# Sign of being hacked?



## sholo86 (Apr 16, 2007)

Last night my wife told me that her cam light turned on by itself while she was starting to doze off to sleep. She remembered turning off her cam and logging off yahoo messenger after we spoke online. She clicked on the cam icon on her desktop and it says "1 viewer". She tried to see who the viewer was but came up with no address. She turned the cam off, but within 10 minutes her cam light came back on again. She believes somebody has hacked into her computer. She went ahead and shut her computer down.

Is this a sign of somebody hacking into her computer? Has this happened to you and what did you do to counter it? If they were able to access her cam, I guess they can access her files too right? I'm not good with computers, I just turn it on and off, so any advice is always helpfull...thanks


----------



## Ping898 (Apr 17, 2007)

I have no experience with webcams so don't quite no what to tell you, but I am a firm believer in leaving a hate or towel over the webcam when it is not in use....why take chances someone will see something you don't want them too...


----------



## Sukerkin (Apr 17, 2007)

The easiest way to tell whether there truly is an external source tapped in to the camera is to break the network connection.  If it doesn't turn back on again then that would seem to show you have a 'spy'.

Also, if there is a physical power switch on the device and you turn it off, then, provided that you disable wake-on-LAN, there is no way it can turned on again by an external source.

The short term solution is just to unplug the thing when you're not using it - 100% security there .

Try running a detailed virus scan to see if you have any nasties lurking in your system.  Also, I hope you're using a proper firewall (rather than the integrated rubbish that comes with Windoze)?  Set that to not allow any traffic without confirmation and see what you get.

Sorry not to be more help but I really know very little about web cams and am speaking from a general browser-integrated-devices standpoint.


----------



## sholo86 (Apr 17, 2007)

My biggest concern thought is that if they can access the cam externally, I'm sure they are able to access computer files too right (ie: bank accounts, SSN, Tax Forms...). 
I was told to clean the hard drive and reinstall my Operating System. Didn't really want to do this, but I might just have to.


----------



## BrandiJo (Apr 17, 2007)

Runa  good virus scan, spyware program, that should tell you if you have anything lurking on your system, as for an active hacker i would find a good firewall and that should keep you pretty safe. I would question the safty of files you have on your computer untill you get some safegards in place. ​


----------



## crushing (Apr 17, 2007)

I would like to back up what BrandiJo said.  Additionally, I wouldn't rely on just a single antivirus product for a scan, especially after suspicious activities on the PC.  

For example, recently my Mom was having problems with her PC.  in addition to installing and running AVG and doing a full scan with that (it found several virus/spyware files), I also went out to http://housecall.trendmicro.com/ and ran their free antivirus scan.  It caught a couple more spyware related files that AVG didn't.


----------



## Bigshadow (Apr 17, 2007)

Sukerkin said:


> The easiest way to tell whether there truly is an external source tapped in to the camera is to break the network connection.  If it doesn't turn back on again then that would seem to show you have a 'spy'.
> 
> Also, if there is a physical power switch on the device and you turn it off, then, provided that you disable wake-on-LAN, there is no way it can turned on again by an external source.
> 
> ...



This is excellent advice!


----------



## Kreth (Apr 17, 2007)

In addition to the previous advice, update all of your spyware scanners and AV software, then reboot the computer to safe mode before running any scans.


----------



## Sukerkin (Apr 17, 2007)

sholo86 said:


> My biggest concern thought is that if they can access the cam externally, I'm sure they are able to access computer files too right (ie: bank accounts, SSN, Tax Forms...).
> I was told to clean the hard drive and reinstall my Operating System. Didn't really want to do this, but I might just have to.


 
Hi *Sholo*, whilst it is true that nuking your HD and reinstalling will probably deal with almost any intrusion you have, this is a last ditch extreme measure.

The advice to run detailed virus/spy/mal-ware scans is sound.  To reiterate a few salient points:

Do this with the PC disconnected from the Net after you have made sure your scanner is completely up to date.  I'd recommend AVG as your frontline defence.

Prior to scanning, I'd definitely set the firewall to confirmation mode and log on to the Net.  See what is trying to either get out or in as that can be an invaluable guide to if you have a problem or not.  It might be that you don't feel you'll be able to tell what is legitimate traffic and what isn't (no shame there, it's not easy) so if you know someone with good computer skills don't be afraid to ask them to help.

Then you want a dedicated spyware/adware blocker (assuming you don't have a 'commercial' firewall) to back up your firewall.

Something to ferret out cookies and other lurkers would be good too as that'll erase any personal information that may have been 'stored' in unwanted places (like Windows Temp for one ) whilst you've been on-line e.g. CCleaner.  You should ideally have your browser set-up up to delete your 'history' and non-exempt cookies as a normal mode of operation.

It should be noted that if someone has hacked your system then it is possible that they already have some of your details that they could misuse financially.  Keep an eye on your accounts for any abnormalities - however, if they were going to do something they probably will have already done so.  So, if none of your monies gone and you haven't received the bill for a new Mercedes you're more than likely okay i.e. don't fret too much about what _might_ happen.

Good to see fellow forumites coming forward with advice and none of it bad either :tup:.

P.S. Thanks to *Bigshadow* for the kudos ... and for spotting that this sort of thing is within the parameters of my profession .


----------



## Bigshadow (Apr 17, 2007)

Sukerkin said:


> P.S. Thanks to *Bigshadow* for the kudos ... and for spotting that this sort of thing is within the parameters of my profession .



Mine too!


----------



## Carol (Apr 17, 2007)

Change *ALL* of your passwords that you use when using your computer: administrative, user, mail, yahoo, banking, web portals, web community, etc. 

Replace them with strong passwords (at least 8 chars, mixture of letters, numbers, spec characters, dont use names, English words, birthdates oe addresses in your password.


----------



## Sukerkin (Apr 17, 2007)

Yet more solid advice, *Carol* ... how on earth did we omit that one, chaps ?



Bigshadow said:


> Mine too!


 
Due to my habit of reading profiles before responding to anyone (not purely nosy, I try to make sure I don't tread on anyones toes by getting a rough background first) I was aware of there being fellow 'professionals' in the house, so to speak .

The fact that only _good_ advice was coming out was a hint that I was not a geek alone too :lol:


----------



## sholo86 (Apr 17, 2007)

Well, my wife talked to some of her computer smart friends too like you all :ubercool: and they gave her the same advise as you all did. She ended up saving all her documents, cleaned up the drive and reinstalled operating system, apps, and programs.

Changing the password thing was a good one...thx Carol. I'll pass that on to her tonight. I really appreciate everybody's input. I guess it's time for me to edumacate myself more on computer stuff. 

Thanks again MTers :highfive:


----------



## jim777 (Apr 18, 2007)

Another point is that a lot of people use use Linksys wireless routers as their cable modems. If you leave the wireless connectivity on on that, and don't change the passords (blank login, "admin" password is the default) then ANYONE can break into your computer from a block or more away. Break in, and LOCK YOU OUT I might add. How many of you have turned on wireless from Windows Networking and seen all your neighbor's wireless routers/networks show up? This will allow people access to your PC without a virus, trojan, or anything else. It's basically the front door.
What you should do here is get a DOS window up by typing CMD at the Start /Run window, and then typing "ipconfig/all" at the DOS prompt.
Look for "Physical Address" (also known as the MAC address, but not here) to come up in the long list of provided information, and make note of it. This will be a hex address, and will look like "00-0D-7A-B0-12-34".
Go into your wireless router (usually 192.168.1.1 from your browser), and change your login name and password first thing. If you haven't changed the default login credentials and can't get in with a blank login name and "admin" as the password, it is possible that someone has already locked you out of your own router. This happens folks, and often. It's cheaper to steal a connection than pay for one, obviously. Press the reset button on the back of the router which will reset it to blank/admin, then CHANGE the login credentials! Follow Carol's advice and make it a bit tricky. No one can see the router physically, so feel free to write the info on the top if you want.
Turn on your wireless for only selected addresses (it will be one of the options once you are into the Linksys pages from the above 192.168.1.1 address), and put in the address you took note of above. This will keep anyone else with a wireless card in their PC from breaking into your router and gaining access to all the computers on your home network if you have more than one.

p.s. If this is really confusing, just let me know and I'll try to explain it better.


----------



## Shaderon (Apr 18, 2007)

All the above....

Anothe thing you might want to do, is contact your internet provider, explain the problem and ask them for a change of IP address, most providers give you a dynamic IP address but it stays the same for thier records.  Ask them to change it as I've seen someone dial into someone's PC using just that!


----------



## Jdokan (Apr 18, 2007)

Another idea may be to keep all sensitive material on removal disk...wehter it be dvd rw or usb disk and unplug when not in use...now they cannot get to your records....


----------

