• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

I was hacked!!!

Punkrulz

Somewhat eXPerienced
#1
I was hacked, in a sense. Apparently when I got home from work today, the very first thing I notice when turning on my monitor is that there is a new useraccount on the login screen: "IUSER". The person probably created the account to try and convince me that it's a Windows System account and that it's fine to keep there.

After logging into my machine, the second thing I notice right off the back is that my nicely organized icons are now all merged to the left hand corner of my screen... this is usually induced by a login of Remote Desktop Connect, and the host screen resolution is lower than the resolution the host is connected to. So right off the back I'm checking my logs.

There are a whole bunch of instances where the tlntsvr - Telnet Service is started and stopped successfully. There are even more logs, that state that there is a pending document deletion on 6MP HP Laserjet - Back on user (MGUEST), as well as (JASON)... What's funny? That printer name [as well as the other failed attempts' printer names] are the names of the printers at my old job, at the internet company. MGUEST and JASON: Two old co-workers, one still works there, other doesn't.

The other kick in the butt? There is an error about printing documents from the domain controller address for the DC at the internet company... I've got cold hard proof that the attack was done at my previous job. Now, I think that it may be possible for there to be an old login on an old machine that I used in the past that they may have gotten it... but 1) I don't think I've ever saved my password, and 2) I could swear both machines I've ever used there were formatted...

So in any case...

1) Is there any way of tracking the exact IP address, so I can help my old manager determine who it was [easier than how he's going to do it, computer to computer checking logs and ****]

2) Funny thing is they are now calling me to hire me back... but they are completely unrelated, just a coincidence... is there any way I can press charges? Sue, perhaps? I mean, while they may have had an easy way to get in, it was still wrong of them to enter my computer... sort of like entering a house with the door unlocked, it's still illegal...

Little help guys? :(
 

VenomXt

Blame me for the RAZR's
#2
sucks man. my opinion would be to contact the authoritys.. but dont expect to get too far... your best bet is using the old boss to find who did it.. maybe at least the can get fired.
 

Punkrulz

Somewhat eXPerienced
#3
That's what I'm trying to do, but I'm trying to find some way of getting a log that shows that, hey, this external IP address connected to your computer through remote desktop... any ideas? I'm pushing to get him fired.
 
#4
1). If your machine doesn't have a log of the incoming IP (and if the hacker had any brains he would erase the log before leaving) stored then you won't be able to get any information from the ISPs, etc.

2). They will laugh you out of the police station. If there had been substantial loss of money that could be documented you might get somebody interested.

Advice - they shouldn't have been able to get in.
Put up a good firewall and use secure passwords (numbers, letters and punctuation), change the password every couple of weeks and any time you change jobs etc. If using wireless make sure it is WEP secured.

You've just had the equivalent of leaving your keys in the car and having a neighborhood kid grab it for a joy ride. Your lucky he didn't trash it. Learn from the expereince.
 

Punkrulz

Somewhat eXPerienced
#6
Well I at least have proof that it came from my old place of business, and an old manager [unless it was him lol] on my side researching this. He assured me that the employee who performed these actions will be terminated.

What if I didn't have an open account though? What if he did somehow get my password through illegal means? I don't care that I didn't lose any data, this is still BS that someone can get away with that. *Sighs*
 

VenomXt

Blame me for the RAZR's
#7
welcolm to cyber space. :) there are not sufficant means to deal with this yet and sadly wont be for a while. as leejend said being on the offense is what will save you in the future. (i.e firewall) btw did you have the latest updates for xp? and did you have service pack 2 installed with the firewall turned on?
 
#8
I forgot to mention. Make damn sure he didn't leave a trojan behind. He could be data mining you for passwords and credit card info.

Spyware scan, update AV and run it. You might even try a temporary install of another AV to make sure (anything but Norton).

Use a firewall to detect outgoing traffic and it will pop up and notify you when an installed program tries to transmit to the web. You might even be able to find the ip on the other end this way.

If he's dumb enough to come back after he has been detected, and you are brave (foolish?) enough to leave you're machine vulnerable there are tools (hacktracer, etc.) available.
 

VenomXt

Blame me for the RAZR's
#9
id advise though not to take any steps if you find a ip (unlikely) to do anything his way.. rule of thumb dont piss someone off one that end as if they know what they are doing they could allways wage a small war on you.
 

lancer

There is no answer!
Political User
#10
well heres my two cents, turn the damn computer off when you go to work, what do you need it on for anyway??

Its simple but effective.
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,016
Latest member
ernestrojasn