Overclock.net › Forums › Software, Programming and Coding › Networking & Security › I was hacked through TeamViewer - Now what?
New Posts  All Forums:Forum Nav:

I was hacked through TeamViewer - Now what? - Page 3

post #21 of 54
For what it's worth, TeamViewer's users have been targets of several kinds of attacks for a while. I guess people finally realized what a powerful tool it is.

I usually get 1-4 e-mail notifications that a user on TeamViewer has added me as a contact... daily.
I never accepted a single one because common sense dictates that any contacts would also be able the access the machines you have in your list, and after checking it most certainly seems so.
Please be on the lookout for any contact requests and make sure to decline them.
There is also a two-factor authentication option available and I urge everyone to implement it, especially if you have other machines in your list.


Edit: on the subject of install/uninstall - why not simply run it portable? Download the setup and select the Run Only.
You will have to communicate this to the other side, too, but even non-tech-savvy users will know what to click. (Speaking from experience here)
Edited by fragamemnon - 5/26/16 at 11:50pm
MEGATRON
(17 items)
 
GIGATRON
(10 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen 7 1700 Crosshair VI Hero Gigabyte RX 580 2x8 G.Skill Trident 3200 CAS14 @ 3466 CAS14 
Hard DriveHard DriveHard DriveCooling
2x1TB WD Black RAID 0 3TB WD Red Samsung 840 Evo 250GB Stock... hue hue 
MonitorMonitorMonitorKeyboard
Benq XL2411Z Dell U2412M Dell U2412M KBC Poker II MX Clears 
PowerCaseMouseMouse Pad
FSP Aurum PT 1200W Thermaltake Core X9 Mionix AVIOR 7000 old school Razer Goliathus 
Audio
Aune T1 -> Yamaha A-720 -> Sennheiser HD650 | S... 
CPUCPUMotherboardGraphics
Intel Xeon E5-2650 v4 @ 2.00GHz Intel Xeon E5-2650 v4 @ 2.00GHz SuperMicro X10DAL-i nay 
RAMHard DriveCoolingOS
2x8GB (for now) Kingston DDR4 @ 2133MHz/C16 Samsung 840 120GB EK-Vardar F4 on an Arctic Freezer i11 Ubuntu Server 16.04 
PowerCase
SeaSonic SS850-AM overrated 
  hide details  
Reply
MEGATRON
(17 items)
 
GIGATRON
(10 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen 7 1700 Crosshair VI Hero Gigabyte RX 580 2x8 G.Skill Trident 3200 CAS14 @ 3466 CAS14 
Hard DriveHard DriveHard DriveCooling
2x1TB WD Black RAID 0 3TB WD Red Samsung 840 Evo 250GB Stock... hue hue 
MonitorMonitorMonitorKeyboard
Benq XL2411Z Dell U2412M Dell U2412M KBC Poker II MX Clears 
PowerCaseMouseMouse Pad
FSP Aurum PT 1200W Thermaltake Core X9 Mionix AVIOR 7000 old school Razer Goliathus 
Audio
Aune T1 -> Yamaha A-720 -> Sennheiser HD650 | S... 
CPUCPUMotherboardGraphics
Intel Xeon E5-2650 v4 @ 2.00GHz Intel Xeon E5-2650 v4 @ 2.00GHz SuperMicro X10DAL-i nay 
RAMHard DriveCoolingOS
2x8GB (for now) Kingston DDR4 @ 2133MHz/C16 Samsung 840 120GB EK-Vardar F4 on an Arctic Freezer i11 Ubuntu Server 16.04 
PowerCase
SeaSonic SS850-AM overrated 
  hide details  
Reply
post #22 of 54
If I go to Options --> Computers and Contacts (or something like that, I'm using Dutch version) I can see the 2-way authentication "link" but it is grayed out so I cannot select/click it... I'm on free version. Do you have to buy it to enable 2-way???

   
Main Laptop
(13 items)
 
CPUMotherboardGraphicsRAM
i7 2600k 3.4GHz @ 5.2GHz ASUS P8P67 Deluxe (B3) SLi ASUS GTX780Ti DC2OC 16GB (4x 4GB) Vengeance 1866MHz @ 2133MHz 
Hard DriveHard DriveHard DriveHard Drive
C: Crucial MX200 250GB D: Caviar Black 2TB E: Spinpoint 750GB F: Raptor 150GB (Ubuntu 12.04 Dual Boot) 
Optical DriveCoolingOSMonitor
ASUS BD Thermalright Silver Arrow Windows 7 Ultimate 64-bit Asus PB278Q 2560x1440p 
KeyboardPowerCaseMouse
Logitech G11 Corsair 1kW Antec 1200 Logitech G600 
Mouse PadAudio
A4 paper :D Logitech Z-5500 
CPUMotherboardGraphicsRAM
Q9450 (2.6GHz to 3.8GHz) ASUS 780i Striker II Formula ASUS GTX 470 8Gb (4x2Gb) Dominators 1066MHz DDR2 
Hard DriveOptical DriveOSMonitor
C: Crucial M4 256GB D: 1x Raptor 150Gb & E: + F... ASUS DVD + DVD(RW) Windows 7 Ultimate 64-bit ASUS 26" 1080p 
KeyboardPowerCaseMouse
Logitech Corsair 750W Antec 300 Logitech G5 
Mouse PadAudio
A4 paper :D ASUS Cine5 
CPUMotherboardGraphicsRAM
Intel i7 something something ASUS N750JV nVidia 750M 2x 4GB DDR3 1600 Kingston 
Hard DriveOptical DriveOSMonitor
C: Crucial MX200 mSATA 250GB + D: WD 1TB 5k4 E:... DVD-RAM DL C: Windows 7 64-bit, E: Linux Elementary OS Luna 17" 1080p 
Mouse
ASUS Optical USB 
  hide details  
Reply
   
Main Laptop
(13 items)
 
CPUMotherboardGraphicsRAM
i7 2600k 3.4GHz @ 5.2GHz ASUS P8P67 Deluxe (B3) SLi ASUS GTX780Ti DC2OC 16GB (4x 4GB) Vengeance 1866MHz @ 2133MHz 
Hard DriveHard DriveHard DriveHard Drive
C: Crucial MX200 250GB D: Caviar Black 2TB E: Spinpoint 750GB F: Raptor 150GB (Ubuntu 12.04 Dual Boot) 
Optical DriveCoolingOSMonitor
ASUS BD Thermalright Silver Arrow Windows 7 Ultimate 64-bit Asus PB278Q 2560x1440p 
KeyboardPowerCaseMouse
Logitech G11 Corsair 1kW Antec 1200 Logitech G600 
Mouse PadAudio
A4 paper :D Logitech Z-5500 
CPUMotherboardGraphicsRAM
Q9450 (2.6GHz to 3.8GHz) ASUS 780i Striker II Formula ASUS GTX 470 8Gb (4x2Gb) Dominators 1066MHz DDR2 
Hard DriveOptical DriveOSMonitor
C: Crucial M4 256GB D: 1x Raptor 150Gb & E: + F... ASUS DVD + DVD(RW) Windows 7 Ultimate 64-bit ASUS 26" 1080p 
KeyboardPowerCaseMouse
Logitech Corsair 750W Antec 300 Logitech G5 
Mouse PadAudio
A4 paper :D ASUS Cine5 
CPUMotherboardGraphicsRAM
Intel i7 something something ASUS N750JV nVidia 750M 2x 4GB DDR3 1600 Kingston 
Hard DriveOptical DriveOSMonitor
C: Crucial MX200 mSATA 250GB + D: WD 1TB 5k4 E:... DVD-RAM DL C: Windows 7 64-bit, E: Linux Elementary OS Luna 17" 1080p 
Mouse
ASUS Optical USB 
  hide details  
Reply
post #23 of 54
Sounds like this is not a Team Viewer flaw but a compromised account username and password. I have looked up my information on https://haveibeenpwned.com/ which is legit to make sure that I change my password for my accounts that have a data breach. Sounds like TeamViewer is just another thing everyone needs to add to the list of things that they should change their password to when there is a new data breach.
SuperMegaPwnsauce
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 4770k Asus Z87-PRO MSI GTX 1080 Gaming X Gskill Ripjaws X 19200 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 500GB SSD BeQuiet! Dark Rock Pro 3 Windows 10 Home 64Bit  Dell S2716DG 2K 144hz G-Sync 
KeyboardPowerCaseMouse
Logitech G910 Orion Spectrum Seasonic Flagship PRIME TITANIUM 650W Fractal Design Define R5 W/ 3 Phanteks PH-F140S... Logitech G Pro 
Mouse PadAudioAudio
PC Gaming Master Race Glorious XXXL Pad & Razer... Creative Sound Blaster Z & Schiit M&M 2 Uber/Mu... HifiMan HE400i & Antlion ModMic 4.0 
  hide details  
Reply
SuperMegaPwnsauce
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 4770k Asus Z87-PRO MSI GTX 1080 Gaming X Gskill Ripjaws X 19200 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 500GB SSD BeQuiet! Dark Rock Pro 3 Windows 10 Home 64Bit  Dell S2716DG 2K 144hz G-Sync 
KeyboardPowerCaseMouse
Logitech G910 Orion Spectrum Seasonic Flagship PRIME TITANIUM 650W Fractal Design Define R5 W/ 3 Phanteks PH-F140S... Logitech G Pro 
Mouse PadAudioAudio
PC Gaming Master Race Glorious XXXL Pad & Razer... Creative Sound Blaster Z & Schiit M&M 2 Uber/Mu... HifiMan HE400i & Antlion ModMic 4.0 
  hide details  
Reply
post #24 of 54
I know of TV but not specifics. I am however familiar with security in general.

What you saw them trying to do is proof positive of how they likely got into your machine. The first thing they did was check paypal, likely hoping you log in automatically or that your password for whatever service they did breach had a matching password. Most "hacks" are really accomplished via social engineering (fake support calls, phishing emails, password transmitted via insecure means, etc). Its also possible the person knows you, likely not a friend but maybe someone who is on your facebook and knows enough about you to make educated guesses at your passwords and knows what services you use.

As others have mentioned uninstall isnt 'the answer" unless you really dont use it or use it very rarely.

You basically started by doing the right thing in changing all of your account passwords.

I agree with the statements of some other people. I would NEVER use a password manager. I have a terrible memory, work in IT, and have more accounts then I could think of all at once. I need to enter 3-4 passwords just to get into my work computer alone. My recommendation is to manually enter all of your passwords. Do not store them in a browser, file, password manager, etc. Also never transmit a password to someone or yourself electronically (email, text, even over the phone). To make this easier use longer but more meaningful passwords. Passwords that are easy for you to remember but hard for a computer to guess. It reminds me of the following. In all seriousness a short sentence that means something to you (and isnt a popular quote) will be alot easier to recall and much harder for a computer to guess like the example given in the comic.



In addition, always make sure your security software is reputable and kept up to date along with other software and the OS. Most people also do not set a password to logon to their own computer, which I recommend you do if you have not already. Also change at least the most important account passwords on occasion (every few months, once a year, etc). This might be services like your main email, paypal, banking, etc. Also do not use the same exact password for any 2 services, or a close variation of a password between 2 services ("pw1" vs. "pw2"). Try to avoid linking accounts (like linking facebook to another service/site)

Check your running processes in Task manager for anything abnormal. Google a process and research it if you think it is suspect. Also check your programs and feature (add/remove programs) to check for any software you did not intend to install or no longer need. Uninstall anything you did not put there or that you do not use.

Also check your router, presuming you use one. Especially if you use Wifi. Make sure you use the strongest wifi encryption your router can, and if its not the current best encryption consider a newer router. Set a strong wifi password and if you typically have friends/family who visit and also connect check to see if the router supports guest networks. A guest network allows them to get internet without getting to your internal network. You also do not have to give them a password you use yourself. Additionally make sure the router firmware is up to date.

If you ever use public/semi public wifi do not use services you login to on those networks. This would range from open wifi to wifi at public places using a shared password. There are programs, even phone apps, that can easily sniff passwords in places like this. I had an app on my Android phone for a while that could do this (though I never used it for this). I primarily used it to kick people off wifi and to replace all images with whatever image I chose. I did this for kicks for a little while but I bet there are plenty of people who turn it into a job just sitting in public places connected and waiting for people to login to accounts while they collect passwords.

While it is convenient to let a computer sleep/hibernate or place it in those states, it is safer to turn it off completely when you are not using it especially in this day and age of having a constant and active internet connection. Especially with more recent hardware and windows startup times are so quick that the difference is pretty small.

These are just the general things I can think of as I am at work, but I hope they help
Edited by Zer0CoolX - 6/1/16 at 1:13pm
post #25 of 54
Thread Starter 
Quote:
Originally Posted by ASUSfreak View Post

If I go to Options --> Computers and Contacts (or something like that, I'm using Dutch version) I can see the 2-way authentication "link" but it is grayed out so I cannot select/click it... I'm on free version. Do you have to buy it to enable 2-way???

Log into teamviewer.com and you can enable it from there! 

Le Main Rig
(17 items)
 
Terrorbyte V2
(17 items)
 
 
CPUMotherboardGraphicsRAM
i7-6700K Asus Sabertooth Z170 Mark 1 Gigabyte GTX 960 WindForce 2X OC G.SKILL Ripjaws V  
Hard DriveHard DriveHard DriveHard Drive
1050GB Crucial MX300 1050GB Crucial MX300 960GB OCZ RD400 1TB Micron M600 
Hard DriveCoolingOSMonitor
1TB WD Blue Noctua NH-U12S Windows 10 Pro 64-Bit BenQ GW2765HT 
MonitorKeyboardPowerCase
BenQ GW2765HT FUNC KB-460 Corsair RM650 Fractal Design R5 
Mouse
Logitec G500 
CPUCPUMotherboardRAM
Intel Xeon L5520 Intel Xeon L5520 SuperMicro X8DTi-F 48GB Nanya 1066MHz ECC RDIMM 
Hard DriveHard DriveHard DriveHard Drive
128GB Samsung 830 480GB SanDisk Extreme II 2TB WD Red 2TB Samung Spinpoint F4 
Hard DriveHard DriveHard DriveHard Drive
2TB Hitachi Deskstar 7K3000 1TB Samsung Spinpoint F3  3TB Toshiba DT01ACA300 Seagate Barracuda 7200.14 
OSPowerCaseOther
Windows Server 2012 R2 Datacenter  Corsair 650TX  Norco RPC 4224 LSI 9261-8i 
Other
Intel RES2CV240 
  hide details  
Reply
Le Main Rig
(17 items)
 
Terrorbyte V2
(17 items)
 
 
CPUMotherboardGraphicsRAM
i7-6700K Asus Sabertooth Z170 Mark 1 Gigabyte GTX 960 WindForce 2X OC G.SKILL Ripjaws V  
Hard DriveHard DriveHard DriveHard Drive
1050GB Crucial MX300 1050GB Crucial MX300 960GB OCZ RD400 1TB Micron M600 
Hard DriveCoolingOSMonitor
1TB WD Blue Noctua NH-U12S Windows 10 Pro 64-Bit BenQ GW2765HT 
MonitorKeyboardPowerCase
BenQ GW2765HT FUNC KB-460 Corsair RM650 Fractal Design R5 
Mouse
Logitec G500 
CPUCPUMotherboardRAM
Intel Xeon L5520 Intel Xeon L5520 SuperMicro X8DTi-F 48GB Nanya 1066MHz ECC RDIMM 
Hard DriveHard DriveHard DriveHard Drive
128GB Samsung 830 480GB SanDisk Extreme II 2TB WD Red 2TB Samung Spinpoint F4 
Hard DriveHard DriveHard DriveHard Drive
2TB Hitachi Deskstar 7K3000 1TB Samsung Spinpoint F3  3TB Toshiba DT01ACA300 Seagate Barracuda 7200.14 
OSPowerCaseOther
Windows Server 2012 R2 Datacenter  Corsair 650TX  Norco RPC 4224 LSI 9261-8i 
Other
Intel RES2CV240 
  hide details  
Reply
post #26 of 54
Quote:
Originally Posted by Sean Webster View Post

Hi all, 

I was up late tonight and noticed that suddenly TeamViewer popped up on the screen while watching a movie on my second monitor. Then I see an incoming connection. I'm like what the heck? Then the person successfully logged on. The user name that appeared was even more shocking, it was my own! Since I was there monitoring what the person was doing, I didn't move the mouse to immediately close the connection, instead I let them continue on their way and they didn't notice. First they went to paypal.com to check if I had an account. Next they went to paypay-gifts.com and proceeded to try to send a $100 iTunes giftcard. Now, I didn't know how quickly they could send the gift after selecting it, so I unplugged my network cable at that moment and closed the connection. I then reconnected back and changed my password, but as I was doing so, they connected again, so I just closed out the connection asap. I finally changed the password and they were immediately kicked off my account.

After this I feel violated! My mom mentioned that she had seen my computer turn on by itself and stuff moving on my screen when I have been away at times and this experience makes me think it could have happened before. I checked my TeamViewer connections log, but it seems, luckily, that tonight was the only night the person got onto my system. Now, however, I am going to have to log into my saved users computers and check their logs for this connection to see if they were violated and potentially at risk as well.

I am wondering if there is any way I could trace the person? I doubt. Or will it do any good to report it to TeamViewer?

But, man, this feels so strange to think how easily someone could have had all my info and I think back to all the times I have left the computer on while I have been away. 

I just changed my passwords and white listed only my laptop and iPhone to log on to my home PC. I should be good now for security I think...

This is the last connection from the "hacker" in my connections log, the rest were definitely me. 
Code:
869248884    MYUSERNAMEHERE    21-05-2016 07:59:44    21-05-2016 08:05:52    Sean    RemoteControl    {6CF499FB-7267-41EA-9D0E-85C4BC2439DA}    
Code:
869248884    MYUSERNAMEHERE    21-05-2016 08:06:46    21-05-2016 08:06:53    Sean    RemoteControl    {8E5E789A-1015-4F83-8FB9-F2D91A6D24E1}    
Code:
EDIT: Actually, after looking through my logs it seems like the person is from China or routed through a Chinese server, I found the IP address to be 
60.179.61.186 as well as another IP of 123.152.22.171


How to check teamviewer log?
I am sure you did not use simple password or same password for something else. Seem like teamviewer was really hacked.
post #27 of 54
In fact teamviewer website was down yesterday, you can see crazy a lot of people claim they got hacked by teamviewer in reddit, teamviewer facebook and twitter. All share similar story like paypal got charged.
post #28 of 54
wonder if this was some sort of large coordinated attack? Tons of people getting their accounts violated at once as well as teamviewer's servers getting DDOSed?

Crazy stuff.

I've used teamviewer a few times to help out family with their pcs but i never have it run on start up or anything like that. I don't even have an account with teamviewer. Shouldn't have anything to worry about right?
post #29 of 54
Quote:
Originally Posted by IMI4tth3w View Post

wonder if this was some sort of large coordinated attack? Tons of people getting their accounts violated at once as well as teamviewer's servers getting DDOSed?

Crazy stuff.

I've used teamviewer a few times to help out family with their pcs but i never have it run on start up or anything like that. I don't even have an account with teamviewer. Shouldn't have anything to worry about right?

Nope, if it's not running, it's not running.

All data points to teamviewer not being hacked, and peoples accounts are getting accessed by the same email/password combo as something else that has been.
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 7820x @ 4.7 GHz Asrock x299 OC Formula MSI GTX 1080 Aero 32GB Gskill DDR4-4000 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Benchmark Dac2 | Audeze LCD-X 
  hide details  
Reply
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 7820x @ 4.7 GHz Asrock x299 OC Formula MSI GTX 1080 Aero 32GB Gskill DDR4-4000 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Benchmark Dac2 | Audeze LCD-X 
  hide details  
Reply
post #30 of 54
Quote:
Originally Posted by Crazy9000 View Post

Nope, if it's not running, it's not running.

All data points to teamviewer not being hacked, and peoples accounts are getting accessed by the same email/password combo as something else that has been.

please read my recent post and give comment. It looked like something of teamviewer was hacked.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › I was hacked through TeamViewer - Now what?