I was hacked!!!

Discussion in 'Windows Desktop Systems' started by Punkrulz, Oct 8, 2004.

  1. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    I was hacked, in a sense. Apparently when I got home from work today, the very first thing I notice when turning on my monitor is that there is a new useraccount on the login screen: "IUSER". The person probably created the account to try and convince me that it's a Windows System account and that it's fine to keep there.

    After logging into my machine, the second thing I notice right off the back is that my nicely organized icons are now all merged to the left hand corner of my screen... this is usually induced by a login of Remote Desktop Connect, and the host screen resolution is lower than the resolution the host is connected to. So right off the back I'm checking my logs.

    There are a whole bunch of instances where the tlntsvr - Telnet Service is started and stopped successfully. There are even more logs, that state that there is a pending document deletion on 6MP HP Laserjet - Back on user (MGUEST), as well as (JASON)... What's funny? That printer name [as well as the other failed attempts' printer names] are the names of the printers at my old job, at the internet company. MGUEST and JASON: Two old co-workers, one still works there, other doesn't.

    The other kick in the butt? There is an error about printing documents from the domain controller address for the DC at the internet company... I've got cold hard proof that the attack was done at my previous job. Now, I think that it may be possible for there to be an old login on an old machine that I used in the past that they may have gotten it... but 1) I don't think I've ever saved my password, and 2) I could swear both machines I've ever used there were formatted...

    So in any case...

    1) Is there any way of tracking the exact IP address, so I can help my old manager determine who it was [easier than how he's going to do it, computer to computer checking logs and ****]

    2) Funny thing is they are now calling me to hire me back... but they are completely unrelated, just a coincidence... is there any way I can press charges? Sue, perhaps? I mean, while they may have had an easy way to get in, it was still wrong of them to enter my computer... sort of like entering a house with the door unlocked, it's still illegal...

    Little help guys? :(
     
  2. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    sucks man. my opinion would be to contact the authoritys.. but dont expect to get too far... your best bet is using the old boss to find who did it.. maybe at least the can get fired.
     
  3. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    That's what I'm trying to do, but I'm trying to find some way of getting a log that shows that, hey, this external IP address connected to your computer through remote desktop... any ideas? I'm pushing to get him fired.
     
  4. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    1). If your machine doesn't have a log of the incoming IP (and if the hacker had any brains he would erase the log before leaving) stored then you won't be able to get any information from the ISPs, etc.

    2). They will laugh you out of the police station. If there had been substantial loss of money that could be documented you might get somebody interested.

    Advice - they shouldn't have been able to get in.
    Put up a good firewall and use secure passwords (numbers, letters and punctuation), change the password every couple of weeks and any time you change jobs etc. If using wireless make sure it is WEP secured.

    You've just had the equivalent of leaving your keys in the car and having a neighborhood kid grab it for a joy ride. Your lucky he didn't trash it. Learn from the expereince.
     
  5. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    very well said leejend.
     
  6. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    Well I at least have proof that it came from my old place of business, and an old manager [unless it was him lol] on my side researching this. He assured me that the employee who performed these actions will be terminated.

    What if I didn't have an open account though? What if he did somehow get my password through illegal means? I don't care that I didn't lose any data, this is still BS that someone can get away with that. *Sighs*
     
  7. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    welcolm to cyber space. :) there are not sufficant means to deal with this yet and sadly wont be for a while. as leejend said being on the offense is what will save you in the future. (i.e firewall) btw did you have the latest updates for xp? and did you have service pack 2 installed with the firewall turned on?
     
  8. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    I forgot to mention. Make damn sure he didn't leave a trojan behind. He could be data mining you for passwords and credit card info.

    Spyware scan, update AV and run it. You might even try a temporary install of another AV to make sure (anything but Norton).

    Use a firewall to detect outgoing traffic and it will pop up and notify you when an installed program tries to transmit to the web. You might even be able to find the ip on the other end this way.

    If he's dumb enough to come back after he has been detected, and you are brave (foolish?) enough to leave you're machine vulnerable there are tools (hacktracer, etc.) available.
     
  9. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    id advise though not to take any steps if you find a ip (unlikely) to do anything his way.. rule of thumb dont piss someone off one that end as if they know what they are doing they could allways wage a small war on you.
     
  10. lancer

    lancer There is no answer! Political User Folding Team

    Messages:
    3,093
    Location:
    FL, USA
    well heres my two cents, turn the damn computer off when you go to work, what do you need it on for anyway??

    Its simple but effective.