I've been hacked, raped, and robbed.

I got a call from my bank's fraud detection unit yesterday informing me that they froze my online banking privileges because 2 suspicious email transfers occurred the day before for almost $1500. Oh sh*t. I did not make these transactions.

Some dickhead somehow hacked into my system, used a keylogger on my main computer and robbed me of $1500 that the fraud detection team seemed to think it was uncertain at best I would ever get back.

I immediately began a Trend online virus search on my computers. I run naked and scan with Trend every couple weeks as I am behind a hardware firewall, am a super savvy surfer, don't use microsoft outlook and generally delete any mails I wasn't expecting. I loathe the devouring of my system resources. Maybe I need to change.

Anyway, my main machine and 2 other computers came up clean. My kid's computer (shared by my children aged 4 and 7 and my 14yr old nephew when he's over) came up with one trojan and one backdoor. Uh Oh. My wife used online banking to pay our bills one week ago. I also installed a wireless network with WPA password protection a couple weeks ago.

So, to my reckoning, either the dickhead was cruising my suburban neighborhood with a laptop scanner and the knowledge of how to break the newest wireless encryption or one of the viruses let the dickhead in and he somehow put a keylogger on my main machine without leaving a trace. By no trace I mean I used 2 different keylogger detection programs and my whole network came up clean. My hardware router's meager logging only goes back to Oct 1st but shows that only my authorized machine made contact since then.

I am so angry this happened to me. I am the guy people bring their systems to after things like this happen to them! I've cleaned more spyware out of people's systems than I could possibly count. Other than running virus protection 24/7 I've used every other precaution I possibly knew how to make. My brother works for an antivirus/spyware company for Christ's sake!!!!

So, does anyone have any idea on what I should do in the aftermath of this? Are my assumptions faulty? Would a virus scanner pick up a backdoor program the Dickhead placed manually after being in my system or is deleting the viruses on my kids system enough? Is there anything other than flattening all 4 computers on my network I can do to be sure I'm safe now?

Aaaaaarrrggghhhh!!!!!! I hate this.

Ouch.

Sorry to hear this. ID theft sucks.

I run a hardware firewall (router with NAT) and use Norton AV on both my PC's. I may be nieve, but I think that's enough protection. If I'm wrong, somebody please tell me.

Could they have hacked anyone you've done business with online lately? The only time we had fradulent credit card charges, that's what happened to us.

That sucks, Spleen. I wish I had more to offer you than my condolances.

Man, that sucks.

PyromanFO wrote:

Could they have hacked anyone you've done business with online lately? The only time we had fradulent credit card charges, that's what happened to us.

I don't think so Pyro as it was apparently done through an "email transfer" from my online banking. I don't know what an "email transfer" is but that's what they did.

Wow, that totally sucks, Spleen!

A good virus scanner should get rid of all of it (unless the guy actually wrote the virus from scratch then the scanner might not notice it (in which case he's better than most "hackers")).
I would double check a few things:
1) that you can still access the routers functions (you did go ahead and change the routers password right?)
2) if you aren't actually sharing files across the network, shut all that crap off.
3) disable the broadcasting of the ID, and then change it on the router and all your computers.

if you are truely paranoid, I would suggest a complete wipe of the affected system with a reinstall from CDs.

Er from rereading your post you've probably done most of that already, but it's good reference for others I guess.

Depending upon if they can catach the guy or not you might not be able to figure out where the data was swiped from (he could, for instance, work at your ISP and intercept the data there (tougher, but definitely doable))

Hopefully they will be able to track the person down, given s/he had to send the money somewhere, and at some point will he spent it on something that person needed/wanted (one doesn't usually steal just for the sake of stealing).
or maybe you bank will be able to reverse the deduction from your account.

I hope it all works out for you.

Man. If that stuff happens to those with that much protection, that pretty much makes all of us vulnerable, eh?

I swear, this stuff makes me want to cancel all credit cards and deal strictly in cash. But you can't pay bills that way anymore, and someone could still steal your identity and get new cards in your name anyway. There's really no protection from this, and especially since laws favor corporations over people these days, anyone this happens to is screwed.

Man that sucks.

Just to be on the safe side, have you called your bank again to confirm all of this. Just because so and so said they were with your bank doesn't make it so. If the caller was legit, ask to see the details of the "e-mail" transaction, maybe that will shed some light on where the problem was.

Don't use debit cards, heck don't even get debit cards. Make ALL transactions on credit cards and pay them off every month.

Finally, if they say you are stuck with the missing $1500, tell them thats fine, but you will be taking your banking elsewhere, and then start following through on that. It might not change their decision, but you never know.

That's pretty ironic. Sorry dude!

Farscry wrote:

Man. If that stuff happens to those with that much protection, that pretty much makes all of us vulnerable, eh?

I swear, this stuff makes me want to cancel all credit cards and deal strictly in cash. But you can't pay bills that way anymore, and someone could still steal your identity and get new cards in your name anyway. There's really no protection from this, and especially since laws favor corporations over people these days, anyone this happens to is screwed.

Actually, credit card companies will rule in favor of the consumer almost every time. My family runs a business, and any time a customer reports that there was either a transaction they didn't make, or they stop payment, it comes out of our pockets. It's not in the credit card companies' interest to make it hard for people to use their cards.

Debit cards, on the other hand, are a whole different ball of wax, as badferret alluded to. Since it's real money, once you spend it, it is pretty much gone until the perps get tracked down (IF they get tracked down.)

Our CC# got stolen last year when my wife was ordering stuff online from Victoria's Secret. It was worth it.

Even the credit card stuff can be a pain, despite the insurance of 0 liability. My credit card number was swiped about 10 months ago and I'm still dealing with the fallout. The charges were finally dropped from my card, but not the associated fees. The card company still claims that I owe them money that I still refuse to pay. Meanwhile the fees keep accruing. I did finally get them to reverse their negative mention on my credit report, but the damage had been done on that. I was denied an account I needed, and missed an opportunity to refinance my auto loan. Not to mention the fact that my main credit card (which had a zero balance when it was swiped) has been unusable for almost a year. Basically, whoever stole my credit card number ruined my credit and complicated my life immeasurably. So much for the victimless crime.

Ouch Fletch, that bites man.

A couple points of info. A lady from the bank assured me I'd get my money back when the investigation was done so long as they don't determine I'm the source of the fraud.

Also, in retrospect, just because I know what I'm doing on the internet doesn't mean my kids, nephew and guests do and so I think that I'll find an anti-virus program for my kids computer at the very least. I'll probably go with AVG as I think it's free.

Advice on dealing with the bank: take down names, numbers and dates/times every time you speak with someone, and ask that all promises and assurances are given to you in writing.

Also, in retrospect, just because I know what I'm doing on the internet doesn't mean my kids, nephew and guests do and so I think that I'll find an anti-virus program for my kids computer at the very least. I'll probably go with AVG as I think it's free

You've lost $1500 as it is, dropping a few bones on Norton or McAfee isn't that big of a deal.

Also, you might want to look into creating restrictive user accounts for your kids and guests. On my wife's computer I have an Admin account and her own account. I setup her account with a bunch of security policies that make it impossible for her to pretty much do anything except listen to music and browse the Net. Since I've done that, we've never had any potential security issues and no spyware problems either.

Damn, L&L. Can you set it up to tell you who she's actually going "shopping" with, too?

Fletcher wrote:

Damn, L&L. Can you set it up to tell you who she's actually going "shopping" with, too?

Yes.

You're a net-savvy surfer. Are your kids? Maybe they were somewhere they shouldn't be.

It makes me pretty angry there are people out there like that.

I could be a thief. I have skills that would make it very hard to track. A month's training, max, and I could be formidable as hell. Not just with my technical background, but also because of my law enforcement background.

But I couldn't live with the though of ruining people's lives. I just don't understand how they can get past it. I just can't get past the thought that the money I'd be stealing might be what's keeping someone from losing their house, or even putting food on their table. Or maybe they're sick and desperately need that money to buy medicine. Maybe they're ungodly rich and it doesn't matter if I empty their savings account. More than likely that isn't the case though.

I just don't get how anyone can be that callous.

Restricted user accounts are the way to go, even for your own self.

I doubt that anyone cracked your WPA key and inserted malware into that computer, although it is not impossible. Most WAPs can also section off the wired from the wireless portion of your network and not allow a wireless client to talk to any other computer connected.

The only other way to alert yourself to these kinds of events would be to run an IDS.

I keep saying this but nothing touches www.nod32.com. Nothing.

AVG is awesome. It detected a back-door insertion attempt that occured a month or so ago on my main system. I run that and Ad-Aware, both in the automatic mode. But...I only run daily scans on my other two systems. Hmmm. So far so good, but...

Definitely scan nightly.

Botswana wrote:

I just don't get how anyone can be that callous.

Fine! I'll return the money...sheesh.

Seriously, this sucks, Spleen. And makes me feel very vulnerable. Hope they track down and prosecute the perp and you get your money back.

This reminds me that I really, really need to get rid of my Dbt Card. That number is floating all over the place. I know folks have had problems with AVG before, but I've been using it for two years with no issues. That being said, Nod32 looks really sweet (small footprint is attractive), and Shihonage always pimps f-prot (it has some kind of heuristic scanning method where it doesn't need definition files or something). Give them a look before you just go with the "free" option, Spleen. Then again, with the account 1500 bucks lighter, maybe free ain't so bad.

Really sorry to hear about it, bud.

Are they saying somebody managed to send these transfers using YOUR account?
http://www.scotiabank.com/cda/content/0,1608,CID6031_LIDen,00.html

If so, I bet the security fault was not on YOUR side it could've just as easily have been hacked from the outside.

added--
Another interesting tidbit here
http://www.paintballforum.com/forum/archive/index.php/t-89415.html

Let me clear up one thing - antiviruses are not going to detect a custom-made, or even a customized existing backdoor, with few possible lucky exceptions, on which you shouldn't rely. The heuristic routines in most of them are impotent when it comes to something other than either a slight modification of a known virus, or a blatantly destructive program which doesn't make any attempts to hide it.

If I was in your place, I would run the system in SAFE MODE to prevent the program for circumventing what you're doing, then run MSCONFIG and disable every suspicious startup link as well as go and delete those executables, or move them in a "suspicious" folder.
Then I would scan the system with several antiviruses with heuristics enabled, Ad-Aware, and Spybot.

Of course there's no substitute to simply following rules of safe Internet use and teaching them to everyone on your LAN.

Skywise wrote:

Are they saying somebody managed to send these transfers using YOUR account?
http://www.scotiabank.com/cda/content/0,1608,CID6031_LIDen,00.html

If so, I bet the security fault was not on YOUR side it could've just as easily have been hacked from the outside.

added--
Another interesting tidbit here
http://www.paintballforum.com/forum/archive/index.php/t-89415.html

Interesting you should say so Skywise because someone else I talked to today said exactly the same thing. Their theory is the bank has been compromised, not me and that it is likely an inside job. That would reassure me immensely as I have found no trace of any keyloggers, backdoors or anything on my main computer or anywhere else other than the 2 viruses on my kid's machine (which I cleaned.) Symantec gave me a false positive on a teamspeak file but that's it.

Interesting read on the paintballforum too, and sadly given the odd amounts taken out I bet that what the article references is exactly what the thieves did.

2 things: Everyone craps on NAV, and it is a pain, but other than having to temporarilly turn off "worm protection" for some online games, it has saved me from quite a few viruses.

Second, this is now less important it seems, but I was going to tell you that the bank shoulkd be reimbursing you as you are the victim of a crime and it cannot be proven definitively that it occured as a result of an intrusion onto your computers.

We get cases like these CONSTANTLY. Many are still the result of cold phone calls: "you won something" or "We closed your account, and if you need to turn it back on you need to tell us XXXX"

Some are email based phishing, rarely are they open hacks that we know of

99% go offshore at which point we, the FBI, and the other coutries government all do nothing, and the rest seem to come from Nevada

But with all of them that I have seen, unless the victim was an active participant (cashing checks for an "internet buddy" and sending the money to Nigeria for example) the victims get their money back.

I'd much rather be the victim of what happened to you than of an ID theft. - Even a partial one like Fletcher's.

But, to be safe, you need to get a copy of your credity report ASAP. If they have more than just your account info, you need to get on it ASAP.

Sorry to hear it, Spleen.

I noticed a $9.95 charge for "MAXIWEBINTRO" on my CC the other day, and a quick Google search revealed that it's a scam company that tosses out tons of minor charges in the hopes that people either won't notice them or won't bother to fix the problem. My bank's replacing my credit card and refunding the charge, as I assured them that no one could have been home when the supposed "transaction" took place, but it just feels so... violating. Ugh.