Computer Hacked?

Discussion in 'Mac Basics and Help' started by ncc1701d, Jan 7, 2011.

  1. ncc1701d macrumors 6502

    Joined:
    Mar 30, 2008
    #1
    My brother believes his computer has been hacked and is going to all lengths to find out how. He believes this is the case as someone seems to have access to his emails. Even when he changes emails, his account settings, passwords etc, they still seem to know what has been written.

    I'm not asking how to hack (before anyone asks), but to know how to detect if it is happening.

    He has heard of places to take the computer for analysis. I think he's over reacting. But, he's convinced. Any help appreciated.
     
  2. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #2
    More details would be helpful.

    What kind of computer is it? Windows or OS/X?
    What kind of Internet/Network connection does he have? Wired or Wireless?
    If wireless, what type of security is he using, WEP, WPA, or WPA2 or none?
    What kind of password is it, weak, strong, character length?
    What are some examples of things that makes him suspicious of being compromised?
     
  3. MacTribe macrumors member

    MacTribe

    Joined:
    Dec 26, 2010
    Location:
    London
    #3
    Install a piece of software called little snitch which would tell you what is going on with your connections, and you can choose to block, allow etc.
     
  4. ncc1701d thread starter macrumors 6502

    Joined:
    Mar 30, 2008
    #4
    I've sent these to him, but he's a bit slow to respond. But, if I was to guess it would be:

    Thanks, I've passed this on to him, thanks for that!
     
  5. SandboxGeneral, Jan 8, 2011
    Last edited: Jan 8, 2011

    SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #5
    Well first off he needs to ensure he is using wireless security; either WPA or WPA2. But don't use WEP as it can be cracked in less than 60 seconds (<<MP3 link). Next he must secure that wireless network with a >>strong password<<. Routers can handle up to 63 character passwords and I recommend using all 63 characters. Use the link I provided above to get a pseudo random password with maximum entropy. I would also recommend changing the routers admin password as well.

    For the purpose of all this and given the situation, I would suggest connecting the MacBook to the router with a LAN cable and turning off the wireless card on the laptop just to be sure no one is sniffing the packets wirelessly. Because it sounds like he is the victim of a man in the middle attack (<<MP3 link). Someone who has gained access to his wireless network and is using a packet sniffer intercepting all the unencrypted traffic flowing across. Another thing he should do is when browsing the web where he enters usernames, passwords or any other sensitive data or even emails, make sure the site is using HTTPS and not HTTP. The 'S' is a different protocol and uses a different port for sending web traffic and it is encrypted. So that anyone using a packet sniffer can still intercept the traffic, but will be unable to read it. The HTTP protocol transmits data in clear text so any time you enter a username and password on a site where it starts with the HTTP, that username and password will be broadcast to the whole world so they can see it.

    I don't know if Hotmail uses HTTPS (SSL) by default or not, but if it doesn't have him try manually typing in the address https://www.hotmail.com and see if it works. I'll bet it does. Also check the settings within Hotmail to see if it has the option to use SSL by default and enable it if it's available. Some web-based email providers do not encrypt their connections by default but do have a security certificate so that you can connect securely if you want to. GMail didn't used to use HTTPS by default, but last year or the year before they enabled it to be on by default. Prior to that you could turn it on in your user settings.

    Once the passwords and encryption protocol (WPA2) are changed, then he can go ahead and use the wireless network again, unplugging the LAN cable. Then I would change my other online passwords again like Hotmail and any other that he suspects is compromised using a strong password. I would recommend using the same password generator I linked to above, but grabbing maybe the first 10 characters or more if he wants. I use >>Lastpass<< to manage my passwords and even generate some too. It's secure and it helps remember some of those really long random passwords that you just cannot memorize. It integrates with your web browser and is cross platform (multiple browsers and OS's with one account).

    There is a very slim possibility that if what is going on as I describe above, that the attacker is also cracking the SSL protocol (HTTPS). SSL has been bullet proof since it's inception until last year when a proof-of-concept attack on SSL was successful (<< MP3 link). I think it's unlikely but not out of the realm of possibility. Additionally, I don't know of any rootkit attacks (<<MP3 link) on OS/X but on Windows, rootkits that are malicious that get onto a Windows machine are capable of compromising a system in such a way that they are undetectable to any anti-virus, or anti-malware programs. If one suspects they have a malicious rootkit on their system the only way to get rid of it is a full format of the HDD and reinstall of the OS.

    Also, I attached two images, the first one showing an unsecured login to another site of mine (I blacked out my password because it was in clear text but you can still see my username) using only the HTTP address. The second image is the same site, same login except I added the S making it HTTPS and thus changing the protocol to encrypted. As you can see, or actually not see my username and password. I sniffed those packets off my own wireless network using a packet sniffer, freely available for download on the Internet.

    I hope this information is helpful and that he and anyone else reading this employs some or all of these measures to protect themselves online.
     

    Attached Files:

  6. ncc1701d thread starter macrumors 6502

    Joined:
    Mar 30, 2008
    #6
    Thank you SandboxGeneral! This is all excellent. I will send this link to him and he can read through it directly. Hell - I will probably start doing this better protection myself!
     
  7. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #7
    Also, the Little Snitch program the other person linked to is a good tool to use as well.
     
  8. TEG macrumors 604

    TEG

    Joined:
    Jan 21, 2002
    Location:
    Langley, Washington
    #8
    This is why you ALWAYS wipe a computer when you receive it, even from the manufacturer, or the instant you suspect it has been compromised. You can never trust what is going on. You will likely find that VNC or Remote Desktop is enabled, giving someone access. If you really are concerned, contact the local police. In many jurisdictions, even if you don't secure a wireless network, people are not allowed to use it without your permission, and any unauthorized packet sniffing is considered illegal wiretapping, and subject to criminal prosecution.

    TEG
     
  9. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #9
    Another thing I forgot to mention is that he should make sure the router he uses has the latest firmware on it.
     

Share This Page