Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1846 posts

Uber Geek


# 196234 24-May-2016 09:04
Send private message

I spent a bit of time last night having a play with my new Vodafone TC7210 cable modem and trying to figure out its nuances around static IPs, and later on some conflicting DHCP server settings I was encountering on my HTPC. (I'm wondering if this could have been the start of the hack) I also had my RT-AC68 wifi router active as it was what WAS doing the DHCP just fine.

 

Before the DHCP issues were noticed, I had decided to pick a random port to open and have a play and see how remote management of the HTPC would go. I picked port 9091 and apparently I should google these things as that's a common torrent port... Anyway I ended up opening the port on both the modem and the wifi router because I was playing with what I thought was doing the DHCP stuff at about 9pm.

 

I figured i'd just leave it for a while and let my wife watch some TV off the HTPC, and 10min later she starts complaining that i'm moving the mouse around and making "random menus pop up"... Eventually a notepad window appears and somebody writes something along the lines of "hi from cyber-somethingorother :)"

 

At this point I pulled the power from the modem and got a little worried... I have since malware checked the machine and can't find anything untoward so think it's clean.

 

I've also since reset and renamed almost everything, but what is more likely? That they got in through the open port (if so, does that mean my HTPC user account and password got hacked in less than 10 min?) Or that they got in through the wifi, and also hacked my different HTPC password? The HTPC has a username and password for accessing everything but I do have UnifiedRemote installed which lets me control it with my phone as it doesn't have a local keyboard or mouse I don't believe this is password protected, but would give someone control if on the network and they knew what was installed. They wouldn't be able to view the video output though unless they had a RDP connection I guess?

 

I'm wondering if they were on our network before the ports were opened and were causing the DHCP conflict that the HTPC was having. And I'm still unsure about was how they took control of the machine while we were also using it.

 

Either way, I still don't feel like i'm out of the woods, and will have to go through and edit all my account passwords today. It's a lesson I feel I may have been lucky enough to get away with, without too much pain, but worrying nonetheless.

 

I'll hang my head in shame in preparation for everyone who will come on board to tell me what I did wrong.

 

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3024 posts

Uber Geek


  # 1558463 24-May-2016 09:36
Send private message

That sounds really scary.

 

Whoever it was announced themselves - so they were 'playing' with you - if they were really in the 'stealing' business they would have kept quiet. Hard to tell what the real motivation would be.

 

Hope someone may be able to advise you





Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

6877 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1558476 24-May-2016 09:45
2 people support this post
Send private message

I'm aware of at least one copy of a popular TV show that has "menus" and a Notepad window encoded into the video for some reason. I'm not accusing you of anything, just stating facts in case it's the same thing :)


 
 
 
 


4325 posts

Uber Geek


  # 1558478 24-May-2016 09:49
Send private message

That makes me think it was something to do with the UnifiedRemote software? Is that a screen sharing app? The only other way they could have opened notepad, menus etc would be with remote desktop.

 

I recognise 9091 as the default https port for the transmission torrent client web interface - i run this on my own server at home. I wonder if perhaps they tried to load their own torrents or something thinking it was actually a transmission client. Transmission has an api (maybe not a true api, but you can send commands to it on the https port) for other programs to interact with so maybe they tried but.

 

But it certainly isn't a screen sharing app!




1846 posts

Uber Geek


  # 1558482 24-May-2016 09:55
Send private message

Behodar:

 

I'm aware of at least one copy of a popular TV show that has "menus" and a Notepad window encoded into the video for some reason. I'm not accusing you of anything, just stating facts in case it's the same thing :)

 

Ironically that's what a friend just asked me if it was. I didn't even consider it and didn't think to ask swmbo what she was watching (freeview or something from the NAS) so can't comment on that either. My knee jerk reaction may have been a little overzealous if that's true.


3024 posts

Uber Geek


  # 1558483 24-May-2016 10:00
Send private message

Behodar:

 

I'm aware of at least one copy of a popular TV show that has "menus" and a Notepad window encoded into the video for some reason. I'm not accusing you of anything, just stating facts in case it's the same thing :)

 

 

What show would that be? - just out of interest





Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

956 posts

Ultimate Geek
Inactive user


  # 1558485 24-May-2016 10:02
Send private message

Doesn't really matter what port you use, or what the internet says it's used for, you'll often be constantly port scanned to determine what is open and what service is running

 

They're unlikely to have the username/password for your Windows machine, if they RDP'd onto it then the screen would've gone onto the lock screen whereas it sounds like they may have been using something like VNC or other remote software 


dan

1148 posts

Uber Geek

Lifetime subscriber

  # 1558496 24-May-2016 10:19
Send private message

robjg63:

 

Behodar:

 

I'm aware of at least one copy of a popular TV show that has "menus" and a Notepad window encoded into the video for some reason. I'm not accusing you of anything, just stating facts in case it's the same thing :)

 

 

What show would that be? - just out of interest

 

 

 

 

likely the GOT leaked episode,


 
 
 
 


3024 posts

Uber Geek


  # 1558501 24-May-2016 10:30
Send private message

dan:

 

robjg63:

 

Behodar:

 

I'm aware of at least one copy of a popular TV show that has "menus" and a Notepad window encoded into the video for some reason. I'm not accusing you of anything, just stating facts in case it's the same thing :)

 

 

What show would that be? - just out of interest

 

 

 

 

likely the GOT leaked episode,

 

 

Just googled that and it sounds quite a bit like the OP reported - scared a few people in the middle of the episode....





Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

6877 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1558510 24-May-2016 10:43
Send private message

I can neither confirm nor deny this! tongue-out


956 posts

Ultimate Geek
Inactive user


  # 1558515 24-May-2016 10:53
Send private message

lol


266 posts

Ultimate Geek


  # 1558517 24-May-2016 10:56
One person supports this post
Send private message

Same thing happened to me last night, made me think what is going on here, I just rewind it a bit and it did it exactly the same again, so was part of the stream.





Desktop AMD Ryzen 1600/RX-580/24GB Ram/29" UHD monitor, 1 laptop, Galaxy S7, Huawei something, raspberry PI, Sony Android TV plus other gadgets..... and puss (cat)

 

 

 

 

 

 




1846 posts

Uber Geek


  # 1558518 24-May-2016 10:59
Send private message

Heh, sounds like I need to talk to her about what she was watching.

 

At the least it's kicked me in the bum to go and change some very old passwords, heh.


285 posts

Ultimate Geek


  # 1558521 24-May-2016 11:15
Send private message

We've had these discussions before. I personally think tools like Lastpass are awesome - just don't stick your banking passwords in there.

 

 

 

When dealing with an issue like this, Lastpass will tell you when each password was last changed, so it can be an easy way to be sure you've gone through all your passwords and changed them. Just be sure to make your lastpass password the first one you change, and be sure you've got a clean system before that.


Mad Scientist
21336 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1558557 24-May-2016 11:31
Send private message

garbonzai:

Same thing happened to me last night, made me think what is going on here, I just rewind it a bit and it did it exactly the same again, so was part of the stream.



Made my day!




Involuntary autocorrect in operation on mobile device. Apologies in advance.


4552 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1559259 25-May-2016 11:33
Send private message

@Disrespective:

Heh, sounds like I need to talk to her about what she was watching.


At the least it's kicked me in the bum to go and change some very old passwords, heh.



Did you ever find out the issue?





 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.