Need help to stop a hacker

[Guest spazi]

Hope I'm not breaking any forum rules, but here goes.

Hi guys, I know I'm very new to this forum but I have something very serious I need some help with.

I live in a small country of only 50k population and only two ISP's

The fact is that there is a lot of people that are getting their bank accounts hacked. Yesterday a friend of the family got hacked but luckily the transaction got cancelled.

Very recently a guy got hacked for half a million.

Really uncool. The guy almost got bankrupted.

That got me thinking, what does these guys have in common.

I actually called the guy who got hacked for 0.5 mill. He was actually very nice and liked the fact that I'm just trying to help.

He told me that his router got hacked and admin password changed, he had a 12 cipher password, upper and lower case and numbers.

He said that the hacker infected his computer with something he wasn't sure (guessing some kind of payload?)

it was his home computer and he uses it daily.

The friend of the family has been very skeptic about my questions, and I can't determine if his router got hacked or not since he won't let me check it, but it's the same story. Guy get's hacked, looses money.

The banks have now imptlemented a text message service so you'll know if something is going on.

I have this theory that the hacker hacked a website that everybody visits daily, logs their IP and hacks their router.

the main ISP is so stupid that all the routers they sell have the same password!

When he hacked the router, he probably uses shell scripting or hacks the computer to get the login and password.

I have a list of the websites that I suspect are the problems, and I would really appreciate it if anyone could help me scan them for weakness and report it.

Since I don't want to break any rules I've decided to now show them, if anyone want's to help, PM me please!

Can anyone give me some advice or maybe have an idea how the hell he pulls it off?

Atleast one person get's hacked every second week now, it's just too much!

I've contacted a journalist, and I've explained my theory and given him a guide how people can avoid getting hacked.
Includes reseting the router, changing the default password and updating it.

Also updating the computer should atleast get rid of some exploits right?

also adviced people to use 12 to 16 cipher password upper and lower case including numbers.

Any advice would be greatly appreciated!

Thanks.

Edited June 19, 2013 by spazi

[Isolot]

Hi Spazi,

You need to be careful about the terminology you are using...active scanning is illegal, passive scanning is legal. Making active requests which probe the website for "weaknesses" is breaking the law but passively reviewing the source to make sure there isn't things like persistent beef hook XSS code isn't. If you start using automated scanners against public websites then you are in the bad guy camp regardless of your intentions.

If the problem is as widespread as you say it is, then i would go into business retrofitting each house with a pfsense router. Implement the Snort intrusion prevention system and work on making a solid rule set that you can deploy to clients. If your clients are loosing millions then they have plenty to spend on implementing defence.

Isolot.

[Guest spazi]

Thanks for the info, I'll look into that :)

[tom564]

If the routers had a remote execution/access feature enabled and used a weak password/ has a vulnerability such as the one 2Wire had a while ago it would be possible for the DNS servers to be changed to a malicious one.