Jump to content

VPN security using live cd


emzb
 Share

Recommended Posts

Hello all.

I don't work in IT but am being targeted by an ex-partner who is a systems tester and his 'hacking group' which consists of people that work in infosec and penetrating testing.

the hacking is very complex and has been going on for quite a while now (almost 2 years). Basically I found out that he had hacked my work PC to spy on me, then I found out who his hacking friends were and now they pretty much all like to spend their free time harrassing me.

pretty much everything gets hacked, smartphone, windows, linux, mac, even my TV recorder box which is attached to my Internet connection. 'they' will make the box pause when I am watching TV, just mess around with files and in general be annoying.

I've been using live cds since it all started but the network just gets sniffed instead.

I am not re-infecting my devices, I have had 2 new ISPs, changed routers, nuked hard discs, and I do not click on links or open attachments, I just am unlucky to be targeted by a psycho with clever friends who are presumably also psychos.

yes, I realise this sounds unbelievable but no I am not making it up (unfortunately).

my question to you is... if I buy a VPN account and use it with a live cd, can my username and password be extracted from the temporary operating system and can I trust the VPN will keep my boring ebay searches private from my ex's demented eyes or am I doomed to having my Internet searches monitored for the forseeable future?

any advice will be appreciated! thanks.

Link to comment
Share on other sites

Simple advice, get your work talk to law enforcement. If you know that your work machine was hacked by this person then your company should be able to get their attention. Depending on their local workload then they may be able to help if you go directly but corporate hacking is considered higher priority than personal.

As for the rest of it, if he is so deeply entrenched in your home network then it sounds like you aren't going to get out of it without specialist help. A VPN and live OS may help protect that instance but it won't protect your other devices.

Link to comment
Share on other sites

Live CD prevents messing with the OS to the point that if they do hack in, when you reboot, the live CD boots back to the same state. The main thing is, if you've switched ISP's, they are on your internal network devices somewhere. Whether it be one of your routers, phones, or other networked devices, they have something that calls home, so my guess is, live disc, most will do is keep them from seeing your traffic if you use something like Tails Live Disc (TOR) or some other live disc that boots and automatically connects to a VPN server. If the system boots and is intercepted or MITM'ed, would be pretty useless. you need to basically MITM your own network, find what device is hacked. Start with the router. Reflash the firmware, then reset to factory settings, and while offline, setup the router from a device thats NEVER been connected to it before. Then, add one device at a time back onto the network. You might also want to invest in a lan tap, to use something like Wireshark, to monitor traffic between the router and modem. Then if the router is not the cause, lan tap each device you hook to the router until you find which device is hacked and backdoored. From there, replace or wipe that device. If its your home DVR or TV itself, don't hook it to the internet.

Router setup.

1 - Disable uPnP, tftp, ssdp and remote managment.

2 - Disable WPS if it has it. Also, use WPA2 at a minimum. Never leave wifi open, or use WEP. WPA at a minimum.

3 - Manually enter OpenDNS IP addresses in your router. Helps from attackers trying to redirect your DNS.

The OpenDNS IP's are 208.67.222.2222 and 208.67.220.220

4 - Change default password on the router for admin interface and if possible, enable it to only be accessible over https.

After resetting the routers firmware, configuring, etc, (do this while NOT connected to the modem's ethernet WAN port and while you are offline), plug back into the modem, then power cycle the modem. This should reset your external IP as well but if it doesn't, if your router has mac address cloning, manually change the routers mac address, and then power cycle the modem again, and your external IP will change.

From there, start investigating the network.

Edited by digip
Link to comment
Share on other sites

thank you for your replies... it is overall pretty complex.

I did put in a lot of effort (months) into getting the police to investigate but have given up (temporarily anyway) due to the time involved and the fact that UK police can't even investigate paedophile cases due to lack of resources let alone a stalker ex-boyfriend.

I work for a very small company, single router, no proper network to speak of as such. the only device that I actually have online at home these days is my live cd laptop, no phones or any tablets connected, printers etc. I changed ISP, nuked & reinstalled hard drive, clicked on nothing malicious, added no infected devices to the router, and within hours, the laptop had been compromised (easy to see that time, was an additional user in the user folder).

I could flash and change dns on the router daily (found a dummies guide online!) but the VPN and disc is my preferred option - I've had to reinstall so many operating systems its a question of why try to keep them out when nothing really works when I can just use the disc permanently, that is if I can trust the VPN etc. if the VPN option will work, then I'll be perfectly happy to use that and just continue to get on with my life, which is what I have been doing for the last year, although at times the hacking issue has been, to say the least, irritating as hell. I can't even use a mobile phone as they just hack it, read all my messages and then comment on them on their Twitter pages, strange but I assure you, true.

still, if the livecd and VPN can be trusted then I would be content with that solution, for the time being... I can only trust that though if I am sure that the password cannot be extracted from the livecd files in some way?

Link to comment
Share on other sites

They sell routers, that use VPN services as well built in and configured from the VPN sellers, so thats an option as well, but that only protects you from the router to the VPN. If they are on your internal LAN somehow, you're still not fixing the problem.

Link to comment
Share on other sites

part of the problem seems to be the actual router itself... previously my old Sky router (Sagecomm) got hacked so many times, each time I flashed it, changed settings, changed the password, then next time I tried to log in to it (boot disc every time!), the password had been changed to something else remotely.

I'm an hour from London so there are probably thousands of hackers between here and there, but to find one that actually is good enough technically and morally I'm not sure! I'd be reluctant to put any faith in any group really - no doubt some of my ex's friends belong to such groups themselves but don't tell their 'normal' friends what they do under the radar... is a difficult situation there are no real answers unless their activities are exposed - I am sure there is a page somewhere with loads of stuff about me on there, messages, emails, ebay searches! its like some sort of surveillance game, but I found out which upset them so now its pick on the target even more, simple bullying really, but not simple at all!

Link to comment
Share on other sites

You are putting your faith in this group so that is a start. If you were to go to a DC4420 I'd be happy to vouch for people to trust.

Most routers don't, or at least shouldn't, allow remote administration. If you get a new one check before you do to make sure that it doesn't allow that.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...