Crazy neighbor is hacking my GFs network!

[Appa]

So, this nutjob that lives across the street from my GF is a former engineer that got laid off over the summer. The guy just lives by himself and stays up all night, dosn't talk to anyone and maybe comes outside once every 3 days. My GFs mom started to notice some files and crazy things on her PC that were not right. For example, files were moved around, pictures were missing, etc. She thought she just had a virus.

Well I hop on the clean it up and notice that her Anti-virus was disabled, and a remote client was logged on the machine! Her account was setup as the guest account and she had no administrative rights. Couldn't delete anything, change system settings, etc. This guy also changed all the router login passwords and her network is unsecured. Can't log in to the router.

My GF's laptop has been infiltrated too, and she has no administrative rights. We are worried, could this nut job have turned her webcam on without her knowing? Both machines are running Vista and I can't seem to get them back into a usable state. Her mom has gone to the cops and they have a detective on the case, and the local FBI office is coming by to pick up their computers.

I'd like to know how this guy got in to their systems and changed all of these things? I know her WiFi has been unsecured for some time, so that part I know. But how he took control of their Computers is what I'd like to know. I got her a new Router with 256 bit encryption and once the case is done, I'll install that. I also called Comcast and they are switching her Cable Modem out and giving her a new IP. Were these intelligent steps to take?

 

[MightyDiomed]

It's actually a lot easier then you'd think.

Since it was an unsecured network, he simply connected...guessed at the routers default admin password and went to town. Reset your router to factory and set up the wireless with encryption and change the default password.

 

[JaYp146]

Use WPA or WPA2 and you'll be set ...

 

[Appa]

Yeah, I'm sure he just guessed at those login details. The whole "make me administrator and these other users Guests" part is what is scary.

In the mean time I bought my GF a MacBook Pro 13" to get her finished with school.

 

[jeremyshaw]

So, this nutjob that lives across the street from my GF is a former engineer that got laid off over the summer. The guy just lives by himself and stays up all night, dosn't talk to anyone and maybe comes outside once every 3 days. My GFs mom started to notice some files and crazy things on her PC that were not right. For example, files were moved around, pictures were missing, etc. She thought she just had a virus.

Well I hop on the clean it up and notice that her Anti-virus was disabled, and a remote client was logged on the machine! Her account was setup as the guest account and she had no administrative rights. Couldn't delete anything, change system settings, etc. This guy also changed all the router login passwords and her network is unsecured. Can't log in to the router.

My GF's laptop has been infiltrated too, and she has no administrative rights. We are worried, could this nut job have turned her webcam on without her knowing? Both machines are running Vista and I can't seem to get them back into a usable state. Her mom has gone to the cops and they have a detective on the case, and the local FBI office is coming by to pick up their computers.

I'd like to know how this guy got in to their systems and changed all of these things? I know her WiFi has been unsecured for some time, so that part I know. But how he took control of their Computers is what I'd like to know. I got her a new Router with 256 bit encryption and once the case is done, I'll install that. I also called Comcast and they are switching her Cable Modem out and giving her a new IP. Were these intelligent steps to take?

If any data was lost, find that neighbor, and file a police report.
It's a crime.

 

[Stereodude]

Use WPA or WPA2 and you'll be set ...

WPA has been cracked just like WEP. I would go with WPA2.

 

[Appa]

If any data was lost, find that neighbor, and file a police report.
It's a crime.

Dude you have no idea. This guy has taken ALL of their Pictures OFF her moms computer. She loaded them off her camera one night, and not even a few hours later they were gone. She has said that she watched them disappear out of the folders. Like a cut & paste.

That's why the police have her computer now and the FBI are coming to get it. They also have a Subpoena out for the IP of the inbound access, but Comcast is dragging their feet.

 

[GJSNeptune]

I hope jail isn't as lonely for him.

 

[Zlash]

In the mean time I bought my GF a MacBook Pro 13" to get her finished with school.

Like that's going to help anything if your gonna sit there behind an unprotected wifi network...lol.

 

[Appa]

Like that's going to help anything if your gonna sit there behind an unprotected wifi network...lol.

Yes I know this

What I should have said is that she is NOT using it while at home connected to a network. She turns Airport off and just does offline work. When she goes anywhere else she uses it at my home or at school.

 

[jeremyshaw]

WPA has been cracked just like WEP. I would go with WPA2.

WPA only encrypted the 'logon' process. WPA2 encrypts all the data, making it near impossible for anybody to just sniff packets and pull out a key from there.

 

[FrostBite]

Wow, I hope they nail the guy that did this. It sucks that they got hit, and the lesson learned is to secure and password.

 

[Bviper]

What actual evidence do you have against him?

Being a laid off engineer who isn't very social and stays up at night is hardly substantial evidence. She could have just as easily been hit by a wardriver.

 

[Appa]

Oh yes, I knew this was coming.

Right now we have no actual evidence against him, however the IP subpoena will tell the tale. The police have spoken to him numerous times and they agree his answers are inconsistant and bear further questioning, which will be done later.

Also, he is the only viable suspect that is in range of the network.

 

[Lightworker]

If they have a subpoena out for an IP address, the person came from outside the network, not via unsecured wifi.

Don't be so quick to pass judgement about your neighbor either...

 

[jbrukardt]

Yeah, this is all circumstantial bs. but "get the evil engineer!!!!!"

 

[knothead34]

these kinds of stories dont shock me anymore. so many people out there with an unsecure network its scary. i help people with computers on the weekends for free and this one guy just bought a wireless router and thought all the security settings were done "automatically" i just stood there and shook my head. he was gonna setup a computer to day trade with to!

 

[jbrukardt]

Also, WPA2 is just as weak as WPA.

 

[Hurdler]

Also, WPA2 is just as weak as WPA.

Any proof?
Posted via [H] Mobile Device

 

[jbrukardt]

Yeah, exact same attack can be applied with a few tweaks

http://wirelessdefence.org/Contents/coWPAtty_win32.htm

 

[InvisiBill]

Yeah, exact same attack can be applied with a few tweaks

http://wirelessdefence.org/Contents/coWPAtty_win32.htm

This is a dictionary attack. It takes a list of known values (the dictionary) and generates hashes for them, which are then compared against the hashes used on the network. If they don't have your password in their dictionary, they can't break your encryption. It's an attack against the PSK, not the actual encryption method.

It's very easy to get a dictionary file containing every word in the English language. It's much harder for them to get a randomly generated password like pe_heduk8chut36h3=ru#3+@?rap#Ra8 in their dictionary. Even dog123cat is much more difficult for a dictionary attack to find than just dog, cat, or 123. While it's possible to have a computer generate a list of every possible password combination, then use this dictionary attack to generate hashes for all those passwords, it's not very practical. Dictionary attacks work best on plain English words, possibly with slight variations, like p@ssw0rd instead of password. Picking a slightly complex password will almostly completely nullify dicitonary attacks.

And since WPA uses the SSID in the hash, attacks against your network "Mine1" won't work against your neighbor's "His2" network without being rehashed. This doesn't help against someone specifically trying to break into your network, but it means that someone can't just generate this huge list of hashes and use it against any AP they happen to find.

 

[InvisiBill]

If they have a subpoena out for an IP address, the person came from outside the network, not via unsecured wifi.

This is correct. If he actually connected to your unsecured WiFi, then he was on your LAN. There's no external IP involved here.

It may/should be possible to see the MAC addresses that connected to the router, and compare that against the suspect's computer. Obviously the router being compromised may hinder that.

 

[evilsofa]

I was going to suggest MAC filtering, but I see there's a workaround that sounds entirely within the capabilities of your hacker.

 

[Lightworker]

MAC Spoofing is cake on wireless

 

[FLECOM]

if he was lazy his mac address might still be in the routers DHCP log

 

[Appa]

Not to get too much into it, but after this was discovered I disconnected the Router that he was logging into. I was not aware that her Mom's desktop had a Wifi card in it, as well as the laptop (obviously). Somehow, the guy was still logging into the Desktop and laptop using the internal wireless adapters. The FBI agent mentioned something about installing a RAS client ?!? This is why they are subpoening the IP.

 

[Electrofreak]

They're referring to him setting up a client for remote access, so that he didn't have to access the network through the wireless, he would be able to access it through the internet.

If he was successful and initiated a remote connection from outside of the network, they could use his IP to prove his hacking into the network.

Sounds like he made a big mistake... he should have stuck to access through the WiFi... at most all they could do then is search his home for a WiFi device containing a MAC address that had been logged by the router. He might have been able to ditch the device and get away with it, but leaving a public IP trail is a bad idea. If he'd been smart he would have at least used a proxy.

 

[morpheus6d9]

/scribed

i need to know the outcome to this

 

[ben chi(f4)]

Well, granted if he was on your girlfriend's network what is comcast going to do about it? The router that he was on gave him the IP address (NAT 192.168.1.x) or whatever the number it was giving out. So, they wouldn't be able to trace it. If this guy was somewhat intelligent, he would of spoofed his MAC address.

Unless they find your girlfriend's/mom's files on his computer, there isn't much they can do.

 

[REDYOUCH]

Can't wait to hear the outcome of this story! OP, please be sure to keep us updated. I don't think anyone should rush to judgement, but this is quite the predicament!

 

[xphil3]

Wow, this is probably the funniest thread ive read in awhile. You have no shred of evidence, and [probably] wont having anything solid, that he maliciously deleted any files from the computer(s). I find it ridiculous that YOU are wasting my tax dollars on your assumption that your girlfriends neighbor hacked into her network and of all things, because she lost a few nudes! Jesus

The proof is in the pudding good sir, a VALID username owned by YOUR girlfriend or HER MOTHER deleted those files. Proving that he compromised those accounts is one of MANY hurdles that you would face in proving that your "quiet" neighbor popped your network. Simply connecting to an open WiFi network is a gray area at best, no grounds for any kind of prosecution.

If the IP address originated from your network, you're effed. Plain and simple. You can say that this particular MAC address popped this machine, but whats from his lawyer claiming that his MAC address wasn't spoofed by another attacker that hacked his network? Also, Have the "feds" seized his gear yet? What are your damages? You need to prove financial loss for any charges to actually stick.

Honestly, chalk it up to bad security practices and fix it. Move on, or I'm certain that it will end up costing YOUR girlfriends family in the long run.

 

[Electrofreak]

That was brutal!

 

[ElvisG]

You should have tried this to see. He could have spoofed his MAC but sometimes ppl get lazy.

Open the Command Prompt -> type "arp -a"

This will show all MAC addresses that has connected to your computer. Either highlight the results of arp -a and paste it to notepad or hit F5 and open paint and paste it in. Then you save it. Go around to each computers and see what their MAC is. If you have a MAC that is not one of your computers then just give that information to the cops.

 

[gimp0]

Waiting for his girlfriends pics to be posted on some site like 4chan

 

[blarg]

Yeah, I'm sure he just guessed at those login details. The whole "make me administrator and these other users Guests" part is what is scary.

In the mean time I bought my GF a MacBook Pro 13" to get her finished with school.

Ok so you have some good advice in this thread. I'm still laughing about the MacBook part though. Like everyone keeps saying Reset the router, give it a strong password / username, turn on WPA2 and fix the accounts on the home computers.

If you have to reset the passwords for the PC's you could try the ultimate boot CD for Windows if you don't know the passwords.

Most importantly return the Mac if you bought it thinking it would be more secure.

 

[Appa]

Well hello there good sir! Believe me, I've been on these forums for a looong time and I know the interweb "tough guys" tend to pop up every now and then. I had a good laugh at your post xphil3.

I do understand some "basic" networking principals but came on here for advice from the experts, some of the guys on here are amazingly talented and knowledgable about networking so I wanted to post and LEARN from the Networking Guru's on here.

If you put yourself in my GFs family situation for one second, you would quickly understand it is not a WASTE of your precious tax dollars. I am not posting ALL of the information under investigation, just trying to gather a better understanding of HOW this individual could have done what he did. So please, spare me the "tax dollar" speech.

The local FBI office has my GF's laptop, her Moms desktop (it was a Slimline HP), their router and their cable modem. Comcast has handed over the IP information also, so we will wait to hear from them this week. Also, Homeland Security is working with the local FBI Field Office and the local police department.

Wow, this is probably the funniest thread ive read in awhile. You have no shred of evidence, and [probably] wont having anything solid, that he maliciously deleted any files from the computer(s). I find it ridiculous that YOU are wasting my tax dollars on your assumption that your girlfriends neighbor hacked into her network and of all things, because she lost a few nudes! Jesus

The proof is in the pudding good sir, a VALID username owned by YOUR girlfriend or HER MOTHER deleted those files. Proving that he compromised those accounts is one of MANY hurdles that you would face in proving that your "quiet" neighbor popped your network. Simply connecting to an open WiFi network is a gray area at best, no grounds for any kind of prosecution.

If the IP address originated from your network, you're effed. Plain and simple. You can say that this particular MAC address popped this machine, but whats from his lawyer claiming that his MAC address wasn't spoofed by another attacker that hacked his network? Also, Have the "feds" seized his gear yet? What are your damages? You need to prove financial loss for any charges to actually stick.

Honestly, chalk it up to bad security practices and fix it. Move on, or I'm certain that it will end up costing YOUR girlfriends family in the long run.

 

[Appa]

Thanks blarg for the info on the Ultimate Boot CD.

Basic practice would be to do the reset, etc. But you gotta understand...that's something you and I would do but my GF's mom does not know a thing. Apparently, this had been going on for MONTHS before she realized something fishy was happening.

I work part time as an Apple Genius (I'm a teacher and work part time and summers with them) so I bought her the MacBook Pro because I got a great deal on it, and she wanted one for a long time. I also activated the Firewall and FileVault encryption for all of her files, plus it is much simpler for her to understand and secure.

Ok so you have some good advice in this thread. I'm still laughing about the MacBook part though. Like everyone keeps saying Reset the router, give it a strong password / username, turn on WPA2 and fix the accounts on the home computers.

If you have to reset the passwords for the PC's you could try the ultimate boot CD for Windows if you don't know the passwords.

Most importantly return the Mac if you bought it thinking it would be more secure.

 

[just2cool]

I'm actually with xphil3 on this one.. it is a waste of money. I find it hard to have [a lot of] sympathy, but I still have a little bit.

If she didn't know how to protect her network, she should have paid someone to. Hell, back when I had a car, I had to pay a mechanic since I didn't know how to do fix anything on my car -- it's not that embarrassing. This situation is analogous to leaving out your birth certificate, SS card, naked pics and whatever else.. on your front lawn.

I guess the moral of the story is that there are real losers out there (surprise?). Protect yourself from them; especially if you have things on your computer that you don't want them to have.

 

[xphil3]

Well hello there good sir! Believe me, I've been on these forums for a looong time and I know the interweb "tough guys" tend to pop up every now and then. I had a good laugh at your post xphil3.

Hey now, no tough guy here... just a realist. Sorry if you wanted someone to sugarcoat it for you, but as almost everyone that frequents this sub-forum knows, thats not me

some of the guys on here are amazingly talented and knowledgable about networking so I wanted to post and LEARN from the Networking Guru's on here.

And the experts are the ones in this thread telling you to suck it up, and stop wasting your time, including myself.

If you put yourself in my GFs family situation for one second, you would quickly understand it is not a WASTE of your precious tax dollars. I am not posting ALL of the information under investigation, just trying to gather a better understanding of HOW this individual could have done what he did. So please, spare me the "tax dollar" speech.

I can put myself into that situation, I can put myself into that situation from both angles infact(sub deleting personal files like a douche). What you need to understand is that any loss of personal information, without a clear representation of financial damages(vacation photos, food recipes, music perhaps) will not stand up in any legal system in our beautiful country. Also, depending on where you live, it will also make or break your pursuit of this "hacker". I read a case a few years about about open wifi attacks, the judge stated some law that its YOUR responsibility to protect your network, including any assets behind that network. Obviously I can't back any of that up because Im not going to google for it

To give you some more insight, popping a windows computer is like taking candy from a baby. There are so many different ways to attain access to filestores, the most obvious that would come to anyones mind would be a null session to said machine with a fresh copy of XP(I.E non patched). Popping the user accounts is cake too, especially with clear text wifi and passwords under 15 characters(assuming XP here), can you say LM hashing.. such an attack can be done OTA. Grab yourself a hacking exposed or ethical hacker book and check out the common exploitation techniques if you want to learn.

The local FBI office has my GF's laptop, her Moms desktop (it was a Slimline HP), their router and their cable modem. Comcast has handed over the IP information also, so we will wait to hear from them this week. Also, Homeland Security is working with the local FBI Field Office and the local police department.

See, this is what pisses me off. HS is wasting their time on this crap when they should be protecting our country from ACTUAL terrorist threats.

With all of that said, I do feel for you. You feel violated, but the answer isn't going to the authorities unless there is some SERIOUS cause(think identity theft here). Arm yourself with knowledge and secure the network properly and teach both your girlfriend and her mother internet safety(I sound like a tool, I know).

MF EDIT: Dude, you're from south jersey! Me too! Well, kind of.

 

[blarg]

Thanks blarg for the info on the Ultimate Boot CD.

Basic practice would be to do the reset, etc. But you gotta understand...that's something you and I would do but my GF's mom does not know a thing. Apparently, this had been going on for MONTHS before she realized something fishy was happening.

I work part time as an Apple Genius (I'm a teacher and work part time and summers with them) so I bought her the MacBook Pro because I got a great deal on it, and she wanted one for a long time. I also activated the Firewall and FileVault encryption for all of her files, plus it is much simpler for her to understand and secure.

No problem, I use ultimate boot cd with XP but if they have Vista you will have to check and see if it can still change the account passwords for that.

I am kinda curious, have you gone and asked the guy next door if he would just fix what he broke? I'm guessing now that cops are involved that might be a little harder. Sometimes people are like that though. I had a web server hacked once and the guy left me a text file with notes on what I did wrong with my security.