Jump to content

Recommended Posts

Posted

So recently my Amazon account was hacked (my fault due to weak password I guess) and my Steam account attempted to be accessed at the same time along with several of my other accounts as well.

So luckily Amazon reversed the transaction made and Steam sent me an email (thank god for multi factor authentication) and Steam also sent me the IP address of the attacker, I have pinned down the location to a residential apartment in Russia, my question is what next as they keep trying to gain access every few months?!?!?

Posted

Get 2FA on all your accounts, set good passwords and make sure you pay attention to any alerts of people trying to log into your account.

I'd say it is very unlikely you'll be able to do anything to stop them, just keep things locked down and hope they go away.

Posted
1 hour ago, Glowinghot666 said:

ITS YOUR FAULT. WEEK PASSWORDS ANR LIKE LEAVING YOUR CAR RUNNING AND A STEAL ME WROTE ALL OVER THE DUST? AND I BET THATS NOT THE ATTACKER IP THERE NOT BASIC LIKE WEEK PASSWORDS!

Weak** not week.

This isn't anyones fault. No one actively seeks to have their accounts hacked. Yelling at someone changes nothing. 

Drive by attacks that go after accounts happen all day long. Weak and strong passwords get hacked, including 2FA. 2FA makes it much harder, but depends on the implementation. If they have it sent to a phone and they also hacked the phone, it's not going to help. Not everything out there does 2FA either, and I personally won't use it with my phone, as that is my own belief that a phone is no more secure than your password. Someone wants to get in, they'll find a way. Yubi-key might be the only thing I'd go with for 2FA, and even then, you lose it, you have to have an alternative backup to get in, which again defeats the use of 2FA if a reset is possible in any way once 2FA stops being accessible for any reason.

As for the attackers IP, never a guarantee it's the actual attacker, and given the amount of Russian bots out there, more than likely it's a proxy or hacked account anyway.

Only thing you can do is change all your passwords, if possible, use a different email address for multiple different accounts or groups of emails for types of accounts, ie: one for game sites, one for social networks, one for fam, one for work, etc. Also, never reuse passwords among sites, and always safeguard passwords, preferably not stored on your machine unless using a password locker or such, but I'll admit, I've had passwords for things stored in text files at times when I needed them in the past. Mostly I memorize them all now, and when I can't remember, I do the reset password dance as needed.

Posted

Thanks digininja & digip for the constructive comments, so the original IP address from steam sent via email was not the Russian location I tracked the attacker back to but how I did that is not important, yes the original IP was a VPN but none the less I am curious about how theoretically I could proceed from there as I have NO intention of actually following through since my accounts were immediately secured (and for the record they are old accounts I don't use, Amazon just happened to still have valid card details on it)

Basically my question is what would YOU do if you had a confirmed attacker IP address and knew that it had an open UDP port?

Posted

I'd ignore it, go play with your kids, watch a movie or go to the pub. Never try to hack back, it isn't worth it and, no disrespect, but if you are asking on a forum about how to do it, then you probably don't have the skills to do it well enough to get anywhere (I wouldn't trust my OPSEC enough to do it).

If you really wanted to do it, you'd be looking to get a shell on the box (unlikely from a single UDP port), dig out enough information to find out who owned it and then get revenge in some way. You also have to consider that there is a good chance they are using a box they hacked and took over from someone else so all your effort could be directed against someone innocent.

To do it you would need perfect OPSEC otherwise you get into a spiral of them coming back after you and they have shown that they are happy doing illegal things so are likely to do worse things to you than you would to them.

Posted

Thanks for the quick reply, it just got me thinking when I was watching Mr Robot I suddenly thought 'what would Elliot do if it was him' and I figured you guys would have similar ideas lol :lol:

Posted (edited)
On 2/27/2017 at 1:27 PM, Clean said:

So recently my Amazon account was hacked (my fault due to weak password I guess) and my Steam account attempted to be accessed at the same time along with several of my other accounts as well.

So luckily Amazon reversed the transaction made and Steam sent me an email (thank god for multi factor authentication) and Steam also sent me the IP address of the attacker, I have pinned down the location to a residential apartment in Russia, my question is what next as they keep trying to gain access every few months?!?!?

That apartment is probably just a bounce box.  It's not accurate.

Nor would it be.

IP addresses are dynamically assigned, so that address could belong to a smart toilet in Bangladesh by now.

While not that extreme (because blocks of addresses are owned by different providers) you get the drift....

To access a database of previous address listings would require a subpoena with approval from the authority having jurisdiction.  So in this case, Russia > Oblast > Gorod.  (and these records are purged like every 2 weeks or so).

Which I know you don't have, so most likely you did some kinda google-fu and got a bull.hit answer.

Edited by IDNeon
Posted
Quote

IP addresses are dynamically assigned, so that address could belong to a smart toilet in Bangladesh by now.

This is golden stuff right here..while IP addresses from one country to another are not interchangeable in assignment(usually) I had a nice chuckle on this as the visual created made me laugh. Should be put on a xkcd comic..lol

Posted
On ‎28‎/‎02‎/‎2017 at 11:02 PM, digininja said:

Elliot used nano, he wasn't l33t!

Sh*t, I use nano :unsure:

I can use vi, but it's so slow to use. Sometimes you just want to amend a file quickly :lol:

Posted
On ‎03‎/‎03‎/‎2017 at 1:09 AM, IDNeon said:

IP addresses are dynamically assigned, so that address could belong to a smart toilet in Bangladesh by now.

Likely you did some kinda google-fu and got a bull.hit answer.

Thanks for those laughs :smile:

Sun Tzu said that offense is the best defence.

Not so for the average PC user. A strong defence is the best defence.i.e.; make those passwords decent!

Posted

Whenever there are attempts made on multiple websites, it probably means you were involved in a breach. Attackers are hoping you use the same password everywhere, so they write scripts to automatically try the same login credentials harvested from the breach on other sites. Have you checked Troy Hunt's "haveibeenpwned"?

Posted (edited)
4 hours ago, haze1434 said:

Thanks for those laughs :smile:

Sun Tzu said that offense is the best defence.

Not so for the average PC user. A strong defence is the best defence.i.e.; make those passwords decent!

Haze, your point is apt, but I'm just heaping way too much info here for fun, to elaborate some lesser known factoids :)

The original title "The Art of War" belongs to Jomini's title of his scientific work which defeated Napoleon (and was misapplied by Jomini-Napoleonic trained US-Confederate Generals during the Civil War to disastrous outcomes).


Sun Tzu's "Art of War" is wrongly titled for western audiences and is actually called "Master Sun's Rules of Warfare".  (It's a pet-peeve of mine that they stole Jomini's title to promote it to western audiences).

Most of it deals with the appropriate magical spells and which way the wind farts to divinate success on the battlefield, the rest are maxims that could be learned from the game Go.  :)

It's also a pet-peeve of mine since a phenomenon called "Orientalism" exists where Westerners heap condescending praise upon useless works as if they are profound because Westerners simultaneously think that Easterners are spiritual, philosophical and wise, and also are extremely culturally racist toward them.

Jomini's works are still the basis of all military thought, even more important than Clausewitz who was largely a philosopher and not a military scientist.

Edited by IDNeon
  • 3 weeks later...
Posted (edited)
On 03/07/2017 at 0:44 PM, digininja said:

Put the effort in and persist, you'll speed up soon enough.

 

On 03/07/2017 at 0:42 PM, haze1434 said:

Sh*t, I use nano :unsure:

I can use vi, but it's so slow to use. Sometimes you just want to amend a file quickly :lol:

I grep then use sed :ph34r:

(No logs left in home dir)

:grin:

Edited by 3mrgnc3

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...