NEES HELP! Unwated user accessing my laptop via WiFi

Questions about WIFI networks and devices
Forum rules
Before you post please read how to get help
Gonzo365
Level 1
Level 1
Posts: 6
Joined: Thu Jul 19, 2018 3:55 am

NEES HELP! Unwated user accessing my laptop via WiFi

Post by Gonzo365 » Thu Jul 19, 2018 4:15 am

Hi everyone, I'm a Linux newbie. A few weeks ago I decided to try out Mint and while it's great, I still feel lost at times.

So my issue is this, I'm renting a place for the week that offers WiFi for all tenants to use. I was connected last night and left my computer for a few minutes, when I came back someone was on my computer going through folders and files. I shut it down and have disconnected all my devices from the Wifi.

What can I do in this situation? I have already reported this to the building owner but I want to know how this person was able to connect to my computer or how I can figure out who it was?

I had ufw enabled and set to public protection if that helps. Thanks in advance

User avatar
jimallyn
Level 18
Level 18
Posts: 8455
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by jimallyn » Thu Jul 19, 2018 4:17 am

Gonzo365 wrote:
Thu Jul 19, 2018 4:15 am
when I came back someone was on my computer going through folders and files
How do you know that?
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

User avatar
AZgl1500
Level 9
Level 9
Posts: 2595
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by AZgl1500 » Thu Jul 19, 2018 6:05 am

His statement sounds as though he was witnessing an app like TeamViewer running.

and how did they get that installed in the first place?
I also need to learn how to prevent that from happening.
I live in a lot of Motels several times a year.

My defence has been to enable my VPN so the local WiFi folks can't target me.

Gonzo365
Level 1
Level 1
Posts: 6
Joined: Thu Jul 19, 2018 3:55 am

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by Gonzo365 » Thu Jul 19, 2018 9:14 am

jimallyn wrote:
Thu Jul 19, 2018 4:17 am
Gonzo365 wrote:
Thu Jul 19, 2018 4:15 am
when I came back someone was on my computer going through folders and files
How do you know that?
Because I saw the mouse physically moving around on the screen, opening folders. It's as if they had a remote connection to my computer but how would that be possible? This is a fresh install of mint, the only thing I've downloaded and installed is PIA which I've been using with no issues on other computers for nearly a year now.

This is why I assume it was someone on the shared WiFi accessing my computer.

Gonzo365
Level 1
Level 1
Posts: 6
Joined: Thu Jul 19, 2018 3:55 am

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by Gonzo365 » Thu Jul 19, 2018 9:15 am

AZgl1500 wrote:
Thu Jul 19, 2018 6:05 am
My defence has been to enable my VPN so the local WiFi folks can't target me.
I do run PIA at all times with the Killswitch enabled.

User avatar
Pierre
Level 17
Level 17
Posts: 7414
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: NEED HELP! Unwated user accessing my laptop via WiFi

Post by Pierre » Thu Jul 19, 2018 9:24 am

unless you know off some Remote Program, that is / was running on your machine,,
then there is still no way of checking for this . .

so, you can now have two options:
- go for the Nuclear Option & re-install the Linux System, again.
- keep using the machine, until you see this issue again .. it may not ever occur, again.

ie: I've been advising an OP in an similar position, and they have just kept on using their machine,
as this is often an hardware issue - - particularly That Mouse - - can move, By Itself,, for various reasons.
:o
YES - - I've seen this too - - where The Mouse Moves By Itself - - it's an hardware issue.
( an external mouse,, not the inbuilt mouse on an Laptop & it was to do with the MousePad that it was resting on )
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

User avatar
smurphos
Level 7
Level 7
Posts: 1650
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by smurphos » Thu Jul 19, 2018 9:31 am

Gonzo365 wrote:
Thu Jul 19, 2018 9:14 am
This is a fresh install of mint.
Which version? 19 Stable has no remote access software installed by default, but prior versions (including 19 beta) shipped with vino pre-installed. However by default it was not active.

This could happen quite easily if

1)Vino was enabled without password protection or a weak password.
2)There was a UFW rule to allowing incoming for the VNC ports, UFW is off, or UFW allows incoming connections generally.

Gonzo365
Level 1
Level 1
Posts: 6
Joined: Thu Jul 19, 2018 3:55 am

Re: NEED HELP! Unwated user accessing my laptop via WiFi

Post by Gonzo365 » Thu Jul 19, 2018 9:37 am

Pierre wrote:
Thu Jul 19, 2018 9:24 am
unless you know off some Remote Program, that is / as running on your machine,,
then there is still no way of checking for this . .

so, you can now have two options:
- go for the Nuclear Option & re-install the Linux System, again.
- keep using the machine, until you see this issue again .. it may not ever occur, again.

ie: I've been advising an OP in an similar position, and they have just kept on using their machine,
as this is often an hardware issue - - particularly That Mouse - - can move, By Itself,, for various reasons.
:o
YES - - I've seen this too - - where The Mouse Moves By Itself - - it's an hardware issue.
( an external mouse,, not the inbuilt mouse on an Laptop & it was to do with the MousePad that it was resting on )
The mouse wasn't just moving though, it was clicking on folders and opening them.

What are some remote programs I can check for to see if they are open or running? I aussumed they were disabled by default, I turned off display sharing already.

User avatar
trytip
Level 8
Level 8
Posts: 2140
Joined: Tue Jul 05, 2016 1:20 pm

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by trytip » Thu Jul 19, 2018 9:38 am

this is a serious issue if someone actually got access to your laptop on a public wifi. have no clue how you setup ufw to use public protection. but even if someone got in using samba or ssh you would not see a mouse moving unless there was a remote desktop connection.

can't be certain unless you are certain that someone did open files. there's not much info, so no way to tell what the situation is. install gufw if you don't have it open it and turn it on deny access to incoming and allow outgoing. in the report tab you can see what's connected. what do you have for connections?
Image

User avatar
Pierre
Level 17
Level 17
Posts: 7414
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by Pierre » Thu Jul 19, 2018 9:47 am

" The mouse wasn't just moving though, it was clicking on folders and opening them".
- - well - - I've seen that too,, as yeah,, it was seriously Ghost Like - - weird stuff.
and it was still The Mouse Playing Up .. . .
:shock:
so, anyway, there is several ways to remote into your machine,
- but not as easy as it is with that Windows system.
your best method & for peace-of-mind as well - - is to re-install the whole LinuxMint System - again.
:o
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

User avatar
Faust
Level 4
Level 4
Posts: 415
Joined: Thu Jul 14, 2016 3:40 am

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by Faust » Thu Jul 19, 2018 9:51 am

Gonzo365 wrote:
Thu Jul 19, 2018 4:15 am
..... but I want to know how this person was able to connect to my computer or how I can figure out who it was?
Those are the key questions , and they're tough to answer , unless you already have some pen-testing / forensic skills .

Everything you say points to someone on the same local network having deliberately compromised your machine ( eg. installed a remote desktop app )
What does the mouse pointer do if you disconnect completely from the wifi /ethernet ..... Nothing ?

Well in that case , start narrowing down the possible suspects ....
How many people in that building have access to the wifi ?
Where is the router physically located ?..... Is that where the landlord / janitor lives ?

If I were in that position , I'd back-up my personal files and do a fresh install of the OS , just for safety , then I would go hunting ...

BTW - Firewall offers no protection in this situation .
Last edited by Faust on Thu Jul 19, 2018 9:58 am, edited 2 times in total.
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

Gonzo365
Level 1
Level 1
Posts: 6
Joined: Thu Jul 19, 2018 3:55 am

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by Gonzo365 » Thu Jul 19, 2018 9:53 am

smurphos wrote:
Thu Jul 19, 2018 9:31 am
Gonzo365 wrote:
Thu Jul 19, 2018 9:14 am
This is a fresh install of mint.
Which version? 19 Stable has no remote access software installed by default, but prior versions (including 19 beta) shipped with vino pre-installed. However by default it was not active.

This could happen quite easily if

1)Vino was enabled without password protection or a weak password.
2)There was a UFW rule to allowing incoming for the VNC ports, UFW is off, or UFW allows incoming connections generally.
I'm running Mint 18.3. Vino was enabled because I didn't know about it before this happened (I've been reading for hours searching about all possible ways someone could have done this) but even then the security feature was enabled where I had to confirm any connections. I've since set a password and disabled it all together.

What I bolded in your post is the only thing I could think of. Is it possible if the ufw was set to home that someone could do this? I don't recall if it was or not because I quickly disconnected and changed security settings to be more strict after this happened.
Last edited by Gonzo365 on Thu Jul 19, 2018 9:56 am, edited 1 time in total.

HaveaMint
Level 4
Level 4
Posts: 381
Joined: Fri Feb 02, 2018 9:56 pm
Location: Somewhere in th USA
Contact:

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by HaveaMint » Thu Jul 19, 2018 9:55 am

If Vino-Server is installed and not set to where you have to physically allow it by clicking ok on your PC and no password / firewall then it is easy to take control
Last edited by HaveaMint on Thu Jul 19, 2018 10:20 am, edited 1 time in total.
"Tune for maximum Smoke and then read the Instructions".

HaveaMint
Level 4
Level 4
Posts: 381
Joined: Fri Feb 02, 2018 9:56 pm
Location: Somewhere in th USA
Contact:

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by HaveaMint » Thu Jul 19, 2018 10:03 am

If you save your passwords to your bank account on that PC I would change it and NOT ever have your browser save that kind of info.
"Tune for maximum Smoke and then read the Instructions".

Gonzo365
Level 1
Level 1
Posts: 6
Joined: Thu Jul 19, 2018 3:55 am

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by Gonzo365 » Thu Jul 19, 2018 10:08 am

Faust wrote:
Thu Jul 19, 2018 9:51 am
Gonzo365 wrote:
Thu Jul 19, 2018 4:15 am
..... but I want to know how this person was able to connect to my computer or how I can figure out who it was?
If I were in that position , I'd back-up my personal files and do a fresh install of the OS , just for safety , then I would go hunting

BTW - Firewall offers no protection in this situation .
I've had no issues since disconnecting from the LAN. There are only 3 other people in this building. I normally have access to Kali but didn't bring it with me as I'm a newbie on that environment too.

If firewall is useless what good would a fresh install be? Couldn't they exploit the same vulnerabilities as before?

Also, how exactly would you go hunting? What would be your game plan in this situation?

User avatar
Faust
Level 4
Level 4
Posts: 415
Joined: Thu Jul 14, 2016 3:40 am

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by Faust » Thu Jul 19, 2018 10:38 am

Gonzo365 wrote:
Thu Jul 19, 2018 10:08 am
.....I normally have access to Kali but didn't bring it with me as I'm a newbie on that environment too.....
There you go .... everything you need is right there .

Find yourself some good tutorials and study up , but beware of posting noob questions ....
..... some of those forums can sense noobs /skiddies /wanabees from a mile away , and they can be harsh !

I won't be commenting any further because we may quickly head into murky waters .... ethically/legally/morally

Other than that .... get yourself a quality VPN , just for starters , before you ever connect to that network again !
Good luck and good hunting .
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

Mattyboy
Level 6
Level 6
Posts: 1196
Joined: Thu Mar 26, 2015 2:17 pm

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by Mattyboy » Thu Jul 19, 2018 10:44 am

did you consider running

Code: Select all

last
in terminal?

User avatar
smurphos
Level 7
Level 7
Posts: 1650
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by smurphos » Thu Jul 19, 2018 10:51 am

Fresh install is recommended - just in case an attacker has planted any unwanted programs or tweaked settings to facilitate ongoing access.

As advised a VPN is basically mandatory or any public/shared wifi. There are plenty of tools out there to allow even the most amateur script kiddy to listen in on wifi traffic on the same network, and presumably everyone has got the same WPA2 key so that is no barrier. The Firewall is no help here.

Once you've got a fresh install and VPN, enable the firewall. Use the home profile not the public profile. Then apply all system updates to ensure all known security vulnerabilities are patched.

Then you can pen test your new install on the shared wifi if so wish.

Personally, I'd invest in a 4G dongle or 4G wifi router. They are not expensive and at least here in the UK 4G is coming down in price, and usage limits are going up to the point where it is a reasonable alternative to traditional ADSL or VDSL.

gm10
Level 11
Level 11
Posts: 3502
Joined: Thu Jun 21, 2018 5:11 pm

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by gm10 » Thu Jul 19, 2018 11:04 am

Gonzo365 wrote:
Thu Jul 19, 2018 10:08 am
If firewall is useless what good would a fresh install be? Couldn't they exploit the same vulnerabilities as before?
His point (hopefully) was that a firewall is useless in a situation where your system has already been penetrated and backdoored. Your firewall will just be bypassed, your own system will initiate the connection to the attacker's server so your firewall never blocks it.

On a fresh install, however, the situation is different. First thing to do before enabling the network is to enable the firewall with a policy to block incoming connections. That prevents a remote attacker from connecting to any services running on your system, so unless you specifically install software on your device to initiate remote connections or careless install some sort of malware that does that for you, then you are basically safe from getting compromised over a network (nothing is ever 100% but for practical purposes you will be).

And yes, definitely completely clean install after you got compromised, keep nothing. Hope that your UEFI didn't get compromised...

User avatar
phd21
Level 16
Level 16
Posts: 6989
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: NEES HELP! Unwated user accessing my laptop via WiFi

Post by phd21 » Thu Jul 19, 2018 3:03 pm

Hi Gonzo365,

I just read your post and the good replies to it. Here are my thoughts on this as well.

Although it is not uncommon that your mouse cursor can move on its own, it would be very unlikely that your computer would be browsing your filesystem on its own which does indicate an intruder / hacker.

The firewall is very important and should be one of the first things anyone should enable (turn on) which by default blocks all incoming connections. But if your system is already compromised, then the firewall is not much help.

As was already stated, the safest option is to reinstall Linux Mint after backing up anything important. This way if the intruder(s) uploaded any remote access or remote control malware the reinstallation will not include that. Use a new computer name and login name and password. It only takes about 15 minutes to install or reinstall Linux Mint, run the updates, then install any apps you want and restore your backed up files and folders.

Because your system has already been hacked, change all your passwords now.

You can create a bootable DVD of Kaspersky antivirus antimalware, or one of the others (Avira, DrWeb, etc..) boot to that, update its definitions, and scan your entire system.

Dr.Web Administrator emergency aid kit Free utilities (DVD or USB stick)
https://free.drweb.com/aid_admin/?lng=en

There are various relatively easy steps to help prevent your systems from being hacked or taken over using home or business wired or wireless networks or public wifi networks.

- Enable the Linux Mint firewall first...

1.) Use good strong passwords that are 17-20 mixed characters and symbols (do not use spaces, #, or quotes). Do not use the same password for everything. If need be, use a password manager to store and or create these passwords, KeePassXC is excellent. Remember to change your passwords every now and then. If your computer is ever unattended (left alone) especially while you are away, use the Screen Saver (screen locker) requiring your password, maybe even setup a Bios boot password too.

2.) install "fail2ban" or something like it (denyhosts, "heatshield"?, etc...) to prevent hackers from trying multiple times to crack your login. This also creates a log of any IP addresses which you can review.

3.) If you have your own hardware router, even a portable mini travel router, use that to connect with any public Wifi or foreign wired Ethernet or wireless networks with your own WPA2 security logins and strong password and any of your computers, phones, etc.. always connect to your router. Make sure all security features are enabled (the hardware firewall, maybe even Mac address hardware filter limiting, etc..)

4.) Change your local ISP DNS server IP addresses to neutral secure ones from a reliable DNS provider which can easily be done in hardware routers and or desktops and Internet accessing devices (smartphones, etc...)

5.) Use a good VPN provider with a good password. PIA (Private Internet Access) is a great VPN provider. You should change the password for any existing VPN accounts and their server connections.

6.) Disable any remote control software like "Vino" when not in use and of course use strong passwords and any other security features that remote access apps may have.

7.) Some chat messengers are not secure and can provide "backdoor" access to your system, can install malware, etc... like Skype and Facebook (turn these off when not in use). Use the "Firejail" sandboxing app with these and all Internet enabled applications to help protect your system. There are secure messengers ("qTox 'Qtox' ", "Wire", Ring, Jitsi, Linphone, etc...)

8.) With all Internet browsers, there are extensions and add-ons which should be installed to prevent websites or their advertisements from installing malware and such. My favorites are "uBlock origin" (some browsers have built-in ad blocking now), Disconnect, Privacy badger or Privacy Protector Plus, https everywhere, etc...

There are really good posts on this in this forum search for "online banking", public wifi, etc...

Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

Post Reply

Return to “Wireless”