Hacked... hacked... and hacked again...

[Guest120113]

Long story short someone I know has completeley hacked my electronic devices including my wifi modem. He did it to 2 laptops and I had them both fixed... new operating systems installed and they were ok... but then... somehow... the asshole hid coding in all sorts of removable media that has infected 3 phones ( one is locked and I can't even mess with it at all.)

I am using a borrowed smartphone and a diff hotspot to change everything... passwords email acccounts etc. Is there anyone who knows how I go about filing charges on this jerk so I can replace all my infected items via rental ins? I tried the idiots at the police dept but their detectives have no clue wtf the laws are.

Uggggggh.

[royamcr]

Probably see if the local "cybercrime" division will file criminal charges. Then you can sue for damages in civil court eventually if your real monetary damages is enough to worry about?

[jframe2]

Criminally, the hard part is how you are going to prove this person actually did these deeds?

[Guest120113]

Proof I have in volumes.
Problem is the "detective" I spoke to in the specialised crimes had no ffuckin clue what law or legal avenue this fell under... and kept telling me we had to have been involved at on point romantically.

Detective dumb bitch: hand me you badge. My cat could do a better job than you and she,s 18 years old.

Ugh!

[DCGuy]

If you know they are in the USA you could try to retain a lawyer and attempt to get their identity through their Internet Service Provider.

http://www.jdsupra.com/legalnews/how...who-ste-80168/

Alternately you can file a complaint here, and if they find a pattern with other cases they might be able to pursue it. http://www.ic3.gov/default.aspx

Or you can go directly to your local FBI office and report it
http://www.justice.gov/criminal/cybe...reporting.html
http://www.fbi.gov/contact-us/field/field-offices

Doing a factory reset on your phone to wipe it clean might be a good idea - same with your local harddrive - backup your personal files and wipe it - let it get reinfected and see if they can determine who did it. Obviously explaining what kinds of communications you have on those electronic devices is a complicated!!

DC

[Guest120113]

Oh the factory restore didn't work. He got total control over my droid razr so I took the battery out essentially breaking it. I've factory restored this and my other one 3 times and no problems so far. I still have a new phone I activated today but will no longer store ANY info about clients in it... I will only put iit in a spiral like the old days. I want to protect everyone... not cause any drama so thanks to all who have been supportive. You rock!

[thehighlander]

1. Phone... Take it to Verizon or whoever is your Cell phone provider and have it wiped there.

2. If he is breaking into your wifi...You need to either.. (1) change the password or (2) replace the router...(FYI)...your IP Address is in the most part FIXED now....rarely dynamic anymore due to government regulations and ip service providers being able to log your internet activity.
(Cable modems choose a specific IP by pairing it with the type of router you use)
(DSL modems same) so changing the HARDWARE is about the only way you can do to get a new "IP" (looks like he knows your IP address somehow and has somehow hacked into it.

go to whatsmyipaddress to see ur ip address and copy it down and see if it changes after u change the hardware...if not you can call your isp provider and put in a request to have it changed.

3. I am very paranoid about using any type of removable media that is not mine..>CD someone has burned or DVDs or USB memory sticks.... can be easily loaded with viruses that can infiltrate your OS and give him a snapshot of all your activity. and with the AUTORUN feature of windows its even easier to infect a computer without the person knowing it.

4. Pressing charges...Its a gray area.. Unless your financial losses are substantial. (above 25K)..you aren't going to get any help there.

[Seedy]

And what if the hacker admits in an email he hacked your account? I would think you have them by the short hairs. Lol

[Calista_Syn]

Good luck on this, I've been dealing with extortion, blackmail, and violence threats for over 2 months.. Someone emailed me with *all* of my private info including SS numbers, even medical records for my folks, and threatened to go public.. The "Cybercrimes" guys are idiots, I figured more out on my own searching ways to get this ass hole myself than they seemed to even understand... No one will do anything because *surprise* I'm a hooker.

My response was to get life lock, I'd recommend it highly. $25 a month for a mill in coverage. They have caught 3 different credit card applications that have been made in my name without my consent thus far. I learned about using proxy servers, found out about static routers & IP addresses, completely wiped electronics and installed a fresh copy of windows, got a new laptop, got a POBox, installed encrypted motion detection cameras throughout, reinforced all the hardware on doors and windows, bought a gun and started taking my family to the range. It's terrifying how much data is out there and can be found by any Tom, Dick or Harry who wants to look. Just by looking hard at your email, phone number, whatever you've got out there now.. Unless you've been super spy level with your security from the beginning, you can be tracked, and infiltrated pretty easily.

[cyborg]

As someone who does this literally for a living I will tell you...

Unless you're pulling in 10k a month or more the feds don't give an ass rat's about someone RATing you. IC3 will politely send an automated response that they've recieved your complaint and a secretary at the local FBI office will be glad to promise you a call back sometime in the next milenia.

The sad truth is people like me run unchecked and unpunished for what we do. Like Calista says the best thing you can do is try to cover your tracks, which will deter most passerby threats capable of ruining your day. Also like she said it doesn't even take someone like me to give you the proverbial buttcam with suprisingly little leads. While all I need is an IP address and a scanner, the average Joe just needs a picture of you, email address, etc and can almost gain as much info as I could.

What I would do is focus on defense. LifeLock does kinda rock. Use mobile hotspots or get an additional internet line in your home for business and only use the wifi. Do not use your hobby PC to make online purchases or log into social media. Use multiple passwords. If you want to get really smart learn how to make a virtual machine AND proxy it up.

Silly as it also sounds, and this can be a blow to most folks' ego... but don't piss off people you don't know on the internet. Not to imply you did, but that has been a catalyst for this kind of event one time too many...

Good luck, and if you need any help feel free to message me.

[cyborg]

Quote:

Originally Posted by seedman55

And what if the hacker admits in an email he hacked your account? I would think you have them by the short hairs. Lol

I openly taunt people I attack and I will literally never see a day inside a federal prison. The new trend among hackers, phreakers, RATers etc is to be outspoken, and yet arrests have declined sharply. Just not worth to money to prosecute us anymore.

[Snausages]

Quote:

Originally Posted by cyborg

As someone who does this literally for a living I will tell you...

LifeLock does kinda rock.

Does not compute. LifeLock is a steaming pile of excrement.

[Yoyoma]

Quote:

Originally Posted by Calista_Syn

Good luck on this, I've been dealing with extortion, blackmail, and violence threats for over 2 months.. Someone emailed me with *all* of my private info including SS numbers, even medical records for my folks, and threatened to go public.. The "Cybercrimes" guys are idiots, I figured more out on my own searching ways to get this ass hole myself than they seemed to even understand... No one will do anything because *surprise* I'm a hooker.

My response was to get life lock, I'd recommend it highly. $25 a month for a mill in coverage. They have caught 3 different credit card applications that have been made in my name without my consent thus far. I learned about using proxy servers, found out about static routers & IP addresses, completely wiped electronics and installed a fresh copy of windows, got a new laptop, got a POBox, installed encrypted motion detection cameras throughout, reinforced all the hardware on doors and windows, bought a gun and started taking my family to the range. It's terrifying how much data is out there and can be found by any Tom, Dick or Harry who wants to look. Just by looking hard at your email, phone number, whatever you've got out there now.. Unless you've been super spy level with your security from the beginning, you can be tracked, and infiltrated pretty easily.

Impressive. The rule of the day is that if someone wants to get your info and have enough time / resources to throw at it, they'll get it. What you've done is make it more difficult for the "bad guy" to win. I would encourage you to take it one step further and utilize a virtual environment (i.e. VMware) or at a minimum encrypt your hard drive. Nevertheless a job well done in addressing the issue.

[Guest120113]

pSSSSSFT i'M OVER THIS GUY... he was never after anything worth a shit, none of my banking account info or anything viable was touched, and I damn sure am not turning my harddrive over to the feds, so, he can just have at whatever strings he has left to toy with, blah blah, I'm on to bigger and better things. Muah everyone have a kick ass holiday!

[jake_11]

Quote:

Originally Posted by Ginger Lovelace

pSSSSSFT i'M OVER THIS GUY... he was never after anything worth a shit, none of my banking account info or anything viable was touched, and I damn sure am not turning my harddrive over to the feds, so, he can just have at whatever strings he has left to toy with, blah blah, I'm on to bigger and better things. Muah everyone have a kick ass holiday!

Glad to hear that your financial information wasn't impacted.
For future, might I make some recommendations/observations?

1. On a desktop/laptop, there is really no foolproof way to completely safeguard your data. However, you can reduce the risk by
   • Use a long password for logging onto your computer (15 characters or more). Yes, there is a reason for the '15' character recommendations - rainbow tables to crack passwords are freely available, and after 15 characters, they take a significantly longer time to crack the password - at least for now.
   • Encrypt your hard drive (not just the individual files) - the higher end windows OS (Pro/enterprise) include Bitlocker encryption - for others, look at truecrypt or other similar reputable encryption software
   • Disable autoplay on your computer (assuming windows)
   • Assuming you are not using Win XP (or earlier), increase UAC (user account control) to the maximum. Yes, you will get some annoying prompts/alerts when you try to make changes to some settings, or when you try to install programs, but it is much safer. The odds of your computer getting infected by a drive-by download (when you just visit a website) are minimal - because the computer will prompt you every time a system change is being made.
   • Have an up-to-date antivirus/firewall on your computer. I use Norton Internet security (current version), but Microsoft security essentials is supposed to be equally good, and it is free!
2. On your tablet/smartphone, install apps only from the approved play store (google play store or Amazon appstore for Android - or the apple store for iOS devices) - and even then, install apps that have a lot of good reviews (in other words, don't install an app that was just released, and has 1000 or so reviews. Personally, if an app has under 50000 reviews, I usually will skip it.
   
3. On rooted android devices, there is tracking software (cerberus for example) that can be installed that won't be removed even if you do a factory reset, or flash a new ROM. So, if you root, please know what you are doing.
   
4. For your router, make sure you have a strong password (again, 15 characters or more), and if you use wifi on your router, make sure it is at least WPA2 encrypted. (WEP is far too easy to crack)
   
5. Whenever possible, avoid using your mobile device on public wifi. You don't know who owns the router, and who else is on the network. There are a LOT of things that a person can do when they are on the same Local network as you.
   
6. In general, for your other passwords, don't use the same/similar password for all sites. Use complex (and distinct) passwords for every site that you care about. Yes, it is hard to keep track of passwords this way, but you can use keepass or lastpass or other similar reputable password managers.
   Personally, I don't entrust my bank passwords to any of these password manager programs, but I do use the password manager for other sites.
   
7. For your Emails, wherever/whenever possible, enable two-factor authentication. I know that gmail and hotmail/outlook support that. It basically will require you to enter your password, and a key that changes very often to be able to access your Email account. For example, for gmail and hotmail, there is an authenticator app available for your smartphone that will generate a 6 digit code for you - and that code changes every 10 seconds. The idea is that even if somebody gets your password, they still can't get into your Email without this code (and vice versa). You can usually get this code by SMS also (if you don't have a smartphone). You can also generate a permanent password for your computer, so that it doesn't require this 6 digit code everytime to log in.
   
   

You may think this is overkill, and for some folks, it may really be overkill. But after working in the IT security field, I feel that these steps are fairly easy to implement, and offer a reasonably good level of security, when used along with common sense.

Disclaimer 1: It is almost impossible to be 100% unhackable. All we can do is try to make it harder for somebody to hack us. Hopefully, the hacker finds other easier targets and moves on.

Disclaimer 2: If somebody gains unsupervised physical access to your computer(laptop/desktop) or tablet or smartphone, assume that they can (eventually) get into your computer.