest, when I first had a wireless router I used to use the factory defaults but I try to keep up-to-date with security news and alerts, and it quickly became apparent that I had to change the passwords from the factory defaults otherwise it would be a matter of "when" and not "if" I got cracked.
WPA2 is far more secure than WEP but the crckers use sophisticated password-guessing techniques and also maintain lists of the standard ones that people use and the factory defaults, and try those first.
Soldierbane has covered the idea of a "dictionary attack" - which is literally that: a list of well-used passwords that can be tried in turn until yours is found (unless it's strong).
 

In fact, I even got told previously that it would be not much use to report these 'goings on' as it is a FAILURE on my part because I am responsible for my own wi-fi security at home.

That may well be true BUT you can prove that you are now doing something about it (asking for advice on forums, changing your passwords, etc) and just asking that the incident be noted so that if anything did come of it (unlikely) you'd be able to point to your report and say that it was due to unauthorised access to your network - an issue you subsequently resolved.
 

Thanks for advising me for the need to contact my ISP. It kinda confirms to me what I already knew.  However, I will need to hand them some sort of evidence I guess, won't I? Just saying that I 'think' someone has hacked into me is not enough, I presume? Or will they then be obliged to look into this further on my behalf?

If you can give them a date span - even something along the lines of "sometime between 1st April and 15th April 2014" then they can log it.  Make sure they do, and that your phonecall is recorded.  Also, don't forget to get the name of the person you speak to so you can quote them if need be.
As to how seriously they'll take you, unfortunately I cannot say.  All you can do is contact their Customer Services and if they sound disinterested, state why you are reporting this and that your connection might have been used for illegal purposes (the keyword here is 'might' as you don't know what they were doing, even though it's a fair bet that it was illegal).
 
Didier Stevens, it probably is a UK-only thing, or that version of this particular router might be.  BT stands for British Telecom, and it was the use of UK British terms in the OP's description of the problem that drew my attention to this thread!
 
As for your passwords, make them as long as possible.  It seems as though "CorrectHorseBatteryStaple" is probably not a good password after all, and Dropbox will even prevent you from using it!!!!!!
 
If that means nothing to you, then for kicks and giggles have a look here:
 

 

Thanks for lightening the mood with the link - I needed that! lol


Im a rookie and purely recreational pc user. Im utterly obsessed with security (even though I consider myself a safe and law-abiding internet user!) and run a combo of the following freeware security suites.....

Windows Defender/firewall

Regular scans with Malwarebytes, AdwCleaner, JRT, HitmanPro

 

 

 


#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 14 November 2014 - 10:23 AM

 

Since my last correspondence here, I have managed to access my router's log to see if any foreign IP's had logged onto my wi-fi, and I was relieved to see there weren't any, however I could only seem to access logs dating back to 2nd Nov this year, so obviously I am still rather concerned in the back of my mind as to what MAY have happened prior to that. 

 

 

Can you also see MAC addresses in this log?

A MAC address is 6 pairs of hexadecimal digits, e.g. 01-23-45-67-89-ab   or   01:23:45:67:89:ab

http://en.wikipedia.org/wiki/MAC_address

 

A MAC address uniquely identifies a network interface, and by extension, network clients like computers, tablets, smartphones, ...


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 14 November 2014 - 10:28 AM

I swipe in from bottom-right to access settings, then click networks, then I have the option to switch data-usage meter on/off or reset as required.

 

Is that on your Windows 8 machine?

Like explained in this video:


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:04:49 PM

Posted 14 November 2014 - 10:43 AM

As far as computer networking is concerned, a wireless connection is exactly the same as a wired one.  The only difference being that instead of a physical wire, you're using radio waves.

 

Now radio waves can be eavesdropped, providing you have the right equipment.  Just turn your radio on and tune in to a station to prove this.  The key is making the radio waves impossible to understand, and you do this by creating a strong password.  That means that all eavesdroppers will 'hear' is gibberish that will (should!) be completely meaningless to them.  The password is used to encrypt the signal between your computer and the router and also for authentication.

 

WPA2 is an encryption mechanism, as it WEP.  It's just that WPA2 is much stronger and harder to crack - although it has now been done by the looks of things :(

 

Your neighbours will probably have wireless networks as well.  If you try to connect to one of them, you *should* get a login/password prompt - if you don't then their network is unsecured and it might be worth popping round to tell them.  Are you sure these two networks you refer to are yours, and do not belong to any neighbours?

 

Glad you're finding this forum helpful by the way ... that's why I stick around (even though my participation is somewhat sporadic) ... I detest those places where they seem to derive joy from flaming people, telling them that they're stupid, getting rewarded for spamming with RTFM / STFW, etc ... I've never seen any of that garbage here.


Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#13 robby501

robby501
  • Topic Starter

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 14 November 2014 - 10:52 AM

 

I swipe in from bottom-right to access settings, then click networks, then I have the option to switch data-usage meter on/off or reset as required.

 

Is that on your Windows 8 machine?

Like explained in this video:

 

yes! exactly this! I had no idea that it was such a newly-added feature.


Edited by robby501, 14 November 2014 - 10:53 AM.

Im a rookie and purely recreational pc user. Im utterly obsessed with security (even though I consider myself a safe and law-abiding internet user!) and run a combo of the following freeware security suites.....

Windows Defender/firewall

Regular scans with Malwarebytes, AdwCleaner, JRT, HitmanPro

 

 

 


#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 14 November 2014 - 11:02 AM

 

yes! exactly this! I had no idea that it was such a newly-added feature.

 

OK, that's important! Because that data meter is for your computer, not for your router.

 

So if you noticed for 700MB upload & download, then this happened on your computer.

If someone would connect to your Wifi and start downloading, you would not see this on this data meter on your computer.

 

So your conclusion that someone connected to your Wifi and transferred 700MB is probably wrong.

It's your computer that did it. You should think about this and decide if that's normal or not.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:49 PM

Posted 14 November 2014 - 11:05 AM

 

WPA2 is an encryption mechanism, as it WEP.  It's just that WPA2 is much stronger and harder to crack - although it has now been done by the looks of things :(

 

 

The thing with encryption algorithms that use a password, is that the confidentiality of the ciphertext also depends on the strength of your password.

If you choose a weak password (like 123456), then your WPA2 network is also easy to crack.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users