Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Got Owned!


  • This topic is locked This topic is locked
17 replies to this topic

#1 Flynn2256

Flynn2256

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:12:47 PM

Posted 02 January 2015 - 04:37 PM

I met this client on Craigslist in NYC, she’s a Yale educated Attorney who no longer practices law.  She owns multiple rental properties, several other companies and a Theatre Production and a Music Production company.  She hired me for accounting help.  I was using her wifi in her penthouse to log onto the internet.  On the second day, while I was in her penthouse my laptop crash, it’s less than a year old and it had never done that before.  She acted innocent about it, asking me if it had ever done that before.  Well fast forward a few days, and things didn’t work out.  She changed her mind after the first week on the type of work and I wanted to raise the rate we disagreed and I resigned. 

That laptop crash was not the end of it, as it turns out she hacked my laptop and my cellphone and she sent my data off to some other people via email.  They have verified it to me. 

About 4 weeks after I quit working for her I noticed my cellphone data usage was high and I began to investigate.  I tried to factory restore my iPhone and it wouldn’t let me because my iTunes passwords had been changed.  When I went to reset iTunes I noticed the underlying Gmail account password had been changed, Gmail indicated the IP address for the most recent change was my home IP address, this is what led me to confirm my laptop was hacked.  As I tried to change logins on personal information (banking, websites, etc.) I literally saw someone deleting the new login info as I was trying to change my login info.  I then disconnected the laptop from the internet and tried to move my data off the laptop in an effort to get my data off and format and restore the laptop, I guess they sabotaged it before I could take it offline in time.  Later GeekSquad would tell me the hard drive failed.  I lost data.  I lost client data.  And a lot personal data.  I was using one laptop for personal/business as money was tight. 

So about two weeks after the laptop blew up, I borrowed enough money to purchase a new laptop.  I think when she hacked my laptop in her apartment she installed something and when I brought the laptop behind my router at my home it opened up a port on the router.  I should have checked my router before setting up the new laptop but I didn’t.  During setup and usage of the new laptop I noticed 1) sometimes my Norton 360 Premier would disable 2) browser errors and it would ask to close and reopen 3) MS Office errors and crashes 4) various errors with other programs such as Adobe Acrobat, Firefox, etc. 

I typed up police report about 2 weeks after that night discovering the hack, the same night it blew up.  That is, roughly 6 weeks after my laptop crashed in her apartment.  I booted up the new laptop about a week after I typed up the police report(week 7) on my new laptop and I noticed several Linksys configuration browser tabs opening and closing rapidly.  I think maybe they were trying to hide their tracks in anticipation to law enforcement.  I’ve installed an older temporary router while waiting for the Linksys replacement; I have been formatting and restoring my new laptop every week.  I’m doing that in between router changes/modifications. 

I have a total of 3 working laptops now, the two older ones(the blown up and repaired and an even older one) I have formatted and restored but they have never been hooked up to the internet.  I want to make sure I setup the new replacement router properly before I do. 

Lessons I’ve learned from this experience: 

  1. Never sign onto a client’s wifi, bring your own wifi, unless you trust them and that’s rare now a days. 
  2. Have 2 laptops, one for work/business, and one for personal use/personal data. 
  3. Never carry personal data on your work lap.
  4. Never keep your website/banking/personal etc. login information on your iPhone or your laptop. 
  5. Don’t give out your smartphone cellphone number, use a disposable tracphone or whatever as your frontline/published number.  Let them hack that one.  Only give your smartphone number out to people your trust. 
  6. People are not nice. 
  7. Only put out there what you’re willing to risk to lose. 
  8. Feel free to make suggested additions to this list in your comments. 

 

So my questions to you techies is this: 

  1. How do I secure my laptop from hackers in the future? 
  2. How do I secure my home wifi network? 
  3. How do I re-setup a new router with maximum security?  Linksys tech support told me the old one was corrupted when I tried to reflash the firmware on it.  I’ve since got a replacement from Linksys for the failure of the old one. 
  4. How do I ensure there are no more remnants of malicious software left in my data I’ve transferred to a hard drive?  I’m using just one external hard drive for now(the one I transferred the recovered data onto).  I’m keeping it and my new laptop the only thing I’m using now. 


BC AdBot (Login to Remove)

 


m

#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:02:47 AM

Posted 03 January 2015 - 06:23 PM

Well it does appear your bios has been owned by the sounds of it or the MBR has been owned with a nice new partition on the table.

Anwyay, there are many things you can do to achieve a secure pc/laptop wether it be Mac, Linux/Unix, Windows.

 

Dont ever and i mean ever use a iphone, they are (Apparently) one of the easiest phones to hack and access.

Dont ever have WiFi enabled on all the time and also never have Blue tooth enabled unless you need it enabled (Lots of isues with tracking and brute forcing bluetooth stack to hack into phones/laptops).

Donty ever run a work computer with Administrator rights, this should have been #1.

Like you said never use free wifi because of man in the middle attacks and password sniffing which indicates what happened to you (Takes 20 seconds to sniff a secure password when you are the man in the middle supplying dns, false certificate etc etc, this is proven to work over any secure channel/encryption on any web browsers just ask the Honk Kong residents!)

Dont ever useenable uPnP on a modem/router (It will create the open port for you/them autonomously).

Make sure router is always up to date (First point of entry for most home users).

Get someone who knows what they are doing to set some group policies on the machine/laptop (Or set them your self mate using google (Secure PC with Group Policies/Secpol)).

Dont ever and i once again mean EVER use anything from symantec/Norton and if the sales man/woman tries to sell it simply slap them in the face and spit on the floor in front of them and walk out!!!!!.

 

These are just some of things of the top of my "hung over" head and im sure many others will give some other options as well.

I would recommend a Windows-Phone For Therering) because the only data leaked will be to Microsoft/Same as Google gets android data!!



#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 PM

Posted 04 January 2015 - 01:41 PM

Dont ever and i mean ever use a iphone, they are (Apparently) one of the easiest phones to hack and access.

 

No, they are not.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Flynn2256

Flynn2256
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:12:47 PM

Posted 04 January 2015 - 10:16 PM

Yeah it was a learning experience.

The router that got corrupted was a Linksys EA3500 and the replacement is a remanufactured of the same.

I was thinking about that during ordeal so I called my ISP, Optimum, they couldn't give me a straight answer. They said depends on the contract based on the account. Whatever that means. Is there a way I can check my IP address each time I power-down/up my cable modem?

Yes I'm trying not to use a computer on a new/reflashed router without formatting and restoring that computer first. From what I read online I hope this would get rid of any buried malware that could open up a new port on that new/reflashed router.

That was my thinking, once I get things stabilized using that new laptop-router setup then I can trust my network again and bring the others online.

The iPhone that was hacked is a iPhone 5s, now before you tell me that's impossible. I've spoken with former NYPD detectives who do PI work now and they say that's not likely, but I received a strange text message on a certain date and since that date I noticed large data packets being sent to a INT/DC number and my GPS tracking would cycle every few minutes. Tried factory restoring the phone several times but no use. So I've had it deactivated till I get the cash to purchase new.

Know that she is a former attorney in the NYS Senate. We had a brief little romance, she had me followed, I think there were law enforcement people involved, or at least they looked like former cops maybe military. In that sense her offensive tech capabilities are probably very state of the art.

If you know semi-famous people in NYC you probably know of her. She lives up to her reputation of being not very nice.



#5 Billy_Parts

Billy_Parts

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 02 February 2015 - 12:33 PM

Meh.  I disbelieve almost all of this.  The OP isn't technically qualified to have any of these opinions.  And wealthy busy people have better things to do that hack people's devices for (apparently) no particular reason.

 

OP, technically qualified people are not telling you a whole lot of things, and are not saying a lot, due I think primarily to the fact that they don't want to get into a big conversation about it with you.  Waste of time.  You are so committed to your (wrong) understanding of the situation that it would take a very long time and a lot of effort to persuade you that you are wrong.

 

I mostly post so everyone else can see it.  The OP is wrong.  Association is not the same as causality.  Also, the Geek Squad are a bunch of ignorant crooks that don't know anything other than how to lie to their customers and and take people's money.  So anyone that uses them as some kind of authority obviously doesn't know anything.

 

These kinds of situations should not go unchallenged.  Just yesterday I watched and read a bunch (more than 20) different YouTube channels about how the Sandy Hook massacre was fake, "false flag" operation.  There is no length a stupid person will go in perpetrating their stupidity, and it should never be allowed to go unchallenged.  I'm not saying the OP is necessarily "stupid", but at the same time he's wrong and should not be allowed to just post all of his wrongness and allow it to appear that "most people" agree with him by their silence.  Most intelligent Technicians can see clearly that the OP isn't qualified to have any of his opinions, and also any Tech that used this kind of sloppy and illogical thinking in the performance of their job would quickly become homeless.

 

Or working at Best Buy for the Geek Squad.



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 PM

Posted 02 February 2015 - 02:23 PM

I'm not saying the OP is necessarily "stupid", but at the same time he's wrong and should not be allowed to just post all of his wrongness and allow it to appear that "most people" agree with him by their silence.  Most intelligent Technicians can see clearly that the OP isn't qualified to have any of his opinions, and also any Tech that used this kind of sloppy and illogical thinking in the performance of their job would quickly become homeless.

 

Or working at Best Buy for the Geek Squad.

 

Where does all this hate come from Billy_Parts?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 NotAnElf

NotAnElf

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 02 February 2015 - 03:05 PM

Well it does appear your bios has been owned by the sounds of it or the MBR has been owned with a nice new partition on the table.

Anwyay, there are many things you can do to achieve a secure pc/laptop wether it be Mac, Linux/Unix, Windows.

 

Dont ever and i mean ever use a iphone, they are (Apparently) one of the easiest phones to hack and access.

Dont ever have WiFi enabled on all the time and also never have Blue tooth enabled unless you need it enabled (Lots of isues with tracking and brute forcing bluetooth stack to hack into phones/laptops).

Donty ever run a work computer with Administrator rights, this should have been #1.

Like you said never use free wifi because of man in the middle attacks and password sniffing which indicates what happened to you (Takes 20 seconds to sniff a secure password when you are the man in the middle supplying dns, false certificate etc etc, this is proven to work over any secure channel/encryption on any web browsers just ask the Honk Kong residents!)

Dont ever useenable uPnP on a modem/router (It will create the open port for you/them autonomously).

Make sure router is always up to date (First point of entry for most home users).

Get someone who knows what they are doing to set some group policies on the machine/laptop (Or set them your self mate using google (Secure PC with Group Policies/Secpol)).

Dont ever and i once again mean EVER use anything from symantec/Norton and if the sales man/woman tries to sell it simply slap them in the face and spit on the floor in front of them and walk out!!!!!.

 

These are just some of things of the top of my "hung over" head and im sure many others will give some other options as well.

I would recommend a Windows-Phone For Therering) because the only data leaked will be to Microsoft/Same as Google gets android data!!

 

Neither Norton or Symantec are bad products in my personal experience (but AV is always a topic of hot debate), and iPhones aren't 'easy' to hack.

 

To the OP it does sound a little bit like you are putting 2 and 2 together and getting 5. But I think Billy_Parts worded it rather badly. First of all how can you be sure that she hacked your laptop? You go from it crashing to it having been hacked without any real explanation.

 

Also I am unaware of any malware that can delete as you type in real time, but malware is not an area I would ever say I am an expert in.



#8 Flynn2256

Flynn2256
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:12:47 PM

Posted 02 February 2015 - 05:40 PM

<deleted>


Edited by Flynn2256, 02 February 2015 - 05:53 PM.


#9 Flynn2256

Flynn2256
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:12:47 PM

Posted 02 February 2015 - 05:53 PM

Oh and as you tell from my references to thing places and people I don't care who knows anymore. 

 

This was a felony hack and a conspiracy to commit felony hack by all those involve against me. 

 

It's cost me personally and financially.  It's cost me my PT job income. 

 

I've spent the last two weeks picking errors out of my clients general journal because someone used a log me in login to mess with their financial records around the time I resigned from her. 



#10 JohnnyJammer

JohnnyJammer

  • Members
  • 1,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:02:47 AM

Posted 02 February 2015 - 06:28 PM

I cannot reply to this thread, it keeps saying i dont have permission accept this works.

is there a  chr limit?


Edited by JohnnyJammer, 02 February 2015 - 06:29 PM.


#11 Billy_Parts

Billy_Parts

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 02 February 2015 - 08:14 PM

 

I'm not saying the OP is necessarily "stupid", but at the same time he's wrong and should not be allowed to just post all of his wrongness and allow it to appear that "most people" agree with him by their silence.  Most intelligent Technicians can see clearly that the OP isn't qualified to have any of his opinions, and also any Tech that used this kind of sloppy and illogical thinking in the performance of their job would quickly become homeless.

 

Or working at Best Buy for the Geek Squad.

 

Where does all this hate come from Billy_Parts?

 

Jeez, really?  You boil all that analysis and opinion down to the single word "hate"?  Really?

What I said was truth.

Do you disagree?

 

Do you think the OP is qualified to diagnose his own problem?  Do you think the wealthy New York business lady REALLY put the effort into having a trained professional hacker standing by in her apartment, lured the OP into her wireless signal area and then hacked his computer in order to accomplish, what?

 

Do you, as a professional technician, REALLY think that scenario is likely?

From a technical perspective, please describe to us all the reasons why you think that the OP is qualified to assess his problem.  Also please explicitly endorse his reasoning "I went to a place, and as soon as I got there, my computer was infected, therefore the place and the person living there infected my computer."


Edited by Billy_Parts, 02 February 2015 - 08:22 PM.


#12 Billy_Parts

Billy_Parts

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 02 February 2015 - 08:18 PM

And, while I'm at it, I'd also like to ask the OP why the exact same essay is posted on TechSupportForum.com.  Feels like some kind of spammy marketing gimmick.



#13 Flynn2256

Flynn2256
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:12:47 PM

Posted 02 February 2015 - 08:47 PM

And, while I'm at it, I'd also like to ask the OP why the exact same essay is posted on TechSupportForum.com.  Feels like some kind of spammy marketing gimmick.

 

Thanks for noticing the duplicate post in another venue Billy, I figured copy and paste to two sites.  Get as much feedback as I could.  No marketing scam.  Nothing being sold here.  You tell me what to buy.  I'm more concerned about the settings and what I did wrong in this situation. 

 

Like the post above with never be logged in as an administrator on your own computer outside your own network.  Don't ever useenable uPnP on a modem/router (It will create the open port for you/them autonomously).  Or never connect to a crazy lawyer bi@tchs wifi. 

 

Stuff like posted above. 

 

I don't know exactly what happened I'm trying to give symptoms and background.  I'm seeking advice on what happened and is there anything I can do in the future. 

 

So ask me question, please. 

 

Oh and if you want some background I did post something else but I deleted it.  I'll make some revisions with the names and repost it for background.  There is another side to this. 

 

I still don't understand why this happened to me. 



#14 Flynn2256

Flynn2256
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:12:47 PM

Posted 02 February 2015 - 09:35 PM

Yes there are things I'm not telling you...like she sent my data to people I know and they were talking about my data in front of me now I realize that.  They were talking about my data behind my back for a month while it was going on.  Now why did this happen?  Why would someone like that risk themselves like that?  Good question. 

Perhaps she was checking me out, perhaps she wanted me checked out before I delved too deep into her bank accounts.  Hence the changing of the nature of the work to be more research based. Stall my accounting work while she looks at my laptop. 

 

There is something else there and I haven't been able to put my finger on it.  I think it has to do with the other hackings that occurred at my other PT job(the rat ship) and the way she talked about that place.  Other employees at the rat ship I was working PT at the time were having their cell phones hacked.  And I remember someone(we'll call him dhead) who was rumored to be behind that cell phone hacking at the other job saying, "I want his contacts and a peek at his data, but I want to give him something." 

 

I remember hearing the Head Mistress at the rat ship asking Dhead “how are we getting this data? Are we at risk?”  To which he responded “Email.”  So it all goes through him.  I think he set me up with her, I'm not sure what the link was but she talked about the rat ship I was working like it was some great place, I knew there was cell phone hacking going on and some other stupid bleep. 

 

You see dhead and a couple other people at that pt job were friends of a friend who helped me get that job, so I thought I could trust at least them.  Dhead supposedly knows famous people or that's what everyone says(my friend who hooked me up with the job, former co-workers). 

 

I kinda feel like I was primed for it, a couple female coworkers made conversation about my previous romances and I'd said I've dated lawyers and then they asked if I have a gf and I said "no my last ex was indian and this time I think I'll go Asian.", then poof two weeks later she posts and I respond and then it starts. 

 

Everyone knew what was going on but no one actually said.  One guy “Friday” came into my office and said “you should report it you should report while it’s still going on, report them and this place.”  At the time I thought he was joking around.  I just didn’t get it then.  There were so many clues but my head was into the work at the motel.  Another time he came into my office and was having a conversation with dhead he said "Oh so if he reports it he doesn't get the girl, if he doesn't he does?"  Veiled conversations all of them.  Allows for deniability. 

 

I felt like chazz palminteri in the usual suspects while I was restoring my iphone, it dawned on me when one day dhead was reading off a whole bunch of apps and I was looking at the list on my junk computer’s(3rd laptop) screen.  I remembered all the conversations put them together.  And got pissed. 

 

Either I was primed to meet her or I really did meet her on my own, but I know I made the mistake of telling dhead "Thanks for so and so after she emailed me to setup the interview, I asked him if "it was him" who sent her to me.  He said no.  But he's not always truthful.  Haha! 

 

I overheard dhead saying to big girl "yeah after we get the data we blow it up, it'll be fun like a game."  And big girl said "well that's at least worth a new laptop and a copy of his data.  It’s his livelihood."  And the she glanced at me.  I overheard this conversation after our initial interview for the freelance position with the girl. 

Some part of me thinks it was a twisted "game" that went bad when I flipped out and sent an email about it to the rat ship people and her, they bleep canned my ass the next day after that.  And I didn't want to see her again after she turned me away.  I had mixed feeling about the whole deal, felt humiliated, betrayed, angry, etc. 

Or maybe it was a game designed to demonstrate how much of a docile and controllable guy I could be.  The kind aggressive successful female lawyers go for.  I'm not that guy anymore. 

The only thing I can think of I did wrong was continue to stay there in that spot, as soon as my laptop crashed in her apt. that day I should have gotten up and walked out.  Gone home formatted refreshed and moved on. If I hadn’t have turned it back on and let the program finish setting up after the reboot signal maybe they wouldn’t have gotten any data.  After I rebooted and continued working the HD was cranking like mad and it’s a quad core it has never lagged on just web surfing/copy paste research kinda stuff. 

 

Thanks for the session guys, bill me for the therapy time. 

 

It's a REAL story.  Thanks again for the straight up advice regarding the IT precautions. 

 

This makes a really great story though doesn't it??  Even out of order and without my txt msg logs or her fb snapshots or emails to back it up. 

 

Remember to tell stories to your friends in txts msgs, it logs the date and time. 

 

I'll put it in my memoirs under the title "The Flower Girl and the rat ship." 


Edited by Flynn2256, 02 February 2015 - 11:16 PM.


#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 PM

Posted 03 February 2015 - 02:32 AM

I'm not saying the OP is necessarily "stupid", but at the same time he's wrong and should not be allowed to just post all of his wrongness and allow it to appear that "most people" agree with him by their silence.  Most intelligent Technicians can see clearly that the OP isn't qualified to have any of his opinions, and also any Tech that used this kind of sloppy and illogical thinking in the performance of their job would quickly become homeless.
 
Or working at Best Buy for the Geek Squad.

 
Where does all this hate come from Billy_Parts?
Jeez, really?  You boil all that analysis and opinion down to the single word "hate"?  Really?
What I said was truth.
Do you disagree?
 "

Yes

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users