Security concerns (remote access) while I'm in a fullscreen activity like a game or a movie

InaDaise

Weaksauce
Joined
Dec 13, 2016
Messages
80
I'll get right to the question before I go on to explaining why I'm asking it and my story leading up to it. So while I'm in a fullscreen program and if someone succeeds in hacking using remote access into my pc and opens a program like email or my online bank account will I be automatically alerted to it by the hacked program popping up in a window in front of my game or movie?

I think a shorter version may help: When I'm in a fullscreen game and someone with remote access takes over another program will that program pop up in front so I'll notice it? And I realize there are many other warning systems I can learn about and use in case it happens like alert programs and so on.

I'm worried about long hours in fullscreen gaming and movies, if someone gets in with remote access. I realize most hacking into bank accounts and email is probably done by hackers in non remote access methods after they get passwords from malware installed days earlier. If that happens I think I can cover myself because I login and check my bank accounts and brokerage accounts every day so I can stop stock trades done by hackers a day before the stock transaction clears.

No it hasn't happened yet but just in case I check every day. If they transfer money by hacking a savings account then I probably stand a good chance of getting the money refunded by the bank if I notify them in less than 24 hours which is possible by checking bank balances once a day every day.

So hackers using remote access may try it possibly to make it look like I took the money out legally and not them. Although that may be a unlikely way for hackers to operate I want to know if I can keep watching movies and playing games in fullscreen, or not in fullscreen for that matter, without agonizing over the security issues.

edit: I have Norton security and an ATT Uverse router/modem, never use wifi, everything is wired on my 2 pc systems, although the wifi works if I were to use it.
 

Grebuloner

Gawd
Joined
Jul 31, 2009
Messages
898
First off, do you have reason to believe you're being targeted? If not, I think you're blowing this a bit out of proportion. Untargeted attacks like what you're describing aren't very profitable and pretty rare because it depends on you using online banking and having the info and password easily accessible on your machine and they have to try the same thing with lots of people just to find one or two. It's far more lucrative for hackers to go straight to the institutions and get their bulk data (this is the "X millions of personal records leaked" stuff you hear on the news). Enabling 2 factor authentication on your accounts is a great way to stop these things in their tracks, because even with the password, they can't log in if they aren't holding your phone (and no, it's not perfect, but nothing is).

With remote access hacks, if it is using the built in and active remote protocols you might have installed (RDP? VNC? SSH?), they will literally be seeing your desktop as it is, with the game, so if they want to poke around, you'll see everything. If you don't use these, just make sure Remote Desktop is disabled in Windows (you can block the ports, too), and you likely don't have anything else installed, anyway.

To go beyond that and have silent computer access, they will need to have installed some kind of program on your computer, which requires either physical access, or you falling for a phishing "download this" scam. It sounds like you're worried enough that this isn't something you would do. Not to mention, Norton is pretty good at detecting stealth installs and things doing what they shouldn't. They still won't be able to load programs without causing something on your screen to make you notice. They could for instance create a new virtual monitor, but enabling that will mess with your fullscreen in a noticeable way.

If you really want to up your network security from the outside, consider buying a dedicated security appliance or add a better router between your Uverse POS and your network. Sophos, or Ubiquiti USG are great places to start looking, and if you want to spend more, custom router OSes like pfSense are also tweakable to keep lots of unwanted connections and drive-by attempts away (this is what I use).

Also oblig, I'm not an expert, so I hope others will chime in with more options and things.
 

SamirD

2[H]4U
Joined
Mar 22, 2015
Messages
3,852
Okay so let's talk about attack vectors. If your PC isn't connected to the Internet while gaming, it cannot be subject to an attack. However, if it is already compromised the baddies are smart enough to wait on sending their payload until access is restored.

As far as banks and online banking. The attack vector is having online access enabled. If you eliminate this, they can't attack your account except via going to the bank or some way where they have to talk to someone and 'social engineer' a way to get that info--a much tougher attack vector. If you look at the increasing number of banking attacks, you'll also see that they coincide with the rise in online banking. Coincidence? Hell no! And on top of that banks are reducing their checks for fraudulent activity such as invalid check signatures, etc. Online banking risks far outweight the rewards imo.

One of the way to operate securely is to separate important things from leisure activities. Like booing up a live cd like TENS that is built for security when doing any secure transactions and keeping those important things away from all the windows malware. Or even better is to completely forgo online access of things that are very important and locking out all the ways a baddie could 'social engineer' their way into having access.

For entertainment, there are the tablets and other toys that fit the bill and give you the separation that's necessary to divide the access to the important data. If a tablet that's exclusively used for viewing movies and social timewasting is compromised, who cares? Wipe it and reset it or worse case throw it away and get another one. Your important data is safe because of the lack of an attack vector.

Keeping important files not on a computer, but a nas or a file server that has NO internet access helps create another barrier to entry since they can only access the data via another device that they have to compromise. Create hoops for those motherf*(&% to jump through.

Don't open ports on your router and keep upnp OFF--upnp is very damn dangerous because anything can use that to open ports on your router without your knowledge. You wouldn't give the keys to your front door to just anyone to open and allow anyone in your house, right? Why give your router that ability?

Use physical network separation to keep stuff separated. If you have a work machine, literally put it on its own network separate from your own. You may have to do some creative routing or set up a double nat for the isolation, but F it, this is security and you want to make it tough for the baddies.

That's all off the top of my head. Oh, and never buy anything directly from china or those f*^&*^* shady sites or anything foreign. Just keep your traffic domestic. Yes, things are all made overseas but there is a benefit to having them properly imported and restricted and then sold. I have no idea why we have this stupid policy where every f(*&*(& shady motehrf(&(* in the world has access to mail, email, and call every US citizen with their scams. We don't unrestricted access physically through our borders, so wtf do allow virtual and mail to be unrestricted? It's f$%$ retarded and is a pita for those of us that have to deal with what are essentially third world scams (seriously, I've seen this same sh** when I have visited those places) here in the first world. The first world shouldn't haven't these problems because we can outlaw them and put restrictions in place.

Sorry for the rant, but I spend a lot of time time keeping an eye on the assholes on the other side of the world and their tactics. NO ONE is safe as long as Internet traffic is unrestricted to those places. It's time to build the US firewall and shut down the f$%$ chinese, russian, et al packets that have no business hitting everyone's routers.
 

Grebuloner

Gawd
Joined
Jul 31, 2009
Messages
898
That's quite the nuclear option, there, SamirD! But no doubt it would be effective. InaDaise, there are lots of people on here that can help you out with getting the routers set up like that if you aren't sure or want to try something new.

I'll leave some of that last part for the Soapbox (where I shall not tread), but some routers do make it easy to block countries. I have all of China and all but a couple trusted IPs in Russia blocked at my router, among others. Hasn't had a negative impact on my internet at all.
 

SamirD

2[H]4U
Joined
Mar 22, 2015
Messages
3,852
That's quite the nuclear option, there, SamirD! But no doubt it would be effective. InaDaise, there are lots of people on here that can help you out with getting the routers set up like that if you aren't sure or want to try something new.

I'll leave some of that last part for the Soapbox (where I shall not tread), but some routers do make it easy to block countries. I have all of China and all but a couple trusted IPs in Russia blocked at my router, among others. Hasn't had a negative impact on my internet at all.
Yep, it is a bit extreme, but we never had problems like his on dial up back in the day because the routes around the world were still slow and not weaponized. It's only with the connectivity that the problems started...which brings up the topic of geoblocking. Yes, quite a few routers can do this, and actually I keep forgetting to ask the various isps I work with if this is an option at the isp level (imo it should be). I know our business accounts that are at retail locations have no need to reach outside of the US for their communications (even though they communicate over a vpn tunnel anyways).

If you have a router with some advanced features or are using something like pfsense, you can simply drop in a block list by this site that will generate block list based on your country selections:
https://www.countryipblocks.net/acl.php

I think geoblocking would solve 99% of the problems, but it really needs to be at the country level for it to be effective. Any traffic inbound to the US would need special whitelisting or it would be dropped. Billions of dollars would be saved that way--so why isn't it implemented? Answer: political crap--same crap they throw around in the third world to prevent good stuff from happening there too.
 

InaDaise

Weaksauce
Joined
Dec 13, 2016
Messages
80
As far as targeting against me my concerns are generally about moving partially away from online banking and towards bank accounts with the net blocked because I've always viewed it as being safer which is a subject mentioned in one of the replies. So I'd have to go in person to withdraw. But only for one bank, the other bank would continue online. And some great day I hope to have enough in the internet blocked bank so even if I lost some money to theft in the internet bank it would not affect me very much.

I realize not everyone agrees that in person banking is safer than online. They point to security minded sites like ETrade with the random password generator app they have for logging in. Some think it's easier to fake ID cards and rip off a bank in person because a teller may not be as attentive as he or she should be. I can't accept that theory yet. I hope that doesn't happen very often because I intend to have at least one internet blocked bank.

For some of the other replies in no particular order I just checked my remote access in Win 10 Home and it was already turned off. Also for a few years I've had 2 factor auth with my smart phone with the banks and the emails associated with them. A tablet may be too small for me for watching movies but something to consider as far as security. And I don't have passwords or usernames stored on my PCs, they're all hand written. So no password managers for me.
 

scrappymouse

Limp Gawd
Joined
Mar 18, 2016
Messages
149
if you're infected, say with a meterpreter shell, you won't see any activity on your screen anyway. If all hacker activity was shown on screen when you were hacked do you really think the average time to discover an attack in an organization hunting for them would be 18 months?
 

Blackjack

[H]ard|Gawd
Joined
Oct 29, 2007
Messages
1,327
As far as targeting against me my concerns are generally about moving partially away from online banking and towards bank accounts with the net blocked because I've always viewed it as being safer which is a subject mentioned in one of the replies. So I'd have to go in person to withdraw. But only for one bank, the other bank would continue online. And some great day I hope to have enough in the internet blocked bank so even if I lost some money to theft in the internet bank it would not affect me very much.

I realize not everyone agrees that in person banking is safer than online. They point to security minded sites like ETrade with the random password generator app they have for logging in. Some think it's easier to fake ID cards and rip off a bank in person because a teller may not be as attentive as he or she should be. I can't accept that theory yet. I hope that doesn't happen very often because I intend to have at least one internet blocked bank.

For some of the other replies in no particular order I just checked my remote access in Win 10 Home and it was already turned off. Also for a few years I've had 2 factor auth with my smart phone with the banks and the emails associated with them. A tablet may be too small for me for watching movies but something to consider as far as security. And I don't have passwords or usernames stored on my PCs, they're all hand written. So no password managers for me.

Think about it this way. Who is the bigger target, you or the bank?

Individuals, unless there is a specific reason to be targeted, are generally subject to opportunistic attacks like phishing rather than targeted campaigns specifically against them.

So is in-person banking really a good mitigating control? Banks spend quite a bit more money on security, but ultimately they have a lot more people specifically targeting them (including nation state and organized crime-level actors who don't care about you specifically) and your money is still at risk should the bank be hit with something major. Can't go to a local branch and pull out money if their systems were hit with Ransomware as an example.

Be on the lookout for phishing messages, enable 2 factor auth, make sure you use unique and complicated passwords and know where they are being entered/stored, stay away from shady websites and you'll be fine.

or usernames stored on my PCs, they're all hand written

Its interesting that you are concerned with remote access but unconcerned with someone breaking into your house and stealing the passwords.
 
Last edited:

Blackjack

[H]ard|Gawd
Joined
Oct 29, 2007
Messages
1,327
It's only with the connectivity that the problems started.

Ever heard of war dialing? This really isn't new. Sure, connectivity makes it easier and increases attack surfaces but attackers are STILL using dial-up modems to attack/backdoor networks. Mostly because some companies decide its a good idea to keep it as a back-up access method.

which brings up the topic of geoblocking. Yes, quite a few routers can do this, and actually I keep forgetting to ask the various isps I work with if this is an option at the isp level (imo it should be)

Don't bother, most attackers who you have to worry about aren't coming from their country of origin anyway. Most attacks I've seen and responded to started with a compromised, US-based e-mail address (usually gmail or o365). Or comes from an IP address in a country that isn't specifically associated with hacking.

Billions of dollars would be saved that way--so why isn't it implemented?

Because it would cost trillions, be an unadulterated nightmare to manage, and wouldn't be effective.
 

tool_462

Weaksauce
Joined
Oct 14, 2008
Messages
115
As an investigator (and instructor) of such things, I have never seen a true remote access attack for a financial crime. I'm sure it has happened but that's not a very good "bang for your buck" attack vector for bad guys.

I've seen many spam callers who convince individuals that they need to fix their computer and walk the target through installing TeamViewer so they can later log in and transfer funds but it sounds like you wouldn't fall for that trick.
 
Top