PC breach and identity theft nightmare

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Post Reply
Topic Author
Econberkeley
Posts: 67
Joined: Thu Jan 16, 2014 6:51 pm

PC breach and identity theft nightmare

Post by Econberkeley »

A relative of mine asked my help with identity theft issues. It is definitely over my paygrade. I would really appreciate any suggestions from the Bogglehead community. Here is the email I got from him.

"Here is a summary of what happened to my financial life during the last 2 weeks.

On October 1st, I received a call from Ally Bank saying that my wire had been rejected. I told them I did not wire anything and asked them to freeze the account immediately. Few hours later, I accessed my Ally Bank account and saw that there were several transactions during last week or so without my knowledge They were mostly thru Paypal totaling $2,500. I accessed paypal and saw some of those funds transferred to 2 people and the rest was charged by a company.

I immediately disputed these transfers and in 2 hours Paypal rejected my claim saying that these were not unauthorized transactions. It was impossible to follow up with Paypal since there is no phone support. I may need your suggestions about how to go about disputing this. Maybe small claims court?

He also accessed my Amazon online seller account, played around, but did not do any damage. I have accounts in Merrill Lynch but luckily it was not accessible online for many months due to my laziness going to a branch and resolving it. he was not able to get in to my BOA account for some reason.

None of these accounts had 2 way authentication which is my stupidity. He also accessed my Google Drive where I saved everything. So he has all the family's soc sec numbers Drivers license numbers passport pictures etc

In the last 2 weeks, not knowing anything about pc or online security, I was losing access to Amazon online account Gmail Paypal and Ally. It took me about a week to understand that there is something called 2 way authentication by the help of a friend to establish it. When I established 2 way authentication, Hacker was not able to access anything anymore, but damage was done already.

After establishing 2 way authentication on all accounts, I learned that the hacker did not perform Simm Swapping. Instead, the hacker gained access to my pc and learned all my passwords (Chrome saved all my passwords. I should have deleted them) and moved from there. I need your suggestions about how to protect myself from Simm Swapping as well.

Also, I have been getting emails from Bitcoin brokerage firms asking for more documents to open accounts. Apparently, the hacker has been trying to open accounts under my and my wife's name not in U.S , but in London. I got emails from Robinhood, bittrex Wirexapp.com and chime.com. I am not sure why he did use my email address instead of using another email account. How come he does not know that I would gain back my gmail account by the help of my phone? It is weird. By now, he probably opened several accounts at overseas.

Instead of replying to this emails, I went to their website and filled out their communication page and explained what happened. I asked them to close the accounts, but I still did not hear from them.

Reached out to all the credit bureau agencies and there are 10 of them not only 3. I froze 4 of them and still waiting to hear from the rest.

Froze all social security numbers except my son who is 5 years old. For some reason, E-verify website gave me an error. I emailed their support line.

I froze my credit at Chex system which is used for opening checking accounts in the US.

I subscribed to Norton Life lock and I asked this question. Is it possible to open a brokerage account without social security? Their answer was yes. I also asked “Isn't there a federal law against this” and I got NO for that one as well. So this hacker can open a margin account in a brokerage firm and play oil options under my name to which he replied possibly. In summary, companies like Green Dot or Chime (I know they are not brokerages, but still) will open accounts in your name online. I am guessing the hacker is stealing people's bitcoins and store them in my bitcoin accounts and with a debit card, he can cash them out.

I filed a report with the local police station. They even asked me if I wanted to press charges. I did not tell them but judging from the timing of the transactions and the names, I am thinking that this guy is located overseas so no hopes there.

I reported what happened in identitytheft.gov and gave all the details.

I need your suggestions on the issues below.

1. 2 way authentication have been set up for all my accounts, but it is not working all the time. I thought it was due to cookies so I downloaded a chrome extension to delete cookies, but it did not work. I also downloaded MS Authenticator and established link to Paypal Google Amazon and USCIS. The problem is that if I log out from Gmail and got back in 2 minutes authentication is not working. It is only working after so many minutes or hours. I was not able to solve this problem.
2. Is there a website or some source where I can see all the accounts under my name in U.S? Before freezing my credit reporting, I checked the credit reports and they were all clean and had no activities in the last 2 months.
3. Should I buy a physical authenticator like Yubico? Will it completely protect me from sim swapping?
4. What else I can do to dispute paypal transactions? "
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

1. I would report this to the FBI.
https://www.ic3.gov/default.aspx
2. It may not be easy to fully protect yourself from SIM swaps. Ultimately, your phone number is only as secure as the most gullible/easily bribed customer service agent at your phone company. You may be able to use Google Voice, rather than a real phone number, but this can create other problems.
mhalley
Posts: 8517
Joined: Tue Nov 20, 2007 6:02 am

Re: PC breach and identity theft nightmare

Post by mhalley »

A couple of things that would increase security are to use the yubico key and to not do any financial transactions on a windows pc.
Get a chrome book or dual boot into Linux for finances. If ms authenticator is not working well, try googles.
Also get a password manager and create complicated passwords. Setup a pin for your phone, and get a google phone number to use with the financial accounts.
Life lock is not necessary if your credit is frozen. You might want to unfreeze long enough to create credit karma, credit sesame, and my social security accounts.
You will want to reformat and reinstall windows on your pc as that is how you were compromised.
Escalate the dispute to a claim. You only have 20days I believe.
https://www.paypal.com/us/brc/article/c ... -reversals
yules
Posts: 249
Joined: Wed Nov 27, 2019 10:31 am

Re: PC breach and identity theft nightmare

Post by yules »

mhalley wrote: Sun Oct 11, 2020 8:16 pm A couple of things that would increase security are to use the yubico key and to not do any financial transactions on a windows pc.
Get a chrome book or dual boot into Linux for finances. If ms authenticator is not working well, try googles.
Interesting yoy say this. Is there a specific vulnerability on a windows pc?

I only ask because in many other threads about pc security/antivirus/malware/firewall/etc., people say that they just use Windows defender (some with Malwarebytes, but many just defender), and it is fine.

Yules
mhalley
Posts: 8517
Joined: Tue Nov 20, 2007 6:02 am

Re: PC breach and identity theft nightmare

Post by mhalley »

Windows is the most popular os (88% i believe) so most malicious software and viruses are designed to attack this. The hackers are always working on ways around the antivirus software. The chrome os by design has much less vulnerability, and Linux is more secure and has a much smaller installed base so is not as big a target. In addition to the os, many attacks these days are through phishing etc where the os might not make any difference.
https://www.computerworld.com/article/3 ... urity.html
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

yules wrote: Sun Oct 11, 2020 9:05 pm
mhalley wrote: Sun Oct 11, 2020 8:16 pm A couple of things that would increase security are to use the yubico key and to not do any financial transactions on a windows pc.
Get a chrome book or dual boot into Linux for finances. If ms authenticator is not working well, try googles.
Interesting yoy say this. Is there a specific vulnerability on a windows pc?

I only ask because in many other threads about pc security/antivirus/malware/firewall/etc., people say that they just use Windows defender (some with Malwarebytes, but many just defender), and it is fine.

Yules
It's nonsense. Windows 10 is as secure as any normal Linux distro. Worse, if you're not careful, you break secure boot in the process. If you disable UEFI Secure boot, you make your machine vulnerable to rootkits.
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

Econberkeley wrote: Sun Oct 11, 2020 5:12 pm A relative of mine asked my help with identity theft issues. It is definitely over my paygrade. I would really appreciate any suggestions from the Bogglehead community. Here is the email I got from him.

"Here is a summary of what happened to my financial life during the last 2 weeks.

On October 1st, I received a call from Ally Bank saying that my wire had been rejected. I told them I did not wire anything and asked them to freeze the account immediately. Few hours later, I accessed my Ally Bank account and saw that there were several transactions during last week or so without my knowledge They were mostly thru Paypal totaling $2,500. I accessed paypal and saw some of those funds transferred to 2 people and the rest was charged by a company.


4. What else I can do to dispute paypal transactions? "
Lots of unanswered questions, but I would start with the bank. Tell them the unauthorized transactions were fraudulent and you should be limited to no more than $500 in losses. If you notify the bank within 60 days of the unauthorized transactions, the bank is required to conduct an investigation.
DesertMan
Posts: 307
Joined: Tue Dec 07, 2010 12:54 pm

Re: PC breach and identity theft nightmare

Post by DesertMan »

oldfort wrote: Sun Oct 11, 2020 9:19 pm
yules wrote: Sun Oct 11, 2020 9:05 pm
mhalley wrote: Sun Oct 11, 2020 8:16 pm A couple of things that would increase security are to use the yubico key and to not do any financial transactions on a windows pc.
Get a chrome book or dual boot into Linux for finances. If ms authenticator is not working well, try googles.
Interesting yoy say this. Is there a specific vulnerability on a windows pc?

I only ask because in many other threads about pc security/antivirus/malware/firewall/etc., people say that they just use Windows defender (some with Malwarebytes, but many just defender), and it is fine.

Yules
It's nonsense. Windows 10 is as secure as any normal Linux distro. Worse, if you're not careful, you break secure boot in the process. If you disable UEFI Secure boot, you make your machine vulnerable to rootkits.
They're called ROOTkits for the precise reason that Unix-like OSes (where the equivalent of the Windows NT Local System account is the root account) are vulnerable to them. That includes Linux (hence Android and Chrome OS), and Mac OS (hence iOS).

A bit of research will quickly reveal that Linux and even Mac OS/iOS are frequently found vulnerable to rootable exploits. Every iOS jailbreak is by definition a root kit. One of the most notorious Mac OS bugs allowed you to log in as root by just entering "root" as your login and mashing the enter key. This bug went unfixed for years. Apple's precious little T2 security coprocessor also recently got rooted, so there goes any argument that a Mac or iDevice will magically protect you.

With all that said, the two Great Commandments of computer security are: keep your OS up to date, whatever it happens to be; and the same goes for your anti-virus. And thou shalt have a reputable (not freeware) anti-virus installed no matter what OS you are running. Ally Bank gives free Webroot to their customers so go open a savings account there if you need one.

Now, if you don't think that is enough protection, then you can consider an OS that is specifically focused on security. OpenBSD comes immediately to mind. If even that is not enough, then you can run current OpenBSD on an obscure, non-x86, non-ARM platform like PowerPC or Alpha or what have you. Only megabanks and government agencies go through all that trouble but if it floats your boat and helps you sleep at night, go for it.
User avatar
F150HD
Posts: 3303
Joined: Fri Sep 18, 2015 7:49 pm

Re: PC breach and identity theft nightmare

Post by F150HD »

the hacker gained access to my pc and learned all my passwords (Chrome saved all my passwords.)
so this is the root of the breach?

OP you're only listing things you know about. wondering what dont you know about? (yet)

Many/most here froze all credit after equifax breach years back.
rich126
Posts: 2154
Joined: Thu Mar 01, 2018 4:56 pm

Re: PC breach and identity theft nightmare

Post by rich126 »

ID theft should be reported to the FTC And the local FBI office. I would look for a professional even if it gets costly because this sounds like a disaster.

Shut down all accounts with money and get new accounts, including ccs. And freeze credit checks.

And never rely on chrome or any browser to store passwords.

Windows is more vulnerable for a lot of reasons including a larger customer base, and users who download free software. Often the software has been compromised. Honestly how many people check the hash on any app they download on windows? Or even know how to do it? Linux users tend to be more tech savvy and Apple is proprietary so that helps both. Not saying they don't have issues but clearly windows and their users are often easy marks.

I kind of wonder though about the person being hacked. I think more likely they open, Or clicked on a malicious email or link. Or download something malicious.
daave
Posts: 224
Joined: Thu Nov 07, 2013 7:28 pm

Re: PC breach and identity theft nightmare

Post by daave »

Econberkeley wrote: Sun Oct 11, 2020 5:12 pm 1. 2 way authentication have been set up for all my accounts, but it is not working all the time. I thought it was due to cookies so I downloaded a chrome extension to delete cookies, but it did not work.and they were all clean and had no activities in the last 2 months."
I would delete this extension and any others you have installed, sounds like a scam. There's no need for an extension to remove cookies, every browser has this ability built in. For Chrome you can do this from the settings menu (instructions).

Extension are exempt from a lot of the typical security restrictions websites are subject to and they can ask for lots of permissions. If you regularly install browser extensions I wouldn't be surprised if this is how you got hacked or phished.
interwebopinion
Posts: 88
Joined: Thu Aug 13, 2020 6:21 pm

Re: PC breach and identity theft nightmare

Post by interwebopinion »

What a nightmare. Freezing credit is a good idea as he has access to SSNs. As is switching to 2FA. I'll assume all passwords have been changed already. I would switch to a Mac if you can and decommission the PC - Macs are less susceptible to these kinds of attacks and tend to be easier to use.
thornkin
Posts: 1
Joined: Fri Sep 04, 2020 2:57 am

Re: PC breach and identity theft nightmare

Post by thornkin »

Went through something a little similar recently. Ran a piece of software I shouldn't have and it bit me. Opened my browser and sent itself money through paypal. Luckily I noticed immediately and was able to have my bank block the transfer. Like you, Paypal said it wasn't fraud. We used the chat-ish client to keep complaining and explaining what happened. After about the 4th attempt, they finally agreed.

One moral of the story is not to use paypal. It's convenient, but too easy to compromise and they don't protect you. If you must, don't have your bank account attached. Just use credit cards. At least then you can dispute the charges with a human.

I too was signed up for many accounts with my e-mail. I don't understand the value of doing that. In my case my mail was 2FA and they didn't have access to it.
MikeG62
Posts: 3260
Joined: Tue Nov 15, 2016 3:20 pm
Location: New Jersey

Re: PC breach and identity theft nightmare

Post by MikeG62 »

OP, unfortunately your friend has a big problem that is likely to be with him for quite a while. Although no first hand experience, from what I have read (online) it can take an incredible amount of time to deal with identity theft. Sounds like he has taken a lot of the right corrective steps. In addition to what he has done, I would suggest he set up alerts with all his financial institutions. This would be for every transaction or attempt to transfer funds from any of his accounts. Same for all CC's. Also, he should be using a password manager to not only house his passwords, but also to create complex passwords.
Real Knowledge Comes Only From Experience
tmcc
Posts: 423
Joined: Tue Feb 06, 2018 6:38 pm

Re: PC breach and identity theft nightmare

Post by tmcc »

By declining to press charges, you may be waiving existing and future insurance coverage. you may want to revisit this immediately.

i'd also junk all of those PC's even if you think you're sure they're clean. there are sophisticated digital attack methods that you'd never even think were possible. Its not as simple as reinstalling windows these days. exploits can be put into the firmware of motherboards, hard drives, graphics cards. 2FA isn't going to help you if the attacker still has C&C (command and control) on your network.
simas
Posts: 773
Joined: Wed Apr 04, 2007 5:50 pm

Re: PC breach and identity theft nightmare

Post by simas »

Econberkeley wrote: Sun Oct 11, 2020 5:12 pm
I subscribed to Norton Life lock and I asked this question. Is it possible to open a brokerage account without social security? Their answer was yes. I also asked “Isn't there a federal law against this” and I got NO for that one as well. So this hacker can open a margin account in a brokerage firm and play oil options under my name to which he replied possibly. In summary, companies like Green Dot or Chime (I know they are not brokerages, but still) will open accounts in your name online. I am guessing the hacker is stealing people's bitcoins and store them in my bitcoin accounts and with a debit card, he can cash them out.
you got a lot of good information already on other things you/your friend should do. I just wanted to address the bolded sections above - neither piece of information is true
- an individual US resident is not going to be able to open brokerage account without A LOT of documentation. Not only tax id, social, but also photo of the identification documents , and a bunch of other things.
- there is a way for specific account types not to provide individual documentation (i.e. trust accounts) however you would still be required to provide trust documents and a bunch of other documentation.
- once 'open' before account can trade, it will go through various levels of checks as required by law for CIP and AML (look them up if interested). so YES, there are a bunch of federal laws with very strict rules and specific penalties for non compliance for organizations to follow. Any time _ANY_ information is changed on the account, broker dealer would run you through the CIP check again evaluating the results and acting on it.
- I do think you understand how margin accounts works. margin (additional buying power) is granted against something , be it a security (standard Reg T margin) or portfolio of securities (portfolio margin). it is not a loan against nothing that is made available to you , you first have to put money in and leave a trace before that could be considered.

so in short, broker-dealers in financial services are very highly regulated with extensive staff on hand to run and manage anti money laundering and other federal rules established by Congress.
Econberkeley wrote: Sun Oct 11, 2020 5:12 pm I am guessing the hacker is stealing people's bitcoins and store them in my bitcoin accounts and with a debit card, he can cash them out.
various ways it is done, usually in some form of collusion - there one account is picked to enter bad trade with another account picked to be a winner of that trade that just "lucked out", made money , and transferred it out leaving mark to hold bad trade and loss.. in financial services (and on most real platforms), there are algorithms to detect and unwind such transactions that company runs at all times pretty much near real time or in real time. I worked on such platforms more than 15 years ago and they were approaching very capable state already by then..
carolinaman
Posts: 4390
Joined: Wed Dec 28, 2011 9:56 am
Location: North Carolina

Re: PC breach and identity theft nightmare

Post by carolinaman »

Sorry to hear of your problems. A few years ago I was hacked on Paypal. I only had a Paypal account because it was required by Stubhub to sell sports tickets. I never used it for anything else. A Brit merchant had charged $999 against my Paypal account and fortunately, they sent me an email informing me of the transaction. I reported this fraudulent transaction to Paypal and Visa (where Paypal would charge the transaction to) immediately, and the matter was resolved in a couple of days and I suffered no financial loss. Once done, I canceled Paypal since I have no use for it and, at least for me, it was a security exposure.

Like many others on this site, I freeze credit at 3 major credit bureaus, keep all of my software current including security software. Also, monitor activity on my accounts regularly to hopefully minimize my exposure.
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

tmcc wrote: Mon Oct 12, 2020 8:06 am i'd also junk all of those PC's even if you think you're sure they're clean.
I wouldn't junk anything yet. It's possible someone may want to do a forensic examination of the PC. Think of the PC as evidence in a potential criminal investigation.
dts_12
Posts: 37
Joined: Mon Feb 03, 2020 5:34 pm

Re: PC breach and identity theft nightmare

Post by dts_12 »

Let this be a reminder to everyone, do two factor authentication. It's hands down the best thing you can do to protect yourself.

Thinks I would do:
1) Clean image of windows, probably want a professional to do this. Have them only move over documents/pictures/etc. do not move over any system/program/temp directories.
2) two factor authentication on everything (yubico is a great option!)
3) Get a password manager and have it generate unique passwords for all sites. I also recommend not putting bank/401k passwords in here. You're better off committing those two to memory or putting them on a sticky note.
4) Windows Defender! Msft has spent tons of time and money making this product good and it's plenty capable for home use.
5) Watch those links and attachments! The VAST majority of these things happen because of malicious links or attachments in emails. As someone who does cyber for a living I'm not joking when I say that 90%+ of security incidents are from this.
6) Patch patch patch and then patch again! I can't tell you how much time is spent by IT just updating stuff for security reasons. The amount of time between the discovery and exploitation of a vulnerability is shrinking exponentially.

Things NOT to do:
1) Repeat passwords across all the sites you log in to.
2) Use a Linux distribution. There's no chance you will keep the OS up to date as windows.
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

dts_12 wrote: Mon Oct 12, 2020 9:20 am Let this be a reminder to everyone, do two factor authentication. It's hands down the best thing you can do to protect yourself.

Thinks I would do:
1) Clean image of windows, probably want a professional to do this. Have them only move over documents/pictures/etc. do not move over any system/program/temp directories.
No, don't wipe anything until the bank and law enforcement have concluded their investigation.
tmcc
Posts: 423
Joined: Tue Feb 06, 2018 6:38 pm

Re: PC breach and identity theft nightmare

Post by tmcc »

oldfort wrote: Mon Oct 12, 2020 9:18 am
tmcc wrote: Mon Oct 12, 2020 8:06 am i'd also junk all of those PC's even if you think you're sure they're clean.
I wouldn't junk anything yet. It's possible someone may want to do a forensic examination of the PC. Think of the PC as evidence in a potential criminal investigation.
true, if the stakes are that high

make sure they are not connected to any network and are powered down then.
User avatar
VictoriaF
Posts: 19500
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: PC breach and identity theft nightmare

Post by VictoriaF »

In addition to other excellent comments, here is an important one:

Have a 2-factor authentication on the email account you use to communicate with your financial institutions.

Whoever owns your email account owns all your accounts.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
dts_12
Posts: 37
Joined: Mon Feb 03, 2020 5:34 pm

Re: PC breach and identity theft nightmare

Post by dts_12 »

oldfort wrote: Mon Oct 12, 2020 9:22 am
dts_12 wrote: Mon Oct 12, 2020 9:20 am Let this be a reminder to everyone, do two factor authentication. It's hands down the best thing you can do to protect yourself.

Thinks I would do:
1) Clean image of windows, probably want a professional to do this. Have them only move over documents/pictures/etc. do not move over any system/program/temp directories.
No, don't wipe anything until the bank and law enforcement have concluded their investigation.
Agree to disagree. Chances law enforcement can do anything, almost zero. Chances the attacker has persistence on the computer and may be able to do more damage, significantly higher than zero.
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

dts_12 wrote: Mon Oct 12, 2020 10:23 am
oldfort wrote: Mon Oct 12, 2020 9:22 am
dts_12 wrote: Mon Oct 12, 2020 9:20 am Let this be a reminder to everyone, do two factor authentication. It's hands down the best thing you can do to protect yourself.

Thinks I would do:
1) Clean image of windows, probably want a professional to do this. Have them only move over documents/pictures/etc. do not move over any system/program/temp directories.
No, don't wipe anything until the bank and law enforcement have concluded their investigation.
Agree to disagree. Chances law enforcement can do anything, almost zero. Chances the attacker has persistence on the computer and may be able to do more damage, significantly higher than zero.
Local law enforcement, maybe not so much. The FBI could take an interest. I don't see how the attacker is going to be able to do more damage. If the OP is as pwned as it appears, every bit of useful data has already been exfiltrated.
dts_12
Posts: 37
Joined: Mon Feb 03, 2020 5:34 pm

Re: PC breach and identity theft nightmare

Post by dts_12 »

oldfort wrote: Mon Oct 12, 2020 10:28 am
dts_12 wrote: Mon Oct 12, 2020 10:23 am
oldfort wrote: Mon Oct 12, 2020 9:22 am
dts_12 wrote: Mon Oct 12, 2020 9:20 am Let this be a reminder to everyone, do two factor authentication. It's hands down the best thing you can do to protect yourself.

Thinks I would do:
1) Clean image of windows, probably want a professional to do this. Have them only move over documents/pictures/etc. do not move over any system/program/temp directories.
No, don't wipe anything until the bank and law enforcement have concluded their investigation.
Agree to disagree. Chances law enforcement can do anything, almost zero. Chances the attacker has persistence on the computer and may be able to do more damage, significantly higher than zero.
Local law enforcement, maybe not so much. The FBI could take an interest. I don't see how the attacker is going to be able to do more damage. If the OP is as pwned as it appears, every bit of useful data has already been exfiltrated.
Unless its a trojan and the user continues to use their computer and expose additional information. That's the whole point of persistence. This isn't a corporate network where you have the ability to quarantine the device and pull a triage package. I am skeptical the FBI has the time to take images of home computers when you have school district, government, and corporate networks getting destroyed by Cobat Strike and Ryuk every couple of hours.
rustymutt
Posts: 3966
Joined: Sat Mar 07, 2009 12:03 pm

Re: PC breach and identity theft nightmare

Post by rustymutt »

yules wrote: Sun Oct 11, 2020 9:05 pm
mhalley wrote: Sun Oct 11, 2020 8:16 pm A couple of things that would increase security are to use the yubico key and to not do any financial transactions on a windows pc.
Get a chrome book or dual boot into Linux for finances. If ms authenticator is not working well, try googles.
Interesting yoy say this. Is there a specific vulnerability on a windows pc?

I only ask because in many other threads about pc security/antivirus/malware/firewall/etc., people say that they just use Windows defender (some with Malwarebytes, but many just defender), and it is fine.

Yules
MS ratio of use is highest among USA businesses and home devices. So naturally they they are one of the highest hit targets.
That's my opinion. Engineers the world wide know MS. You can't use weak encryption. You must have passwords with two factor turned on. And password everything including documents. VPN helps. DNS choices. Don't share you passwords with kids.
And keep your PC updated with OS, security, drivers, malware protection, and stay off certain types of websites where your targeted. Careful who you trust, and never give out information to someone whos contacted you, but rather call that company back at a good known number and talk to a supervisor. Only download apps, and programs from trusted sites using HTTPS rules. Don't click anything from unknown email sources. Have junk mail filters in use. For the record I use Malwarebytes premium, and defender. This serves me as a reminder to think first, then click. Stay safe.
Even educators need education. And some can be hard headed to the point of needing time out.
User avatar
willthrill81
Posts: 21521
Joined: Thu Jan 26, 2017 3:17 pm
Location: USA

Re: PC breach and identity theft nightmare

Post by willthrill81 »

This is why we don't store any sensitive information on any cloud nor use data aggregators of any kind.
“It's a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there's no knowing where you might be swept off to.” J.R.R. Tolkien,The Lord of the Rings
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

dts_12 wrote: Mon Oct 12, 2020 10:43 am
oldfort wrote: Mon Oct 12, 2020 10:28 am
dts_12 wrote: Mon Oct 12, 2020 10:23 am
oldfort wrote: Mon Oct 12, 2020 9:22 am
dts_12 wrote: Mon Oct 12, 2020 9:20 am Let this be a reminder to everyone, do two factor authentication. It's hands down the best thing you can do to protect yourself.

Thinks I would do:
1) Clean image of windows, probably want a professional to do this. Have them only move over documents/pictures/etc. do not move over any system/program/temp directories.
No, don't wipe anything until the bank and law enforcement have concluded their investigation.
Agree to disagree. Chances law enforcement can do anything, almost zero. Chances the attacker has persistence on the computer and may be able to do more damage, significantly higher than zero.
Local law enforcement, maybe not so much. The FBI could take an interest. I don't see how the attacker is going to be able to do more damage. If the OP is as pwned as it appears, every bit of useful data has already been exfiltrated.
Unless its a trojan and the user continues to use their computer and expose additional information. That's the whole point of persistence. This isn't a corporate network where you have the ability to quarantine the device and pull a triage package. I am skeptical the FBI has the time to take images of home computers when you have school district, government, and corporate networks getting destroyed by Cobat Strike and Ryuk every couple of hours.
Who said anything about continuing to use the computer? There's no reason you can't quarantine the device. Maybe, the FBI won't be interested, but let them tell you what they want to do. Don't assume.
dts_12
Posts: 37
Joined: Mon Feb 03, 2020 5:34 pm

Re: PC breach and identity theft nightmare

Post by dts_12 »

oldfort wrote: Mon Oct 12, 2020 11:05 am
dts_12 wrote: Mon Oct 12, 2020 10:43 am
oldfort wrote: Mon Oct 12, 2020 10:28 am
dts_12 wrote: Mon Oct 12, 2020 10:23 am
oldfort wrote: Mon Oct 12, 2020 9:22 am

No, don't wipe anything until the bank and law enforcement have concluded their investigation.
Agree to disagree. Chances law enforcement can do anything, almost zero. Chances the attacker has persistence on the computer and may be able to do more damage, significantly higher than zero.
Local law enforcement, maybe not so much. The FBI could take an interest. I don't see how the attacker is going to be able to do more damage. If the OP is as pwned as it appears, every bit of useful data has already been exfiltrated.
Unless its a trojan and the user continues to use their computer and expose additional information. That's the whole point of persistence. This isn't a corporate network where you have the ability to quarantine the device and pull a triage package. I am skeptical the FBI has the time to take images of home computers when you have school district, government, and corporate networks getting destroyed by Cobat Strike and Ryuk every couple of hours.
Who said anything about continuing to use the computer? There's no reason you can't quarantine the device. Maybe, the FBI won't be interested, but let them tell you what they want to do. Don't assume.
I guess I'm prioritizing protecting oneself versus a theoretical FBI investigation. In my experience this is now how the FBI approaches these investigations. I'm also talking about professionally quarantining a device which is more than just not using it or turning it off. A lot of people only own one computer and need to keep using it or figure out an alternative.
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

dts_12 wrote: Mon Oct 12, 2020 11:20 am
oldfort wrote: Mon Oct 12, 2020 11:05 am
dts_12 wrote: Mon Oct 12, 2020 10:43 am
oldfort wrote: Mon Oct 12, 2020 10:28 am
dts_12 wrote: Mon Oct 12, 2020 10:23 am

Agree to disagree. Chances law enforcement can do anything, almost zero. Chances the attacker has persistence on the computer and may be able to do more damage, significantly higher than zero.
Local law enforcement, maybe not so much. The FBI could take an interest. I don't see how the attacker is going to be able to do more damage. If the OP is as pwned as it appears, every bit of useful data has already been exfiltrated.
Unless its a trojan and the user continues to use their computer and expose additional information. That's the whole point of persistence. This isn't a corporate network where you have the ability to quarantine the device and pull a triage package. I am skeptical the FBI has the time to take images of home computers when you have school district, government, and corporate networks getting destroyed by Cobat Strike and Ryuk every couple of hours.
Who said anything about continuing to use the computer? There's no reason you can't quarantine the device. Maybe, the FBI won't be interested, but let them tell you what they want to do. Don't assume.
I guess I'm prioritizing protecting oneself versus a theoretical FBI investigation. In my experience this is now how the FBI approaches these investigations. I'm also talking about professionally quarantining a device which is more than just not using it or turning it off. A lot of people only own one computer and need to keep using it or figure out an alternative.
In your experience, are you employed by the FBI or have you ever been employed by the FBI? Depending on the level of persistence you're worried about, the only solution is to junk the machine after it's no longer needed for investigative purposes.
dts_12
Posts: 37
Joined: Mon Feb 03, 2020 5:34 pm

Re: PC breach and identity theft nightmare

Post by dts_12 »

oldfort wrote: Mon Oct 12, 2020 11:25 am
dts_12 wrote: Mon Oct 12, 2020 11:20 am
oldfort wrote: Mon Oct 12, 2020 11:05 am
dts_12 wrote: Mon Oct 12, 2020 10:43 am
oldfort wrote: Mon Oct 12, 2020 10:28 am

Local law enforcement, maybe not so much. The FBI could take an interest. I don't see how the attacker is going to be able to do more damage. If the OP is as pwned as it appears, every bit of useful data has already been exfiltrated.
Unless its a trojan and the user continues to use their computer and expose additional information. That's the whole point of persistence. This isn't a corporate network where you have the ability to quarantine the device and pull a triage package. I am skeptical the FBI has the time to take images of home computers when you have school district, government, and corporate networks getting destroyed by Cobat Strike and Ryuk every couple of hours.
Who said anything about continuing to use the computer? There's no reason you can't quarantine the device. Maybe, the FBI won't be interested, but let them tell you what they want to do. Don't assume.
I guess I'm prioritizing protecting oneself versus a theoretical FBI investigation. In my experience this is now how the FBI approaches these investigations. I'm also talking about professionally quarantining a device which is more than just not using it or turning it off. A lot of people only own one computer and need to keep using it or figure out an alternative.
In your experience, are you employed by the FBI or have you ever been employed by the FBI? Depending on the level of persistence you're worried about, the only solution is to junk the machine after it's no longer needed for investigative purposes.
I've had multiple interactions with the FBI in a professional capacity, but perhaps you do as well and have experience where they have approached it differently. No doubt the last few years have had a number of substantive changes in the FBI's approach to things. I get what you're saying, there could be a level of investigative benefit to leaving the computer be. I was just trying to share what I generally would advise someone from a what's in their personal best interest standpoint.
Cruise
Posts: 1084
Joined: Mon Nov 21, 2016 7:17 pm

Re: PC breach and identity theft nightmare

Post by Cruise »

rustymutt wrote: Mon Oct 12, 2020 10:47 amFor the record I use Malwarebytes premium, and defender. This serves me as a reminder to think first, then click. Stay safe.
Can you explain how using these products serves as a reminder to think first?
DesertMan
Posts: 307
Joined: Tue Dec 07, 2010 12:54 pm

Re: PC breach and identity theft nightmare

Post by DesertMan »

mhalley wrote: Sun Oct 11, 2020 9:15 pm Windows is the most popular os (88% i believe) so most malicious software and viruses are designed to attack this. The hackers are always working on ways around the antivirus software. The chrome os by design has much less vulnerability, and Linux is more secure and has a much smaller installed base so is not as big a target. In addition to the os, many attacks these days are through phishing etc where the os might not make any difference.
https://www.computerworld.com/article/3 ... urity.html
Linux, not Windows, is the world's most popular OS thanks to Android (which is Linux with extra stuff on top). Windows is a close second followed by iOS. Here are the current stats: https://gs.statcounter.com/os-market-share

No offense at all intended... but advice to avoid Windows in favor of Linux based on market share is obsolete. So is advice to get a Mac, which is a cousin of Linux through their shared Unix heritage. Apple currently runs on Intel and is switching to ARM, which are the main architectures used by Windows and Android respectively. A Mac is just a Unix box running on the same platform that other Unix boxes run on. There is nothing special about a Mac that will protect you any better than Linux, and systems based on Linux including Android and Chrome OS.

As I said previously, if you want an OS with superior security and an obscurity advantage so as to build a black box for your financial life, go with OpenBSD.
palanzo
Posts: 1658
Joined: Thu Oct 10, 2019 4:28 pm

Re: PC breach and identity theft nightmare

Post by palanzo »

DesertMan wrote: Mon Oct 12, 2020 9:47 pm
mhalley wrote: Sun Oct 11, 2020 9:15 pm Windows is the most popular os (88% i believe) so most malicious software and viruses are designed to attack this. The hackers are always working on ways around the antivirus software. The chrome os by design has much less vulnerability, and Linux is more secure and has a much smaller installed base so is not as big a target. In addition to the os, many attacks these days are through phishing etc where the os might not make any difference.
https://www.computerworld.com/article/3 ... urity.html
Linux, not Windows, is the world's most popular OS thanks to Android (which is Linux with extra stuff on top). Windows is a close second followed by iOS. Here are the current stats: https://gs.statcounter.com/os-market-share

No offense at all intended... but advice to avoid Windows in favor of Linux based on market share is obsolete. So is advice to get a Mac, which is a cousin of Linux through their shared Unix heritage. Apple currently runs on Intel and is switching to ARM, which are the main architectures used by Windows and Android respectively. A Mac is just a Unix box running on the same platform that other Unix boxes run on. There is nothing special about a Mac that will protect you any better than Linux, and systems based on Linux including Android and Chrome OS.

As I said previously, if you want an OS with superior security and an obscurity advantage so as to build a black box for your financial life, go with OpenBSD.
I'm sorry but Android is not Linux. Android uses a modified monolithic Linux kernel. The rest of the Android OS is Android. Android is not a Linux distro and you cannot run Linux programs on Android.

On the desktop/laptop Linux has a very small market share as indicated in the chart. IMHO Linux is an excellent choice for a secure OS. In particular there are several distros which focus on security e.g. Qubes. There is also openBSD, as you mentioned, which is a Unix like security focussed OS. I agree with you about using OpenBSD for your financial life but there are Linux alternatives to that too.

The other missing piece is the server market both public internet and company networks and Linux is used extensively. So there are a lot of people around the world focussed on keeping Linux secure.
MikeG62
Posts: 3260
Joined: Tue Nov 15, 2016 3:20 pm
Location: New Jersey

Re: PC breach and identity theft nightmare

Post by MikeG62 »

oldfort wrote: Mon Oct 12, 2020 11:25 am
dts_12 wrote: Mon Oct 12, 2020 11:20 am
oldfort wrote: Mon Oct 12, 2020 11:05 am
dts_12 wrote: Mon Oct 12, 2020 10:43 am
oldfort wrote: Mon Oct 12, 2020 10:28 am

Local law enforcement, maybe not so much. The FBI could take an interest. I don't see how the attacker is going to be able to do more damage. If the OP is as pwned as it appears, every bit of useful data has already been exfiltrated.
Unless its a trojan and the user continues to use their computer and expose additional information. That's the whole point of persistence. This isn't a corporate network where you have the ability to quarantine the device and pull a triage package. I am skeptical the FBI has the time to take images of home computers when you have school district, government, and corporate networks getting destroyed by Cobat Strike and Ryuk every couple of hours.
Who said anything about continuing to use the computer? There's no reason you can't quarantine the device. Maybe, the FBI won't be interested, but let them tell you what they want to do. Don't assume.
I guess I'm prioritizing protecting oneself versus a theoretical FBI investigation. In my experience this is now how the FBI approaches these investigations. I'm also talking about professionally quarantining a device which is more than just not using it or turning it off. A lot of people only own one computer and need to keep using it or figure out an alternative.
In your experience, are you employed by the FBI or have you ever been employed by the FBI? Depending on the level of persistence you're worried about, the only solution is to junk the machine after it's no longer needed for investigative purposes.
Couldn't the OP get a backup drive and clone the hard drive to the backup. Then wipe the hard drive, reinstall the OS and rebuild from there. Retain the backup in the event any investigation on its contents is required.
Real Knowledge Comes Only From Experience
dts_12
Posts: 37
Joined: Mon Feb 03, 2020 5:34 pm

Re: PC breach and identity theft nightmare

Post by dts_12 »

MikeG62 wrote: Tue Oct 13, 2020 6:10 am
Couldn't the OP get a backup drive and clone the hard drive to the backup. Then wipe the hard drive, reinstall the OS and rebuild from there. Retain the backup in the event any investigation on its contents is required.
Depends, if you need what was in memory then no that wouldn't work.
oldfort
Posts: 1929
Joined: Mon Mar 02, 2020 8:45 pm

Re: PC breach and identity theft nightmare

Post by oldfort »

MikeG62 wrote: Tue Oct 13, 2020 6:10 am
oldfort wrote: Mon Oct 12, 2020 11:25 am
dts_12 wrote: Mon Oct 12, 2020 11:20 am
oldfort wrote: Mon Oct 12, 2020 11:05 am
dts_12 wrote: Mon Oct 12, 2020 10:43 am

Unless its a trojan and the user continues to use their computer and expose additional information. That's the whole point of persistence. This isn't a corporate network where you have the ability to quarantine the device and pull a triage package. I am skeptical the FBI has the time to take images of home computers when you have school district, government, and corporate networks getting destroyed by Cobat Strike and Ryuk every couple of hours.
Who said anything about continuing to use the computer? There's no reason you can't quarantine the device. Maybe, the FBI won't be interested, but let them tell you what they want to do. Don't assume.
I guess I'm prioritizing protecting oneself versus a theoretical FBI investigation. In my experience this is now how the FBI approaches these investigations. I'm also talking about professionally quarantining a device which is more than just not using it or turning it off. A lot of people only own one computer and need to keep using it or figure out an alternative.
In your experience, are you employed by the FBI or have you ever been employed by the FBI? Depending on the level of persistence you're worried about, the only solution is to junk the machine after it's no longer needed for investigative purposes.
Couldn't the OP get a backup drive and clone the hard drive to the backup. Then wipe the hard drive, reinstall the OS and rebuild from there. Retain the backup in the event any investigation on its contents is required.
What if you have full disk encryption?
palanzo
Posts: 1658
Joined: Thu Oct 10, 2019 4:28 pm

Re: PC breach and identity theft nightmare

Post by palanzo »

dts_12 wrote: Tue Oct 13, 2020 8:29 am
MikeG62 wrote: Tue Oct 13, 2020 6:10 am
Couldn't the OP get a backup drive and clone the hard drive to the backup. Then wipe the hard drive, reinstall the OS and rebuild from there. Retain the backup in the event any investigation on its contents is required.
Depends, if you need what was in memory then no that wouldn't work.
If the machine has been turned off since then that information is gone. The incident happened 2+ weeks ago.
rich126
Posts: 2154
Joined: Thu Mar 01, 2018 4:56 pm

Re: PC breach and identity theft nightmare

Post by rich126 »

This is a bit off topic but security/ID related.

I've noticed there is a strong correlation between the number of spam emails and spam phone calls and when I give out my phone/email address. I doubt it is a coincidence.

1. Doctor's offices - Often when I provide that info to them, not long afterwards the spam starts.
2. Selling my house - Since I've done that I've gotten anything from "Chase" leaving me voicemails about complaint/escalation department to a voicemail claiming if I don't call this number that an arrest warrant will be issued. The English was far from good along the lines of "wish you an arrest warrant". (I called Chase the other day and they confirmed they did not leave me any messages.)

My best guesses on this is that they use either online databases that are compromised, their systems have been hacked, or they knowingly or unknowingly (through 3rd parties) sell the information.

It is sad how terrible security is and few care and no one wants to spend any money on fixing it. Most doctor offices use Windows systems and have wifi that is probably easily hacked. Real estate certainly isn't any better. Generally if it isn't anything important I will use different phone numbers or email although for some stuff I don't want to miss the call. For example I just happened to answer one call and it was related to a job interview.
dts_12
Posts: 37
Joined: Mon Feb 03, 2020 5:34 pm

Re: PC breach and identity theft nightmare

Post by dts_12 »

palanzo wrote: Tue Oct 13, 2020 10:21 am
dts_12 wrote: Tue Oct 13, 2020 8:29 am
MikeG62 wrote: Tue Oct 13, 2020 6:10 am
Couldn't the OP get a backup drive and clone the hard drive to the backup. Then wipe the hard drive, reinstall the OS and rebuild from there. Retain the backup in the event any investigation on its contents is required.
Depends, if you need what was in memory then no that wouldn't work.
If the machine has been turned off since then that information is gone. The incident happened 2+ weeks ago.
Hence the 'depends'. If you're doing doing forensics in a timely manner and in a a way that would likely be required to be corroborative in an FBI investigation, then no that's not enough. If you've turned it off or its been a couple weeks then yeah that's going to be a good chunk of what you could do.
Post Reply