I was hacked!!!

Punkrulz

Somewhat eXPerienced
Joined
24 Dec 2001
Messages
790
I was hacked, in a sense. Apparently when I got home from work today, the very first thing I notice when turning on my monitor is that there is a new useraccount on the login screen: "IUSER". The person probably created the account to try and convince me that it's a Windows System account and that it's fine to keep there.

After logging into my machine, the second thing I notice right off the back is that my nicely organized icons are now all merged to the left hand corner of my screen... this is usually induced by a login of Remote Desktop Connect, and the host screen resolution is lower than the resolution the host is connected to. So right off the back I'm checking my logs.

There are a whole bunch of instances where the tlntsvr - Telnet Service is started and stopped successfully. There are even more logs, that state that there is a pending document deletion on 6MP HP Laserjet - Back on user (MGUEST), as well as (JASON)... What's funny? That printer name [as well as the other failed attempts' printer names] are the names of the printers at my old job, at the internet company. MGUEST and JASON: Two old co-workers, one still works there, other doesn't.

The other kick in the butt? There is an error about printing documents from the domain controller address for the DC at the internet company... I've got cold hard proof that the attack was done at my previous job. Now, I think that it may be possible for there to be an old login on an old machine that I used in the past that they may have gotten it... but 1) I don't think I've ever saved my password, and 2) I could swear both machines I've ever used there were formatted...

So in any case...

1) Is there any way of tracking the exact IP address, so I can help my old manager determine who it was [easier than how he's going to do it, computer to computer checking logs and ****]

2) Funny thing is they are now calling me to hire me back... but they are completely unrelated, just a coincidence... is there any way I can press charges? Sue, perhaps? I mean, while they may have had an easy way to get in, it was still wrong of them to enter my computer... sort of like entering a house with the door unlocked, it's still illegal...

Little help guys? :(
 
sucks man. my opinion would be to contact the authoritys.. but dont expect to get too far... your best bet is using the old boss to find who did it.. maybe at least the can get fired.
 
That's what I'm trying to do, but I'm trying to find some way of getting a log that shows that, hey, this external IP address connected to your computer through remote desktop... any ideas? I'm pushing to get him fired.
 
1). If your machine doesn't have a log of the incoming IP (and if the hacker had any brains he would erase the log before leaving) stored then you won't be able to get any information from the ISPs, etc.

2). They will laugh you out of the police station. If there had been substantial loss of money that could be documented you might get somebody interested.

Advice - they shouldn't have been able to get in.
Put up a good firewall and use secure passwords (numbers, letters and punctuation), change the password every couple of weeks and any time you change jobs etc. If using wireless make sure it is WEP secured.

You've just had the equivalent of leaving your keys in the car and having a neighborhood kid grab it for a joy ride. Your lucky he didn't trash it. Learn from the expereince.
 
Well I at least have proof that it came from my old place of business, and an old manager [unless it was him lol] on my side researching this. He assured me that the employee who performed these actions will be terminated.

What if I didn't have an open account though? What if he did somehow get my password through illegal means? I don't care that I didn't lose any data, this is still BS that someone can get away with that. *Sighs*
 
welcolm to cyber space. :) there are not sufficant means to deal with this yet and sadly wont be for a while. as leejend said being on the offense is what will save you in the future. (i.e firewall) btw did you have the latest updates for xp? and did you have service pack 2 installed with the firewall turned on?
 
I forgot to mention. Make damn sure he didn't leave a trojan behind. He could be data mining you for passwords and credit card info.

Spyware scan, update AV and run it. You might even try a temporary install of another AV to make sure (anything but Norton).

Use a firewall to detect outgoing traffic and it will pop up and notify you when an installed program tries to transmit to the web. You might even be able to find the ip on the other end this way.

If he's dumb enough to come back after he has been detected, and you are brave (foolish?) enough to leave you're machine vulnerable there are tools (hacktracer, etc.) available.
 
id advise though not to take any steps if you find a ip (unlikely) to do anything his way.. rule of thumb dont piss someone off one that end as if they know what they are doing they could allways wage a small war on you.
 
well heres my two cents, turn the damn computer off when you go to work, what do you need it on for anyway??

Its simple but effective.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back