Daily Cup of Tech

I really hate to hear of stories like this. I just hope that someone will read this and take the computer security warning seriously.

It appears that Jared was not too diligent when it came to securing VNC on his computer. This lead to him finding himself in the following situation:

Apparently someone was able to access my computer through my vnc connection (or they were sitting at the computer, which didn’t happen). They uninstalled my antivirus, copied the Dark Mailer software from the web onto the desktop, ran the program and loaded a huge text file of email addresses into the program to begin emailing. I caught and stopped the program after it had been running for almost 19 hours, sending 231,746 emails - that’s more than 3 emails a second!

Plain and simple, this sucks! It is people like this selfish spammer who make life a living hell for the rest of us. But, I hope that we can learn from Jared’s experience. He offers some useful tips in his post that will help to keep you off the hacked list. This is what he learned:

• Dictionary passwords are always bad. Even for a short while. Use strong passwords.
• There is no reason to leave your server logged into the Administrator account all the time.
• Use strong passwords!
• Use encryption!

Go over to Jared’s blog and read his post. It is very educational. While you are at it, you may to check out some other useful links:

• Secure Your Computer in 20 Minutes
• Small Business Primer on Network Security Threats
• 20 Ways To Mark Safer Internet Day 2007
• Protect Your Privacy With A LiveCD
• New Security Blog With Promise
• DIY IT Security Audit
• Anatomy of a Network Hijacking
• Don’t Be a Soldier in the Botnet Army
• Reducing the USB Threat
• Cybercriminals Preying on the Weak
• Stop Bleeding Personal Information
• 15 Ways To Help Protect Your Children On The Internet
• 10 Ways to Protect Your Home Network
• 50 Ways to Celebrate Computer Security Day 7 Steps to Securing USB Drives
• 11 Password Tips

Hope everything is going a bit better now, Jared.

Technorati : hack, privacy, security

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2007/03/21/how-jared-was-hacked/trackback/

 

9 Responses to “How Jared Was Hacked!”

1. The Fieldhouse Says:
   November 30th, 1999 at 12:00 am

   The Anatomy of a VirusHigh End Router, Low End HardwareRemotely Accessing ComputersDonated/Trashed a Computer? Your Data May be at RiskWindows Update On A DiskStories of Identity TheftDCoT Helps Find Lost ChildHow Jared Was Hacked!E-Mail Request: USB AntivirusThe Vista SkipRearm DebacleMake Vista Less AnnoyingTorpark 2.0.0.2a ReleasedWhy don’t you just go Google yourself?Secure Your Computer in 20 MinutesMicrosoft says IE Biggest Internet Threat, Get Opera

2. Pebbles Says:
   March 21st, 2007 at 5:04 pm

   My advise to anyone and i do mean ANYONE is:

   Install IPCOP (FREE) on an old computer and set it up to be your gateway to the internet, do this and do it now, then install Commodo firewall (FREE) on your desktops, and then if you need to roam install zerina on your IPCop box and OpenVPN on your laptop, and you have instant access to home without the worries of hackers seeing lots of open ports.

   For those a little more adventurous, get yourself VMWare server for linux (FREE) install it with Freenas as one machine and IPCop as the firewall add 3 network cards, 2 for IPCop, 1 for Freenas, add all the HDs for Freenas, and you’ll save power and combine 2 machines into one box, I’m in the final testing stages of doing this now, it’s looking very promising.

   I took security seriously after I left oz to move to the states as someone had waltzed straight into my network in oz and was doing untold mischief that I still know nothing about, so far 6 years later there seems to be no ill effects but I never took security for granted after finding that intruder in my network.

3. Nate Says:
   March 22nd, 2007 at 4:26 pm

   I try to take home network security seriously, without going over the top. Yes, I know that “the more security, the better” is probably true, but for 2 people living on a budget in a large apartment complex, with no real interesting data to be wanted by outsiders, convenience is huge too.

   Ive got a linksys wireless/LAN router connected to my cable modem, and that router is, give or take, my only line of defense. I would imagine that this is the case for a number of people.

   On the inside of the network, attached to the router and also a switch, I have a number of OS X, Windows, and Linux machines, some home media stuff (Tivo, xbox, etc) all hardwired, and a handful of Windows and OS X connected wirlessly.

   All the basic router firewall features are turned on, but I do not have any software firewalling enabled on the computers themselves.

   Wireless is using 128bit WEP.

   I have a handful of ports using forwarding to my main windows workstation for some select applications.

   I have a particular port fwd set up so that I can use Windows Remote Desktop to connect to my home machine from work.

   This last bit is what got me to post this, based on the articles reference to VNC. I assume that RDP is more secure than VNC, but I guess I dont “Know” that.

   Is my setup, which I am sure is typical for any “hey lets get wireless!” home, totally asking for trouble, or is this kind of set up sufficient for your normal non-techy folks? Is RDP asking for trouble? Is there a better set up that takes small to medium amount of effort to set up and minimal to no effort to use? (like RDP, or VNC, etc)

   Love to hear from you all. hehe

   Thanks,

   Nate

4. Pebbles Says:
   March 22nd, 2007 at 11:04 pm

   Nate,

   As long as your Linksys is NOT factory default and you’ve changed all the passwords it’s more than adequate, remember Wireless is ALWAYS going to be insecure, remember to disable SSID, use WPA2 not WEP and use a long password with non standard characters IE ()_+-={}[]|\,.?/!@#$%^&*(), passwords should ideally be over 8 characters long with upper lower and at least 1 number and 1 non standard, why? look at this page:

   http://www.antsight.com/zsl/rainbowcrack/

   Of interest is the size of this table: lm configuration #6 (64gb)

   Until you’ve had your data stolen, it’s just one of those things you want to do but really don’t have time to do, I suppose the feeling could be likened to being burgled, “it’ll never happen to me” until it does and then you get to feel all the emotions that come with it, I don’t want to come across as a security *NUT* or sumsuch but the lesson has been learned by this tech-head.

   as for VNC or RDP I believe RDP is more vulnerable although I haven’t researched it more than in passing, again the better approach for that type of thing is to use VPN tunnels (OpenVPN.org) 1 port for all traffic, OpenVPN in effect gives you an IP on your home network from work, you then use VNC or RDP over the Tunnel, less chance of being hacked plus the bonus is you can also use FTP|TELNET to your linux/MAC? boxes too.

   Lastly an illustration of password security, in my current Job we had a customer who had lost the password to his Win2K machine, I happened to have the latest ophcrack CD with me and popped it into the drive, rebooted and 15-20 mins later (remember Win2k prolly 8 years old this box! ) up popped the password all in it’s pure text glory, needless to say the customer was happy, I looked good and then they suddenly realized I had cracked their password without doing anything, got a few odd looks later that day!, my colleague asked about the disk and I showed him on my laptop, funnily enough my local machine password didn’t show up but the local admins did very quickly too.

   OK now I’m rambling but, your setup Nate isn’t too different from most of my customers except 90% of them are all factory default! I shudder to think about what information has leaked from their systems!

   p388l3s

5. Daniel Lemire Says:
   March 23rd, 2007 at 9:43 am

   I almost had this happen to me. Fortunately, I was using a strong password, so the hackers attempt to take over was unsuccessful. I check my computer logs about once a month and discovered that someone was attempting to login to VNC about 30 times a day, and I knew it wasn’t me. After finding this out, I have now defaulted VNC to not run, and I only start it when I know I will need it.

   If you are currently using VNC and you are port forwarding your router so that you can remotely VNC, check your logs. Or, even better, turn of VNC only when you need it to limit your exposure.

6. Nate Says:
   March 23rd, 2007 at 10:28 am

   Thanks for the input; and I’ll take more from whoever has it =D

   I will look in to the VNC/RPD thing. I know that VPN is a much better option, and I have also heard good things about Hamachi free vpn. I just haven’t taken the time to fully research it.

   My passwords are all pretty good, with non-dictionary words and multiple character types, etc, so I think I am good there.

   My wireless is just regular WEP, and my SSID is broadcast. I have had problems with getting all of my devices on the network if I tighten it up any more than that. With a mixed environment like I have, I end up having to conform to the lowest common denominator. For example, even though it should, my Tivo doesn’t like not seeing the SID.

   I am sure all of these could be easily overcome with a little due diligence, and I consider myself pretty tech-savvy and have worked in the IT field for a long time, so I know that I have options available to me.

   I’m lazy. =D I want the most security, with the least amount of effort, and the least negative impact on my daily use. (Doesn’t everyone? hehe)

   I have concerns with port forwarding as well. I forward ports for RDP. I forward ports so that some of my PC games auto-updaters can actually connect to the gaming servers, etc. All of these go straight to my main workstation, as this is where I do my work and my gaming. Am I putting myself at more risk by doing this?

   thanks again!

   -Nate

7. jaredharley.com | Blog Says:
   March 26th, 2007 at 4:13 am

   Daily Cup of Tech, and he wrote up an article on my story. Over a few days, that brought in almost 400 new readers. While looking at my stats this evening, I noticed a few links coming from another site I didn’t recognize -

8. Mike Diehn Says:
   March 31st, 2007 at 12:07 pm

   Thanks for the great set of links. I’ve passed it on to our IT freelancers group here in New Hampshire - one of our members just went through a similar hacking with one of his clients. Same lessons…

   Best,
   Mike

9. The Back Half of Mike's Brain Says:
   March 31st, 2007 at 5:01 pm

   The Daily Cup of Tech folks wrote an article I wish we’d had before that hack. There are some good tips in here and links to other good articles on the subject of tightening up security for small business. Here’s a link to the article: How Jared Was Hacked Hope you’re all having a wonderful weekend and that NONE OF YOU READ THIS UNTIL MONDAY!

Leave a Reply