Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacking a Wi-Fi Connection


  • Please log in to reply
17 replies to this topic

#1 LittleGreenDots

LittleGreenDots

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:01:45 PM

Posted 19 January 2015 - 07:05 AM

I need some information, worst case scenario.

Here is a scenario.

A computer was infected with bundled malware.  The computer is on a personal wi-fi cable connection.  I believe the network was compromised.  Three passwords for email accounts were stolen, one user name on a fourth account was changed, and credit card information was stolen and an attempt was made to make purchases (that were denied by the bank.)  A second computer is also on this network.  I believe the second computer could have been compromised as well.  

The first computer may or may not be infected still but it doesn't matter because it is not online, no network.  

What exactly can a hacker do on a network?  If both computers were compromised, I'm guessing a backdoor to each could have been established, giving a hacker full access to both.  Could a hacker have access to any computer on that network through the wi-fi ports?  Sorry if I don't use the proper terminology.  I am not a techie.  

Is the only way I can be certain the network is clean is to reinstall the OS in both computers?  And if I did before resetting the network password, could the hacker still get into the freshly formatted  computer through the computer's connection to the wi-fi?

THanks in advance!

Edit: Topic moved from Networking to the more appropriate forum, due to the nature of assistance required.~ Animal

BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 19 January 2015 - 11:08 AM

Use wpa2 for encryption and make a complex [numbers, letters, special characters] for passphrase.

 

Yes format and reinstall is the only way to remove the back doors.  Install a good AV and software firewall after doing all the updates/service packs.



#3 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:01:45 PM

Posted 20 January 2015 - 12:49 PM

Thanks.  I just have this feeling that once they got in that they're incognito waiting for something good (credit card info) and i guess the only way is to completely wipe everything clean. What would be the best order?  Reformat the computers offline, then reset network password?



#4 Wodim

Wodim

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 22 January 2015 - 07:12 PM

If I were in your shoes I would not go as far as wiping everything. There are tons of tools for detecting viruses, malwares, spywares, etc. One simple test would be to install a firewall that will ask for your permission when any single connection request is being made, and then you could monitor and deny any of it.

 

On the WIFI hacking subject, WEP, WPA, etc, are all primarily built to protect your internet access from those who are in the wireless or connectivity vicinity. It will not protect you from people who have the connection information and connect in other forms. With that I am simply stating that your issue is more likely not related to your wireless in specific, that is of course assuming that you do not live next door to your hacker.

 

What I would do is download a Live cd of some kind to give you Internet access and file downloading capabilities. During this process you should want to disable the internet connection of the infected computers. Use the live system to build an inventory of virus detecting and removing tools to use on the infected computer. This includes (primarily) for the best results a firewall of some kind, one of which will include notifications and interactions, like ZoneAlarm security for example.

 

The ZoneAlarm firewall can detect connection requests whether you are connected to the internet or not, and this is because all viruses and internet based services have to check for a connection by making some kind of connection request that the firewall will detect. I would acquire some of these utilities and attack the infected computer like there is a living parasite and it is reproducing.

 

All communications are made by either some type of stand alone virus like a trojan, or, a virus that is embedded into some other piece of software. Somewhere there is a little bug that is sending statistics to some server somewhere that can be retrieved by the hacker, and you want to find that service and remove it.

 

 

 



#5 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 22 January 2015 - 07:26 PM

This is a common misconception on the internet that utilities can find everything a hacker leaves behind.  It simply isn't true.  Proof is in how many corporations have been rehacked after the first hack was known. They have far more expertise /can hire experts and if they can get rehacked what chance do you and I have?  None.  Heck you can't even trust your backups since they may reinstall the hackers tools.  These hacker tools are not seen as services or anything.  They can lie dormant for quite some time.

 

Format and reinstall is the ONLY true method for eliminating a hackers penetration.


Edited by Wand3r3r, 22 January 2015 - 07:27 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:45 PM

Posted 22 January 2015 - 07:36 PM

These resources may help you with investigating.

How to Tell if someone has accessed your computer:.
Investigating Hacking:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 23 January 2015 - 05:47 AM

What makes you believe that this is a case where a criminal manually infected the machines, and not an automatic infection by visiting a compromised website?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Wodim

Wodim

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 23 January 2015 - 10:11 AM

It could be many things obviously, and although I agree with everything that was stated, I will add that I have my own suspisions and theories as to what happened and what could be done about it. So say it was an infected website that jacked his cookies, you guys are now prepping him to wipe his OS and start fresh because of it...



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:45 PM

Posted 23 January 2015 - 10:13 AM

...you guys are now prepping him to wipe his OS and start fresh because of it...

Not everyone is saying that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Wodim

Wodim

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 23 January 2015 - 10:36 AM

I usually inspect infected computers offline. It does not take much but a decent auditing tool to figure out if any files were messed with (infection in the machine) along with some other utilities. Basically my theory is that if we can eliminate the idea that there is some active component providing a service to a hacker on his machine, then we can ultimatly eliminate quite a few possabilities as to what is going on. You can try all day to see if someone got your passwords through your browser, but will you ever really know?

 

I suppose the third solution is restore. I just simply would not do a restore unless other options had been exhausted, but my systems are usually more extensive than a regular user and therefore offer little to no room to simply 'restore' my systems. That would take weeks.



#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 23 January 2015 - 05:45 PM

It could be many things obviously, and although I agree with everything that was stated, I will add that I have my own suspisions and theories as to what happened and what could be done about it. So say it was an infected website that jacked his cookies, you guys are now prepping him to wipe his OS and start fresh because of it...


Are you answering my question? Because I'm asking the OP, if that wasn't clear.


Edited by Didier Stevens, 23 January 2015 - 06:10 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 technonymous

technonymous

  • Members
  • 2,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 26 January 2015 - 12:41 AM

Sounds like a Keylogger remote/rootkit. Infected VIA internet or compromised WiFi network. Likely downloaded from the internet. However, many WiFi routers are vunerable no matter how strong your WPA2 key is.



#13 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,384 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:45 AM

Posted 26 January 2015 - 12:59 AM

 

I need some information, worst case scenario.

So this is just an exercise?

 

 

IMO

If somebody has accessed my PC by hacking it, I would format my PC and start again, I would not trust any backups because you don't know when the breach occurred,This would also apply to any PC on the network, I would factory reset my router creating a new ssid and password,  Once breached I could never trust any PC on that network without a format.



#14 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:01:45 PM

Posted 28 January 2015 - 10:38 AM

Thanks!



#15 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:01:45 PM

Posted 28 January 2015 - 10:44 AM

Bleak.  Once someone is compromised...can one ever trust the integrity of their data again?  Say a computer was infected and the infector (person or bot) planted a rootkit or some other nasty in the person's recently created new files.  When we discover that we might be compromised, the first thing we usually do is backup new files.  I'm guessing that there are others beside me who periodically back-up data rather than every day, right?  Following a reformat, reinstall of WIndows and then saved data, could that computer again be infected? 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users