Hacking Problem

D

dn5396

New Member
Joined
Feb 9, 2016
Messages
1
Reaction score
0
Hi. I have reason to believe hackers have been intercepting data sent over my internet line which is with Telkom.

My ISP is Afrihost. The hackers in question have been "sniffing" my search history and cookies and using it for nefarious means. This has been going on since 2015. Last year I had my credit card details replicated. Whenever I register on a new forum they create fake profiles specifically to harrass me. The harrassment mostly involves posting or mentioning whatever I have just searched recently. They do it to amuse themselves (only reason I can think of).

I have already changed my modem settings (did a hard reset, changed the SSID, network security key, etc), registered for new connectivity packages with Afrihost (set the passwords as long as the password range allowed), scanned for malware and keyloggers on my laptops, used Wireshark to detect any suspicious packet sending, but the problem persists. I have an old Telkom Mega100WR.

Could anyone please provide any recommendations as to what steps I can take? How do I check if my line has been intercepted (if that is even possible)?
 
Only thing left to do now is to get a tin foil hat I'm afraid
 
Resetted router and updated firmware on it? Only experienced it once on a torrent site when my history was stolen.
 
I tend to remember a virus being distributed on some pornography websites that does exactly what you are mentioning....
Run a deep virus scan. Your line is not being tapped.

EDIT: and for good measure, check that all your DNS servers are either 8.8.8.8 and 8.8.4.4 unless you know what your ISP DNS servers are
 
Run a live Linux cd for a while to see if the problem replicates.
 
dn5396 said:
Hi. I have reason to believe hackers have been intercepting data sent over my internet line which is with Telkom.

My ISP is Afrihost. The hackers in question have been "sniffing" my search history and cookies and using it for nefarious means. This has been going on since 2015. Last year I had my credit card details replicated. Whenever I register on a new forum they create fake profiles specifically to harrass me. The harrassment mostly involves posting or mentioning whatever I have just searched recently. They do it to amuse themselves (only reason I can think of).

I have already changed my modem settings (did a hard reset, changed the SSID, network security key, etc), registered for new connectivity packages with Afrihost (set the passwords as long as the password range allowed), scanned for malware and keyloggers on my laptops, used Wireshark to detect any suspicious packet sending, but the problem persists. I have an old Telkom Mega100WR.

Could anyone please provide any recommendations as to what steps I can take? How do I check if my line has been intercepted (if that is even possible)?
Click to expand...

While its possible some is indeed ****ing with you, it doesn't really sound like it.
What you're describing isn't really possible the way you describe it anyway.

What CAN be happening is that one or more devices in your network are backdoored.
i.e. your desktop/laptop is infected with malware, and some script kiddies are indeed ****ing with you (unlikely though, short attention spans, and it gets boring quickly).

Or, your modem is backdoored. While a cursory check on google for firmware hacks for that specific model doesn't reveal anything, its not out of the realms of impossibility.
I'd probably do the following.

Clean your computer or computers using a boot CD, and off line scanner.
Get someone competent to have a look.

Check for rootkits, things in the startup, browser plugins etc.
Windows is inherently insecure by design unfortunately.

More advanced issues should also be potentially looked at - EFI backdoors etc are incredibly hard to pinpoint for the average IT guy.

More advanced things to do;
Buy a separate ADSL modem (TP Link makes decent cheap standalone models), replace the router with something decent (again TP-Link is usually good, but buy something that can install AdvancedTomato or openwrt. Typically any all in one adsl/router model is garbage.

I'd prefer to get a second opinion first though.

Assuming you're not a kook (and I can't rule that out yet), can you point us to some of the example forum / fake profiles making fun of you?
 
dn5396 said:
Hi. I have reason to believe hackers have been intercepting data sent over my internet line which is with Telkom.

My ISP is Afrihost. The hackers in question have been "sniffing" my search history and cookies and using it for nefarious means. This has been going on since 2015. Last year I had my credit card details replicated. Whenever I register on a new forum they create fake profiles specifically to harrass me. The harrassment mostly involves posting or mentioning whatever I have just searched recently. They do it to amuse themselves (only reason I can think of).

I have already changed my modem settings (did a hard reset, changed the SSID, network security key, etc), registered for new connectivity packages with Afrihost (set the passwords as long as the password range allowed), scanned for malware and keyloggers on my laptops, used Wireshark to detect any suspicious packet sending, but the problem persists. I have an old Telkom Mega100WR.

Could anyone please provide any recommendations as to what steps I can take? How do I check if my line has been intercepted (if that is even possible)?
Click to expand...

This is your hacker speaking. Stop searching for pron!
 
lsheed_cn said:
While its possible some is indeed ****ing with you, it doesn't really sound like it.
What you're describing isn't really possible the way you describe it anyway.

What CAN be happening is that one or more devices in your network are backdoored.
i.e. your desktop/laptop is infected with malware, and some script kiddies are indeed ****ing with you (unlikely though, short attention spans, and it gets boring quickly).

Or, your modem is backdoored. While a cursory check on google for firmware hacks for that specific model doesn't reveal anything, its not out of the realms of impossibility.
I'd probably do the following.

Clean your computer or computers using a boot CD, and off line scanner.
Get someone competent to have a look.

Check for rootkits, things in the startup, browser plugins etc.
Windows is inherently insecure by design unfortunately.

More advanced issues should also be potentially looked at - EFI backdoors etc are incredibly hard to pinpoint for the average IT guy.

More advanced things to do;
Buy a separate ADSL modem (TP Link makes decent cheap standalone models), replace the router with something decent (again TP-Link is usually good, but buy something that can install AdvancedTomato or openwrt. Typically any all in one adsl/router model is garbage.

I'd prefer to get a second opinion first though.

Assuming you're not a kook (and I can't rule that out yet), can you point us to some of the example forum / fake profiles making fun of you?
Click to expand...

The TL-WR841N(D) is dirt cheap and can run DD-WRT or OpenWRT.
 
mintydroid said:
That's not ADSL
Click to expand...

More advanced things to do;
Buy a separate ADSL modem (TP Link makes decent cheap standalone models), replace the router with something decent (again TP-Link is usually good, but buy something that can install AdvancedTomato or openwrt. Typically any all in one adsl/router model is garbage.
Click to expand...

Its a router, why are you fixated on ADSL?

I *always* recommend a separate ADSL modem, and a router, never an all in one. The all in ones all suck. All of them.
Both should be fairly cheap anyway, although again, my advice would be to check for other things first before replacing equipment just yet.
(see my main answer above).
 
Hey,

Off the top of my head:

- Scan your computer, in safe mode without networking with:
a) TDSSKiller http://www.bleepingcomputer.com/download/tdsskiller/
b) Malwarebytes or any reputable Malware detector
c) An antivirus, generally speaking if you are looking for a free one, Panda is probably the best currently.

- Use a VPN online and see if it helps

Other than that, post a HijackThis log on bleepingcomputer.com or majorgeeks.com or any other site brimming with virus sniffing talent.

Are you using WPA2 on your WiFi (sorry if you are using an ethernet cable, skimmed through majority of your post :D)
 
SOmething tells me that there is a legit program running on your pc without your knowledge and because its legit, anti virus cant pick it up...
 
ChocolateBadger said:
Change your WiFi password. Sounds like a man in the middle attacks.
Click to expand...
Change router password , WiFi password and implement Mac address filtering.
If you are extreme enough : wrap your house in a wire mesh , essentially creating a Faraday cage so that your WiFi signal stays inside the house and does not bleed beyond the confines of your house.
 
Last edited:
dn5396 said:
Hi. I have reason to believe hackers have been intercepting data sent over my internet line which is with Telkom.

My ISP is Afrihost. The hackers in question have been "sniffing" my search history and cookies and using it for nefarious means. This has been going on since 2015. Last year I had my credit card details replicated. Whenever I register on a new forum they create fake profiles specifically to harrass me. The harrassment mostly involves posting or mentioning whatever I have just searched recently. They do it to amuse themselves (only reason I can think of).

I have already changed my modem settings (did a hard reset, changed the SSID, network security key, etc), registered for new connectivity packages with Afrihost (set the passwords as long as the password range allowed), scanned for malware and keyloggers on my laptops, used Wireshark to detect any suspicious packet sending, but the problem persists. I have an old Telkom Mega100WR.

Could anyone please provide any recommendations as to what steps I can take? How do I check if my line has been intercepted (if that is even possible)?
Click to expand...

Turn of WIFI

Then format PC, most likely its something that has been installed on your machine.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X