wireless security at home

[crappyjones123]

we have a dsl line with at&t at home and a wrt300n linksys wireless router. the password to get admin access to the router settings is pretty strong. up until now i had been using wpa2 personal encryption and the password was ok. not terribly strong. about a week ago both my moms emails accounts were compromised and i reset the router settings and changed the ssid and all router associated passwords. last night both my gmail accounts were hacked and random emails were sent to some of my contacts. i tried find the last few used ip's from gmail but they all were from a few hours ago and only showed my office or home ip addresses.

is it possible to remotely (not within range of the wireless router) access the wireless router and fuck with the home network?

what do i do at this stage? get a new router (seems like whoever is getting access to my network right now could just as well do the same with a new router...) or change the password more frequently?

suggestions for other things i could do to prevent such intrusions in the future? all home machines have symantec suites installed on them. i use nod 32 on my thinkpad.

[strid3r]

I doubt the wireless network was breached. More likely is the presence of some sort of malware on the machines. Have you already run scans with SuperAntiSpyware and MalwareBytes? Also, full scans using antivirus (possibly two different AV programs)?

Suggestions in general (and probably stuff you may already know): keep your antivirus, OS, and browsers all updated, run anti-malware software somewhat regularly, and don't visit sketchy sites. If you really want to lock down the browser, you can run NoScript in Firefox, but I would not recommend this to a novice user. Also, Symantec is not the best AV out there. Some free alternatives are Microsoft Security Essentials, Avira, and Avast. If you have not already done so, change the passwords for other email accounts.

Edited April 27, 2011 by strid3r

[crappyjones123]

Strange thing is my thinkpad hadnt been home in over 2 months. And I had no problems. My mom came back from India and the very next day got locked out of her emails. I took my laptop home last night for the first time in months and my email got jacked. My laptop at least everything is updated daily so I don't think that's the issue. The only thing that changed for my machine was that I took it home. Before then there were no problems. I want to think it's the wireless but I dont know enough to be certain of it.

[jvlgato]

Do you have another computer at home on the same network that might be compromised? Maybe your Mom got something on that computer when she came home and it's infected other computers across your network whenever they log on to that network?

[Dusty Chalk]

Jacob -- remember, this is the guy who has a terrafarm behind the router.

Crappy -- I know you're smart enough to know this, but just to be sure -- just because emails were sent from your accounts, doesn't mean that your accounts were actually compromised. In fact, a lot of times, someone who has you in their contacts is the one compromised, not you.

What other evidence do you have that your emails -- or even your computers -- were the ones actually compromised? If you're sure, my primary response would be the guessing of passwords as has already been suggested.

[crappyjones123]

hard drive farm is at school. at home i just have a 3mbit line which would render the whole thing useless.

i didnt not know that dusty (about the contact being compromised). i just find it very strange that i had no problems whatsoever and then the one night i take the laptop home this happens.

no evidence other than what i posted earlier.

if someone guessed my password then they deserve to be in my interwebs. if a machine did it then whatever. it was a 14 character random sequence of numbers and letters and 2 special symbols.

[jvlgato]

Sounds hard to remember! Did you write it down store it under your keyboard and stickied on all your monitors at work?

Just kidding. But you must have stored it somewhere. Like on your computer's contact list, or clipboard when you copy and paste it. Or phone. Where a bot could scan it and transmit it to its maker.

Although with that 3 deck poker memory of yours, maybe you just remember it.

[Dusty Chalk]

I used to work with this one lady, and since I was the designated computer person, and she knew me well enough, she told me her password. It got to the point where I had to enter it again, and I turned to her and asked her to repeat it. She did. This continued. She must have told me -- and I typed -- her password a dozen times, and I could never remember it. As far as I'm concerned, that's the perfect password.

She even told me the trick -- it was something like her daughter's second letter of her middle name, followed by the second digit each of her birth month, day, and (2-digit) year, followed by the second letter of her maiden name...etc. Bunch of things that meant nothing to me, so a individualized mnemonic.

[crappyjones123]

unless the bot knew the windows 98 license key to my computer in india, i doubt it would have been able to get access to it. i dont have any written record of it anywhere.

[mypasswordis]

One possibility is some sort of key logger on your machines, possibly through opening suspicious attachments in your emails or something, and then using some sort of remote accessing software. Was your computer on when your gmail accounts were hacked?

I'd get as much important NON-COMPROMISED data as possible off the drives and then wipe them clean before reinstalling the OS on every machine that has been hacked. Anti-virus software almost always blow chunks and are pretty much like a virus anyway, so I don't use any and just exercise extreme caution. Has worked well for me so far.

[grawk]

Sending emails as you doesn't require a password. It just requires an email address.

[crappyjones123]

Wtf. I changed my password to a 17 character behemoth. All my contacts got another set of emails last night. Keylogger then?

Dan how would the spambot get my contact list without the password? Or are there ways?

[grawk]

sounds like you have malware

[crappyjones123]

Will run malware bites when I get to school.

Forgot to mention that my laptop was turned off last night when emails were supposedly sent out.

[crappyjones123]

malwarebytes found nothing.

[Dusty Chalk]

Wtf. I changed my password to a 17 character behemoth. All my contacts got another set of emails last night. Keylogger then?

Again, sending emails out as you doesn't require hacking into neither your computer, nor your email account, it just requires knowledge of the exact spelling of your email address. Spoofing From: addresses is kiddie stuff.

Dan how would the spambot get my contact list without the password? Or are there ways?

Okay, this is possibly an indication that you were indeed hacked. Are you sure it was your contact list, and not someone else's with whom you share a lot of contacts? Because like I said before -- most spambots don't actually leave a trail by using the email they hacked as their from: address, they pick one from the contact list of the person hacked. It's only one indirection, but it's a good one.

Especially since you didn't find anything.

Oh, and now that you are on the list, they can keep producing spam emails over and over again, they don't need to hack any more. There's no way to get rid of that, that I am aware of, other than to change email addresses, and abandon this one.

Sorry to be the bearer of bad news, but forewarned is forearmed and all that.

[CarlSeibert]

I vote malware, too.

For what it's worth my password method is to take a word or phrase that can't be uttered in a corporate environment (you can guess what kind might qualify), hash it in some easy to remember way like first letter of the first word, second letter of the second word or whatever, replace "two" and "for" with numerals, and you have a password that looks really random, is usually really easy for you to remember and is hard to sosh.

We have to change our passwords every 90 days. Without a scheme like that, I would never be able to remember the damn things and would have to resort to something like most of our users use - some weak-ass word with a number that increments every ninety days.

If I have to give my password to a support tech or something, it usually takes two or three repetitions and unless he's writing it down (which is a firing offense for our techs) I feel pretty comfortable that he won't remember anything. So I don't have to use that thingie from Men in Black on him.

Now if CJ can remember his childhood Windows 98 key, he's on another plane altogether and is a very scary person.

[Beefy]

For what it's worth my password method is to take a word or phrase that can't be uttered in a corporate environment (you can guess what kind might qualify), hash it in some easy to remember way like first letter of the first word, second letter of the second word or whatever, replace "two" and "for" with numerals, and you have a password that looks really random, is usually really easy for you to remember and is hard to sosh.

I've started using LastPass password manager. Every password I have has been switched to a randomly generated 8-16 character letter/number combo, and my master password is 20 characters semi-random but very easy to remember.

Highly recommended.

[Dreadhead]

I have to pick a new network password to go with my newly expanded setup and I haven't yet come up with one..... Probably something randomish....

Edited April 29, 2011 by Dreadhead