I spent a bit of time last night having a play with my new Vodafone TC7210 cable modem and trying to figure out its nuances around static IPs, and later on some conflicting DHCP server settings I was encountering on my HTPC. (I'm wondering if this could have been the start of the hack) I also had my RT-AC68 wifi router active as it was what WAS doing the DHCP just fine.

Before the DHCP issues were noticed, I had decided to pick a random port to open and have a play and see how remote management of the HTPC would go. I picked port 9091 and apparently I should google these things as that's a common torrent port... Anyway I ended up opening the port on both the modem and the wifi router because I was playing with what I thought was doing the DHCP stuff at about 9pm.

I figured i'd just leave it for a while and let my wife watch some TV off the HTPC, and 10min later she starts complaining that i'm moving the mouse around and making "random menus pop up"... Eventually a notepad window appears and somebody writes something along the lines of "hi from cyber-somethingorother :)"

At this point I pulled the power from the modem and got a little worried... I have since malware checked the machine and can't find anything untoward so think it's clean.

I've also since reset and renamed almost everything, but what is more likely? That they got in through the open port (if so, does that mean my HTPC user account and password got hacked in less than 10 min?) Or that they got in through the wifi, and also hacked my different HTPC password? The HTPC has a username and password for accessing everything but I do have UnifiedRemote installed which lets me control it with my phone as it doesn't have a local keyboard or mouse I don't believe this is password protected, but would give someone control if on the network and they knew what was installed. They wouldn't be able to view the video output though unless they had a RDP connection I guess?

I'm wondering if they were on our network before the ports were opened and were causing the DHCP conflict that the HTPC was having. And I'm still unsure about was how they took control of the machine while we were also using it.

Either way, I still don't feel like i'm out of the woods, and will have to go through and edit all my account passwords today. It's a lesson I feel I may have been lucky enough to get away with, without too much pain, but worrying nonetheless.

I'll hang my head in shame in preparation for everyone who will come on board to tell me what I did wrong.