Question Multiple security breaches - need a checklist and sanity check!!

[Kimberp]

Not sure if I've been somehow targeted across many access points, or if this has been the perfect storm... but I've been changing passwords and cleaning up PC - and everywhere I turn there's something else to do. Is there a checklist of items anyone can recommend that one goes through when their accounts have been compromised? Or do I need to hire a service? Here's the story:

In Nov, Bank of America proactively sent me a new debit card in response to a "merchant security breach".
I really didn't get too concerned. But then first week of Dec, someone logged into my EA account, and within the same 24-48 hours I found that 3 "people" were logged into my Hulu account, and someone was accessing my FB account (which luckily ONLY Hulu is connected to). I found the news about FB getting compromised, whereby phone numbers associated to accounts was released - but not sure how they'd get my password that way.
THEN I start running scans and digging into my PC and discover that there was a failed attempt to sync my Onedrive from CHINA a few days prior.💩

The last couple of months I've also been getting complaints from my gamer kid that his Xbox is laggy, amid multiple unexplained drops/resets on our ATT Uverse Fiber. So then I'm paranoid that our private network is being attacked. I live in a community where homes are very close together and there's constantly new access points and devices in range, so it's hard to tell what's suspect. In addition, my employer allows for remote VPN, and one day in the middle of this I also suddenly couldn't connect to my home wifi and it wasn't an issue I could resolve with typical troubleshooting. This had not occurred in years. I had to plug in, and our corporate tech desk reset some things on my work laptop, but didn't ask at all about my home network settings.

So, I've changed ALLLLL my passwords. ATT has a new router on the way (ours is from 2014). I just found the post on here about the NIVIDA security issue... yep I've got one of those, so downloaded the new drivers. I logged out or uninstalled all related apps from my phone.

WHAT ELSE? Do I need to worry about what's coming through the game consoles? We have Xbox and N Switch. I also have Intel in my PC - once I started reading about that is when I decided to make this post, it's all too much.
Is this really bad, or have I just gotten lucky this has never happened to be before?

Any advice would be much appreciated

 

[william p]

Get, or make on a neutral computer a Linux live DVD. Linux magazines usually come with one. I've seen BOA hacked so bad people had to get another bank. Assume they can see vertyhing you do on your computer. Start paying bills by paper check. Consider using a local credit union and no online banking. On Ebay don't set a password at all. have them send you a 1 time code to your phone to log in each time. They've been hacked also. LMAO when someone in Singapore tried to log in when there is no password.
Boot the Linux DVD to run in trial mode. It will load Linux into the system RAM (takes a while). many antivirus programs have a Rescue Disc that boots linux and scans from there. Consider a hardwired, or household wiring network instaed of Wifi.
Run a scan with Malware Bytes Anti Rootkit. It's a free beta.
I ran like this (Linux DVD no HDD connected) for a couple years. When I would boot Windows on my HDD to get some files I would see the Python scripts trying to load. So even Linux live DVD was getting hacked, but they can't load a damned thing. Each reboot is a clean OS install. I was definitely being hacked by someone who knew what they were doing. These are the things that worked for me.
To buy things online try calling customer service to give your credit info. You can also buy a gift card for the amount you need at Home Depot or any other store to make purchases. The card number will be useless after each purchase.
All of these things are inconvenient but they do work.

 

[Kimberp]

Get, or make on a neutral computer a Linux live DVD. Linux magazines usually come with one. I've seen BOA hacked so bad...

Thank you. I will start with Malware Bytes right now... I will then need a stiff drink to digest the severity of the scenario you've just laid out.

 

[william p]

FWIW-I found $5000 worth of night vision rifle scopes in my shopping cart at ebay, and my shipping adress changed. So be sure and close that loophole.

 

[Kimberp]

FWIW-I found $5000 worth of night vision rifle scopes in my shopping cart at ebay, and my shipping address changed. So be sure and close that loophole.

SMH I'd say you were joking but no one can make this stuff up.
I took care of it and also malwarebytes came up clean (phew).

 

[william p]

Amazon saves your billing info. and forces a password on you. I clear out my billing info. at each sale.
I had the advantage of knowing who was doing it. The minute I gave his name to the police about the sniper scopes all hacking ceased.
But you're right. If I could make up stuff like that I wouldn't be writing for Tom's Hardware!

 

[mdd1963]

Did you use a password manager (LastPass, etc) that perhaps used a logon/password in common with a compromised account? Given one email/password compromise, many will try that login/password with other accounts...and often quite successfully.

Of course, if a non-encrypted file was used to store various passwords was compromised in a cloud storage account, then the 'keys to the kingdom' were thrown up in the air....

And on should always be suspicious of the offer to let you login to/create a new account by logging in 'via Google or FB'....

Get on an uninfected system, and once you've changed everything... use LastPass....

If one has a system commonly used by teens, risk of infection goes up several times over...(they love to live by the addage... 'when in doubt...click ok/yes/ accept'! I'd not use a comptuer used by teens for any sensitive shopping/banking, etc... Get a bootable Linux Live USB flash drive....

 

[Spying On My Keystrokes]

1) If you haven't already, make a list of every account you've used on that machine, and send both an email and a paper copy letter to their Security/Fraud department letting them know your accounts may have been compromised and they should use all due diligence to prevent any forms of theft or fraud going forward, and ask for their assistance in establishing new accounts with new numbers or usernames wherever possible, possibly with a brand new email address. I'd consider doing this at a computer you know has updated virus software and secure connection (not over Wifi). Send the paper copy as well in case you lose access to an email address and evidence that they were notified at a specific time and date. Include the date at which you suspect the hacking first occurred, mention other account breaches. Keep a paper copy of everything you mail, as well as a journal of steps you have taken as instructed by Security and Fraud Departments.

DOCUMENT EVERYTHING
It takes far less time than you'd think to document everything as you're doing it, and if you ever wind up in the middle of a financial fiasco related to this stuff, it will save countless hours of pouring over records to try and determine, remember, or most importantly PROOVE what you did and when. I suppose you could be in the middle of refinancing a mortgage a few years after something like this, and come up against some credit ding that was never removed, but related to hacking an fraud and the quicker you can solve what it was, the easier to get things going.

2) On every email address, make sure 2-step verification is enabled, and regularly verify YOUR phone number is in the account settings and no others. I lost a Facebook account one time and suspect my account was hacked and the phone number became changed, making the option to receive a text and reset the password useless.

3) Start the to-do list by battening down the hatches - shore up every account that requires a password login, Sort out the accounts that can incur large purchases or losses, and work on those first.

4) With your home computer, if you feel fairly certain there's a chance it was compromised, I'd make a copy of all your personal files onto another drive (a USB external drive) and then either take it in to a Geek Squad or similar Local shop and ask them to wipe everything and re-install the Operating System.

This is not a bad time to also update the Operating System, and if you have several computers on a home network, you might get a bundle deal on the OS somewhere. Os's expire over time anyway. You can wipe the OS yourself, but I'd make sure you know how before starting. Also have them run best possible virus scans on the data you backed up onto the external storage device.

From my experience, you're better off just wiping everything out and upgrading if possible, because hackers may be utilizing a vulnerability from an older Operating System that has been discovered and fixed, and by just erasing and re-installing the hard drive contents, you leave no room for detection error or omission by any anti-virus software. The time it takes to do this is usually the same or less than running endless scans. If you find a virus, it can still be a difficult, lengthy process to remove it. You'll have to set up program preferences, etc. again, reinstall all programs and virus software and update the virus software manually if need be after reinstalling the OS.

DO NOT COPY ANY OLD FILES FROM THE EXTERNAL DRIVE ONTO THE FRESH INSTALL without scanning those contents first, and I might not even plug the external drive in without scanning it on another computer first. The IT shops probably have a way to, "eliminate," a virus that can transmit at initialization of the external drive.

5) Notify the FBI's cybercrime division (ic3.gov)

6) Write or call your US House and Senate members and suggest they support a Hack-Back Bill, like the one submitted by Graves (R) Georgia. (This is non-partisan)

It would allow software and operating system companies and providers the legal ability to counter-hack Hackers. We need to mess those parasites up big time, and our top-tier IT and Programming guys should be allowed to show these Hacktivists and Fraudsters what the Alpha Dogs can do to THEM.

Cybercrime is projected to reach $6 Trillion in losses in 2019. Not sure if that's in 2019 alone or as a total to date. Either way, that's a huge loss every consumer is having to eat.

Those are my suggestions. I haven't been in IT for a while, but I think that's a pretty good list to start with. Hope it's helpful.

 

[william p]

Reboot Restore RX can be useful. It reverts your HDD to it's previous state with every reboot. You'll need to manualy refresh the drive image for Virus, and Windows updates. I have had rootkits get through it though. Depending on what you use your computer for it may not be suitable. It is used for public access computers to undo whatever has been done.
I simply refuse to use social media.