What's new

I’m terrified and am so hoping someone can help me

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@sfx2000, I can't agree with Chromebooks, just google personified. ;)

Understood - and many people share that opinion.

For @SAP Brian however, it's a good first step towards regaining some sanity on a trusted platform until he can clean up the other hardware, software, and accounts - set it up on a new Gmail address, and it's a clean start.

ChromeBooks are very secure, and for that reason, many "security researchers" run them when they travel to security adverse scenarios like BlackHat/DefCon, CCC, etc, because they are very hard to hack....
 
With UEFI it's a whole new ballgame now. There has been malware already that exploited UEFI to hide themselves and survive any disk wiping - because it ends up in the motherboard's flash.

Yep, and with some UEFI's, part of it lives on the disk in a hidden partition. And this has been known to be a vector for persistent malware.
 
Could have been I didn't choose the right secure wipe program. But, to me, it's cheap insurance to put in a new drive and destroy the old one.

DBAN with the drive not being used as one of the primary drives (USB to SATA is a good way) will burn and overwrite every sector on the drive - obviously with SSD's, that's not entirely possible because of the way SSD's work...

https://dban.org/
 
Understood - and many people share that opinion.

For @SAP Brian however, it's a good first step towards regaining some sanity on a trusted platform until he can clean up the other hardware, software, and accounts - set it up on a new Gmail address, and it's a clean start.

ChromeBooks are very secure, and for that reason, many "security researchers" run them when they travel to security adverse scenarios like BlackHat/DefCon, CCC, etc, because they are very hard to hack....

I would guess that they certainly don't run them with real credentials; as they were bought 'hacked', right from Google. :)

Everything I learn about Google and Apple for that matter makes me ill. Having a 'secure' platform handed to me from the enemy is not where I put my trust. ;)
 
I would guess that they certainly don't run them with real credentials; as they were bought 'hacked', right from Google. :)

Everything I learn about Google and Apple for that matter makes me ill. Having a 'secure' platform handed to me from the enemy is not where I put my trust. ;)

Google - maybe not as a whole as a cloud platform - ChromeOS - yes as an endpoint, and far more secure than Android.

https://www.chromium.org/chromium-os

And CrOS is the essential element of the Google cloud - so, yes, a fair amount of security is designed in.
 
I think there is some confusion on security vs privacy. Google....generally quite a bit of focus on security...but not so much on privacy. Android...well...yeah....it is a hot mess. As much as I love Android, I don't even use it anymore. ChromeOS, I use it nearly daily.
 
obviously with SSD's, that's not entirely possible because of the way SSD's work...

SSD offer an even better option with the Secure Erase command.
 
A few random thoughts to toss into the mix:

If you must run Windows, maybe look into Qubes. Running Windows in a Qubes VM may provide you with better insulation against exploitation by infected devices on your network. Any infected or compromised device could potentially be used as a pivot point.

Reduce your attack surface by eliminating as many targets from your LAN as possible.

Do away with IoT garbage, don't allow old smartphones to connect (my house is filled with them, IR capable Samsung devices make great universal WiFi/IR/BT AIO remotes, etc, but each is a potential security liability). Do you *need* a Ring doorbell, an Alexa and a microwave oven that you can control with your smart watch? If yes, then plan to bring them back online after you have brought this situation under control. Everyone here loves gadgets - but we recognize that the convenience they bring is a double edged sword.

If you feel a need to use a public WiFi like you mentioned, consider using a 4G card. In fact, there are ISPs that offer unlimited, uncapped 4G connectivity for around $60/month. One I was just looking at is an AT&T MVNO. I am not sure that I would trust my livelihood to the ATT network, but it is a lot damned safer than the WiFi at "Joe's Turnpike Motel 6".

Little things like using Signal on a LineageOS Android, or better yet, PureOS on a Librem phone, might help up your privacy. This can be separate from security, but the two things play into one another. Look into Librum as you shop for a new laptop, too.

Sent from the aether using pineal stimulator #4
 
Hello all, I am posting today desperately hoping to get some advice...

I know I'm too late here to do any good, but I'm kind of surprised no one suggested to the OP that he:

Power-off and disconnect all wires including cable & power from all of the
  1. modem(s)
  2. router(s)
  3. computer(s)
  4. any IoT connected devices (sorry SmartTV, cameras, and such, but y'all gonna have to go dumb a bit)
  5. TURN OFF Wi-Fi ON YOUR CELL PHONE & LEAVE IT OFF
Now no thing is connected in any way to any other thing. OK, now that you're totally air-gapped you need a shopping list:
  1. NEW MODEM (personal or ISP) >>> DO NOT GET/USE A COMBO MODEM-ROUTER <<<
  2. NEW ROUTER (personal or ISP)
  3. NEW COMPUTER (cheap, even Chromebook, is fine for this)
  4. NEW ADAPTER IF NEEDED TO CONNECT ETHERNET TO THE NEW COMPUTER
  5. NEW SHORT ETHERNET CABLES (2-3) IF NEEDED
  6. PAPER & PENCIL
EDIT 30APR20
These really should be here...
  1. NOTIFY FINANCIAL INSTITUTIONS
  2. REPLACE CREDIT CARDS
  3. SETUP CREDIT LOCK or FREEZE (Transunion, Equifax, Experian, etc.)
If you do this right after the shopping you'll have your stuff, be able to confirm the purchases, then be able to await replacements. The security people I've worked with for these things have always been very professional, polite, and helpful. They want to get you back on track as much as you do.

There are about a gazillion reasons NOT to get a combo modem-router that are beyond the scope of this post. Don't. Just say NO. You really want your own personal private router. Also, you'll notice I did NOT say "reset (___) to factory original". You want fresh equipment at this point even if you have to buy it.

Now let's start getting you back up. Setup your cell phone as an access point:
plug your phone into wall power either now or after setting it up
  1. if you don't use iOS: >>> FACTORY RESET YOUR PHONE | USE NEW PASSCODE <<<
  2. if you don't use iOS: use your phone to query how to do 1-6 BELOW
if you do use iOS...
  1. on iOS: Settings > General > About | Wi-Fi Address (WRITE THIS MAC ADDRESS DOWN)
  2. on iOS: Settings > General > About | Bluetooth (WRITE THIS MAC ADDRESS DOWN)
  3. on iOS: Settings > Touch ID & Passcode > Change Passcode ENTER A NEW PASSCODE
  4. on iOS: Settings > Cellular > Cellular Data [ON]
  5. on iOS: Settings > Personal Hotspot > Allow Others to Join [ON]
  6. USE A GOOD MIxEd PASSPHRASE with numbers & special characters
Now you have fairly secure*, fully-powered, battery backed-up access to the internet. Let's do your new-safe laptop next:
  1. WRITE DOWN THE MAC ADDRESS(ES) OF YOUR NEW LAPTOP
  2. plug the laptop into wall power
  3. go to the BIOS/UEFI
  4. setup a hard drive password
  5. require a ctl-alt-del to wake from sleep or whatever
  6. exit the BIOS/UEFI and setup a DIFFERENT password to log onto the OS
Now you have a fairly secure, fully-powered, battery backed-up portable computer. Let's setup this NEW computer to use the internet:
  • CONNECT your new computer to your cell phone's new personal hotspot
OK. Now you have temporary, slower, and more expensive online access to references & vendors assuming you don't go down rabbit holes or playing games. You also have a safer way to connect if you're away from home.

You can change ISP's but what for? Because you're mad? All ISPs tend to be equally unresponsive unless something threatens THEIR network plant, which can have literally millions of "you" on them. If it does they can be very helpful, but you need to fix your own stuff first. So let's stick to first-things-first and setup your NEW MODEM.

  1. WRITE DOWN THE MAC ADDRESS(ES) OF YOUR NEW MODEM

    >>> CHANGE YOUR PASSWORD WITH YOUR ISP <<<

  2. Connect the NEW MODEM to your ISP & power
    >>> DO NOT PLUG IN ROUTER YET <<<
  3. Use your phone to call or chat with your ISP
  4. Did you CHANGE YOUR ISP PASSWORD? N|Y
    1. If N, CHANGE YOUR PASSWORD WITH YOUR ISP
    2. If Y, provision your new modem
  5. This could take 30-min or more, so be patient.
Now you have a new IP from your ISP on a new modem mostly "guaranteed" not to have been infected by you or your nemesis, and for the time being to be invisible. I have old ASUS instructions here, you'll have to look-up what doesn't match.

Let's setup your NEW ROUTER.

  1. WRITE DOWN THE MAC ADDRESS(ES) OF YOUR NEW LAPTOP
  2. WRITE DOWN THE MAC ADDRESS(ES) OF YOUR NEW ROUTER
  3. Plug your new router into power

    >>> DO NOT CONNECT THE ROUTER TO THE MODEM <<<

  4. Ethernet your NEW LAPTOP to your NEW ROUTER
  5. LOCK DOWN THE ROUTER
    1. Change every default and don't hook anything up yet
    2. Set the router to USE WHITELIST-ON to access it (temporarily)
      1. on ASUS: Wireless > Wireless MAC Filter >
      2. do this for both bands
      3. Enable MAC Filter [x] YES
      4. Enter the MAC ADDRESSES your have been writing down into the Whitelist
      5. Is your CELL PHONE whitelisted?
      6. Is your NEW COMPUTER whitelisted?
  6. Set your router to reboot every night
    1. on ASUS: Administration > System > Enable Reboot Scheduler [x] YES
      this generally improves performance & enhances security
  7. Make it invisible to the internet
    1. on ASUS: Firewall > General > Respond ICMP Echo (ping) Request from WAN [x] NO
    2. this enhances that "invisibility"
  8. AFTER every possible setting you can customize is done, then...
  9. CONNECT ROUTER TO MODEM

    >>> DO NOT CONNECT ROUTER TO LAN/BUILDING LAN <<<
  10. Setup the WLAN (Wi-Fi LAN) part of your router
  11. Setup a throw-away Guest Network with ZERO LOCAL ACCESS
    1. You will use this for gaming
      >>> DO NOT connect your IoT things (TV, security, etc) to this <<<
    2. This ASSUMES a bad actor will again go after you
      1. Turn this network ON to play, then turn it OFF when finished
      2. E-V-E-R-Y ... T-I-M-E
Fwiw, my old ASUS RT-87 allows me to setup four (4) guest networks: two on 2.4 GHz and two on 5 GHz. I'm guessing this is common across most of their line. Just tossing that out there.

If you have a hardwired or wired-building LAN, DO NOT connect to it yet. You still don't know how bad this is. You could have compromised equipment you have not considered like a NAS, hub, switch, or printer so let's be safe for awhile.

Now that you have a known-safe means of accessing the internet, you can disconnect from your cellphone hotspot and turn that hotspot off releasing your phone. You can also setup your NEW LAPTOP for Wi-Fi access to your NEW ROUTER and unplug the ethernet.

OK, now that you have hope, let's preserve your sanity so you can tend to all of the other things you'll need to do.

  1. SmartTV? Security cameras? Alarms?
  2. Start with what will give you the best sanity breaks excluding gaming

    >>> NO GAMING FOR NOW <<< I think this is self-explanatory for the time-being

  3. Take each service and each device for that service one-at-a-time

  4. CHANGE THE PASSWORD FOR THAT SERVICE, e.g., TV, alarms
  5. WRITE DOWN THE MAC ADDRESS FOR EACH DEVICE IN THAT SERVICE
  6. Do a full factory reset of each device in that service
  7. Enter the MAC address on the router whitelist
  8. Connect that first "sanity saver" device to the router
  9. Repeat for the next service
Using a whitelist on your router is a major PITA, but for right now it will save your six from mistakenly allowing an infected device onto your LAN/WLAN. After you get everything fixed up, you can disable the MAC Filter (whitelist). Also, entering wired item MAC into the whitelist may be useless as they often only attach to Wi-Fi. However, if you are checking to see who is on your network, having those MACs handy can be a real life saver.

Now that you have a working LAN/WLAN, and your sanity-savers in-place, you can begin the tedious work of...
  1. NOTIFYING FINANCIAL INSTITUTIONS
  2. REPLACING CREDIT CARDS moved up list 30APR20
  3. CHANGING ALL OF YOUR ONLINE PASSWORDS
  4. etc., etc.
Then you can start the even more tedious tasks of cleaning/wiping/factory-resetting/replacing the various pieces or parts of equipment AND TOYS in your network.IF you get ahead of this guy and get your passwords, financials, and credits changed before he starts sucking up your money, you may avoid having your identity actually stolen and whacked.

Make no mistake, IT IS A RACE.

Sky


*I hedge secure here because nothing in this world is ever 100% secure 100% of the time. Security has been and always will be a matter of keeping what needs to be secret long enough so it no longer needs to be secret, even if that means changing it mid-stream. Steve Gibson (GRC) has some pretty good primers on https://www.grc.com/intro.htm
 
Last edited:
Eh... I'm not sure there's a cigar there, but definitely a nice single malt. :cool:
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top