RRTX Blog: March 2016

Inevitably someone is going to have an online account hacked. Someone gets access to your email, cloud or phone using your information through various means. They could have done this because they want something or they just don’t like you, the list is long. Recently someone was in this exact situation and needed some advice. I put together some notes that I would likely follow in this situation to try to help this person out. These are just thoughts about steps I would try to resolve this situation… I make no guarantee’s that these steps will be enough!

Steps to consider (in no particular order)

-Security questions: You should make fake questions and fake answers for security challenges on for your online accounts. No one can guess something that isn’t part of your personal information.

-Should you contact the police: If you are concerned about fraud and are considering contact the police don’t expect them to solve the hacking. However, filing a police report is probably a good step for documentation if the bad guy begins identity and/or bank fraud. This way if you need to work with your bank to get money back you have the police report as documentation even though the police may not be able to do squat to stop this person. The hardest thing for people to realize is that their information is attainable online so a lot of “security questions”, your ssn and contact information are completely useless for protection against a motivated bad guy.

-iCloud/Play: Remove all of the authorized apple devices from apple account and reauthorize just the ones you need. Remember that iCloud replicates your text messages and calls across all of your authorized devices.

-If a device has been sold or stolen without being wiped then someone could be using information from that old device to get in to your account.

-If you are using iCloud to backup the phone and your account is compromised then this person may have access to your cloud backups by downloading them. So turn cloud backups off temporarily. Remember the hacked iCloud photos called “the flapping”? Photo’s weren’t the only thing stored in those celebrities iCloud accounts…
*http://ift.tt/1DIXcsy

-iCloud keychains: stop replicating to the cloud temporarily. You can turn this off from your phones iCloud settings.

-Cloud backups: You should turn off iCloud backup temporarily until the intruder has been stopped from accessing the account. Turning off iCloud backups is pretty easy. On the phone just go to Settings, iCloud, scroll down to “Backup” and turn it off. If worried about losing information from the phone in the event the phones dies or is lost you can backup using the iTunes app on your own computer. This way the backup is local. Keep in mind that you should only do this backup on a computer you feel is not compromised.
*http://ift.tt/1XlEwcw
*http://ift.tt/1CL0dbk

-Use secret accounts: Consider creating a new email account that only you know about on say outlook.com or yahoo.com and use that for logging into your apple devices for now. You can then still setup iMessage to use your current email address but it wouldn’t be the email address that a person could get access to your cloud accounts with if they called support to social engineer access back in to your account.

-Two Factor protection:

-Enable the two factor authentication on everything that supports it so someone can’t just access your account with a password reset. They could be intercepting your text messages so temporary passwords via text messages aren’t enough. I suggest using an Authenticator app and possibly a U2F key. There are Authenticator apps for Apple, Microsoft and Google. They act like an RSA key fob that you get issued by banks and large companies and work by giving you a temporary numeric key that changes every 30 seconds.
*http://ift.tt/1TCIuOD
*http://ift.tt/13Jo2As

-Two factor (Apple): http://ift.tt/1TCIuOD

-Two factor (Google): http://ift.tt/1gggTer

-Two factor (Microsoft): http://ift.tt/12i63oc

-Two Factor Auth (U2F key) – An additional step is to also use a U2F key to authenticate with your password manager and even many websites like Dropbox and google allow the use of a U2F key in Google Chrome browser. Firefox is not yet supported.

-Two factor: make sure you changes his email passwords as well and sets up two factor authentication on those email accounts as described above.

-Banking: Get an RSA key fob. They are often free from your bank or broker. Also ask about other forms of two factor authentication. If they do not offer an RSA key ask what options are available. Also ask how they protect your account when someone calls them. Often the biggest security risk to your account is customer service.

–Passwords:

-You should change the passwords for your cellular wireless carrier in case the bad guy is calling your wireless carrier to get access to your phone. Once again use fake questions and passwords and a secret pin if available. You should keep those security questions private. For now don’t keep them electronically on your devices or computers. Just keep them on piece of paper at home, not on the computer you suspect.

-Never* use your work computer or public computer to access any sensitive accounts in case it’s a coworker or hacker has gained access through your work systems. The same logic extends to public wifi. Don’t ever login to your accounts on a free wifi without a VPN to encrypt your wireless information. One VPN service is privateinternetaccess.com for your computer and phone, it’s around $40 a year. There are a lot of VPN service o ptions out there.

-Use a password manager. I like Dashlane for simplicity, it costs $40 a year and works very well. this way every single website will have a separate password and you just use a master password to access your password manager. 1password is also very good and cheaper $12/year, but more complicated, it uses either iCloud or Dropbox to store the information. A free option that works very well but is not as easy to use and is not really multi-device is KeyPass password manager.

-Check the email addresses that are linked to your account. You should only have the ones you intend associated and no more. If you have addresses you don’t use or don’t recognize then remove them.

*Always have your computer up to date on security updates.

*For checking for malware on my computer i often use MalwareBytes, it is free for basic stuff.

*For virus scanning Windows Defender Offline is free and Microsoft provides a download to create a bootable thumb-drive you can use to boot into and scan for viruses and rootkits.

-Change your wifi password and router password but mostly the wifi password. if it’s an wifi device provided by your internet provider then you may have to call them. Make sure you have WPA2 enabled on your wireless router.

-If all else fails: If none of these steps have worked then someone may have a keylogger installed on his computer(s) and consider reinstalling them from scratch including the phones. that would be a phone reset. If still on XP then upgrade to windows 7 or 10, yesterday. If on Windows 7 consider upgrading to Windows 10. If on a Mac consider reinstalling after backing up important files to a hard drive/thumb-drive. If an old version of MacOS, upgrade.

Online vendor guides for hacked accounts

Look, I know this is a *lot* of information for the average person, but getting someone out of your systems can be a pain if they are motivated and know what they are doing. These are all steps I would consider in this situation and I do them regularly. A lot of this stuff may sound like overkill but it really isn’t anymore. The bad guys are really clever and the techniques are constantly evolving.

-Good luck

DISCLAIMER
MY THOUGHTS ARE MY OWN AND NOT THAT OF MY EMPLOYER. THERE IS NO GUARANTEE THAT THE STATEMENTS ABOVE WILL WORK. I PROVIDE NO EXPRESS OR IMPLIED WARRANTY.

by Dave via EasyMetaData

RRTX Blog

Friday, March 25, 2016

Detectoutlook.net to find bitness

Saturday, March 12, 2016

Lets say someone hacked your accounts