Understanding computer security

[NatureMan]

Hi everybody,

First of all I'd like to say: I've never used this forum or any mac forum before so apologies if I post this message in the wrong place!

Ok, I need some advice if anyone can offer it please.

Someone in my work has been spying on my browsing habits, and at one point, they seem to even have viewed photos taken in photo booth. And no, it's nothing sinister.

I went to London a few weeks ago, but didn't tell ANYONE in my work. Yet, upon my return, I got comments asking how my time in London was. There have been other things too.

I have no idea how this person managed to access these things. I don't even know exactly who it is. I'm not the most informed about the tech side of computers.

This person is a creep. I don't know how long this has been going on for.

If someone could please tell me:

1: The fundamental requirements a hacker needs to be able to monitor my browsing habits (do they access my computer through my IP address or something like that?! - I really don't have a clue).

2* What I can do to stop them. (so far, I have deleted and cloned my drive using super duper & then upgraded from snow leopard to lion; tried to configure security & internet settings in system preferences to make sure that remote access is turned off etc. I've looked into purchasing anti-virus software too, but A) I've read mixed reviews about their effectiveness on macs, & B) I don't even know if such software would protect me - because I don't know how this person has accessed my info in the first place, and therefore if anti-virus software would even block their method of intrusion.

I'd like to know how they get deeper into my computer too, as I mentioned. Perhaps they installed spyware!? But if I can even get this first bit resolved it will be a step forward.

Sorry, there's a lot of words here. I figure it's better to give more info for clarity.

Thanks for any help given!

I owe you a virtual pint!

 

[lclev]

Okay a little more information. Does your computer belong to a network. Is your computer backed up on any work back up system - local hard drive or a cloud service. What is the position in the company that the person you are concerned about hold? Would they have an administrator password on your work network - if there is one. How much physical access would this person have had to your work computer. This information will help me try to point you in a direction.

Also do you post to any social media sites - facebook?

Lisa

 

[NatureMan]

Hi, thanks for your reply.

Okay here goes:

Network: My macbook belongs to...uhm, well I went to:

system preferences > network > network name (TP Link *****)

I'm connected over wi-fi to a router which is to my knowledge only used by my computer and some other devices, phones etc, all WITHIN my house.

My mac is not backed to a cloud service or local drive. It is only backed up to external hard drives, which aren't even connected to my mac when not in use.

Sorry, I need to clarify – this person has hacked my personal computer at home, NOT in the work place. But, yes, I'm guessing somehow they've obtained the password to my HOME network (as, to my knowledge that would be one of the fundamentals for how they hacked me?).

This person has NEVER had physical access to my laptop. He does however, not live far away & is knowledgable about computing.

And yes, I have actually talked to this person in private chat on FB several times.

Thanks for your help.

 

[lclev]

Anyone with a network scanner can get the name of your network. I will give you a list of things you need to do:

Access your router by opening a browser window and typing in 192.168.1.1 (this is the default IP address for that router unless it has been changed.)

1. Change your router password to something random and impossible to guess. I mean the one you use to access the router itself. You would be surprises how many do not set one and the default is either admin/admin or admin/password. You can leave the user name as admin or change it too. (Some routers do not let you change the user name.)

2. Change the name of your wireless network in your router and decide whether to broadcast your SSID (the name of your network) or not. It makes it harder to find but not impossible and it really is not going to make it more secure just more of a challenge to find. If you you do turn off the name broadcasting you will need to enter it as well as the password when you join to your wireless network.

3. Change the password for the wireless network. That is the password needed to get on your wireless network.

4. Make sure the security you are using on the router for the wireless is WPA2 with AES encription and not WEP.

On your computer:
1. Set a login password that is hard to guess and as random as you can remember.
2. Under System Preferences -> Security & Privacy -> set a timeout level that when you walk away it requires you to log back in then sleep your computer when you walk away.
3. Also in Security & Privacy you can turn on FireVault to encrypt your data. If you choose this option remember you can not lose the login password or recovery key (either/or) or you will loose access to the data.
4. And also in Security & Privacy turn on your Firewall.
5. In Sharing - turn off all options especially file sharing.

All this should help secure your system from all but the most talented hacker.

Oh, and I would unfriend him on FaceBook just because....

Lisa

 

[NatureMan]

Ok, great. Thanks for all of that. That's very helpful.

I still have a few questions however.

Whilst you have told me how to prevent this person from accessing my computer, could you please still, if possible, tell me how this person has been able to access my internet browsing (or at least clarify as much as you can)?

I just want to be extra clear on this because for all I know, if they've installed something like sniperspy they might even have access to my online banking. That's obviously pretty worrying. For one, I'm pretty sure they're tried to hack my email address.

I'm guessing the pathway would be: 1. they've used the network scanner to obtain the name of my network, 2. Once they have the name they've been able to work on getting the password, 3. Once they've obtained the password they can remotely install some software (I.e a keylogger or something like sniperspy).

I mean, I guess we've established that the very first thing/ the fundamental thing that someone needs to do in order to access my computer remotely is to first access my network. Right?!

Then once they're done that they can install/do whatever they want, provided that whatever they're installing doesn't require my permission (I should point out that it might sound like I know quite a lot about this stuff now – I've been doing some serious reading for the day or two!). Right?!

My apologies for being such a layman. I really don't know much about the vast capabilities/technicalities of computers!

Also, I entered that IP address into a blank tab in google chrome, but it hasn't worked. A message is displayed which says 'Gateway Timeout: can't connect to remote host'.

Thanks very much for all your help!

 

[midway40]

I agree with most of Lisa's points except hiding the SSID. I used to do this myself but stopped doing it after reading a series of articles such as this:

Debunking Myths: Is Hiding Your Wireless SSID Really More Secure?

A true hacker can use the tools mentioned in the article (KisMAC is illustrated in it) to find hidden SSIDs so there is not really any security in hiding it. Plus hiding the SSID makes working around your home network a little harder. The true security is a strong SSID password using WPA2.

Also forget MAC filtering as well as it is almost trivial to bypass.

 

[lclev]

Okay - as to the SSID broadcasting, it really isn't relevant and can be debated. Go ahead and broadcast it. As I stated it is more of a "make them work for it" measure than to offer any level of security. It can be irritating for the network owner so do or don't - it makes no security difference.

Now as to your other questions...I have no idea how he as accessed anything specifically. There are lots of methods available. I do not know what vulnerabilities your network has or how it was being exploited. I have ideas how I would do it but it gets really complicated. What I have suggested as the security measures you should take will help a lot.

If you can't figure out how to access your router you can download a network scanner from the app store. there is a free app called LanScan that will do the trick. You will be able to find out the IP address of your router and access it as I stated above. Run it and look for something with the word router in it. It will also tell you everything on your network which might reveal some interesting information.

As to any installed malware on your computer. I am not as familiar with mac keyloggers or spyware. I know most on this forum do not support any external apps or scanners for removal of malware. My background is stronger in the Windows environment so I will have to leave the how to detect part up to other wiser heads on this forum.

I can say if it were me and I thought I had some sort of intrusive program on my computer I would back up all data and reinstall OS X. I would not trust any Time Machine backup because if there was any spyware it would have been backed up too. It would be a radical step to take but I keep all major programs and app that I use on a separate drive so while it would be work I could do it and not lose anything.

If you have any other questions I will try to help if I can.

Lisa

 

[lclev]

One other thought. When you access your router it should have a firewall. I would set the security to it's highest level. You might have some trouble with the highest settings accessing sites or possibly with email because high security blocks a lot of ports. You may find yourself backing it off to moderate but definitely see if the firewall is on and where it is set.

If you want to monitor your network you can download X11 and Wireshark. You need both programs but Wireshark will show you ALL the traffic on you network. It is a bit overwhelming but if you really want to see what is happening it will show you. If you want to try it I can try to walk you through what it will show you.

Lisa

 

[NatureMan]

Ok, first of all: thanks very much to both of you! I'm learning a lot here.

Now, Lisa: For the next few days I am very busy with studying/coursework. So, I can't do much with wireshark right this moment. But come Wednesday I will get right on it, and if you're willing to walk me through it thats great. I want to learn as much about this stuff as I can.

Also, I have already wiped my hard drive and reinstalled a newer version of OS X. I went from snow leopard to lion (lion is the most recent my mac can handle - it's mid 2007). And yes, I bought and installed a completely new OS from the app store, as opposed to restoring from time machine a back up for that reason.

So, as I've done that, and configured some of the security settings as to your recommendations - I no longer know how much access this person. However, as I haven't yet done some of the more complicated things, it may be the case that not much has changed. For all I know they could be sniper spying me now.

After all, as this person was able to access my webcam, or at least pictures taken by it, I'm guessing this person is pretty adept.

Now that I'm aware of all this - I'm pretty determined to learn about all this properly. I'm going to research all the terms/jargon included in this thread to expand my understanding.

To Midway40: you said MAC filtering is trivial to bypass. By filtering, do you mean antivirus software?!

 

[lclev]

As to the MAC filtering that Midway40 is referring to - it is the ability of routers to filter access to a network based on the MAC address of the wireless or wired device. It has nothing to do with antivirus software.

All network devices - wireless and wired, have a unique address that identifies it on a network. A router can be set to allow certain devices to connect to your network. It can also block devices using the MAC address. Now having said all that.... a device MAC address can be "spoofed". In other words, someone can obtain a permitted MAC address and send it as their device's MAC address and they are in. Google it if you want more info.

Lisa

 

[midway40]

What Lisa said.

How to spoof a MAC address - TechRepublic

I used to frequent a computer security forum and picked up a lot of stuff. But I got so caught up in it I really forgot how to enjoy the internet because I was worried that an cyber attack was around every bend. Now I know better and all it takes it just plain ol' common sense to protect yourself.

Some of those posters on that forum were so paranoid they were running multiple AV's and scanners on their systems. I can imagine how responsive their computers were with all that junk eating up resources. I often wondered why they even got on the internet if they were that scared of it.