ARGH! Hacked?

[nhut]

This is the right forum, right? Dad's shown me December's broadband bill... and it's not pretty. 20GB or something, coming to a mere....... $4000!

I don't know what happened. Usually usage is around 1.5-2.5 GB per month, which I thought was pretty heavy usage. What sort of thing could use up this sort of bandwidth? I haven't downloaded 20 divx movies or anything, which is about the only thing that I can think of that could use up so much. Haven't done any online gaming. I?m fairly sure that I?ve disabled uploads on Kazaa, but I?ll have to check. I somehow doubt my sister downloaded several gigabytes of songs.

The other not so nice possibility is that we've been hacked... yes, we've got no software firewall, I thought that our Nokia router would do the job, but that doesn't stop tro:(ns. :( Norton Antivirus is installed on both computers, however, so that discredits that theory a bit, I guess.

Dad asked for daily usage, and Telecom [who run the only real broadband available in New Zealand] have emailed an unhelpful excel spreadsheet coupled with an equally unhelpful message saying that they "suggest we find the cause of this high usage.? Thanks for the tip.

The spreadsheet shows not a daily usage, but "periods of high activity" according to their email. It seems that 20.7 GB (!) was transferred from 24/11 2:43 ? 6/12 16:11. That?s as detailed as the spre:(sheet is. :( I find it a bit odd the internet would be used at 2:43 AM, but I doubt that?ll be enough to convince Telecom.

Help.:(

[forster]

Looks like it :/

Really shows that those firewalls come in handy :pinch:

[CloudEngineer]

Theres no weasling out of this one. How ever it happened, even if its not your fault your responsible and have to pay the money.

Sorry to say

[MxxCon]

it's possible it's screw up at isp end.

does your router keep any type of stats?

can your isp tell you what ports were most used?

scan your puter w/ antivirus with latest db, scan for spyware, scan for trojans, check what ports are open..

look over your contract very closely, if worst comes worst, possibly hire a lawer...after all $4k is not a pocket change

[Qarth]

Do you use a wireless connection?

[uniacidz]

1. Run another antivirus. TrendMicro Housecall. Free online scanner.

2. Is your Windows fully patched? This i need to know.

3. Have you checked your system for the HD size at all? Like is there a amount of data that is not usual? Like 20 gig worth, or even a smaller amount.

4. Check the event logs. If your system was online at the times mentioned, it will show in your system.)see attachment etc) Also, you can export the logs into a text file in which shows you the times in which you were online etc.

5. Check cookies, temp net files. Someone in the household may have been checking streamed porn at the time(dont discount it) or streamed music etc and the web sites may still be in the system. These suck(literally) alot of bandwidth.

6. If all is in the clear, then you may have to speak to Telecom and negotiate with them. Their billing may be incorrect(which they will strongly deny) and/or they ****** up.

[CloudEngineer]

If all they have shown are periods of high activity and no daily usage stats i doubt they will give him [or even have] more info.

[nhut]

Hiring a lawyer might not be necessary... my dad is one. :D And he said he's not paying it until and unless what the hell happened has been straightened out.

Windows on both PCs is fully patched. All ports closed (passed ShieldsUp @ grc.com with 100%). Scanning for viruses and spyware at the moment. I should mention that this is 20GB downstream traffic, so it can't be Kazaa or any other file sharing proggies. Sadly, our crappy router doesn't seem to provide dsl usage statistics, if it does, it's hidden amongst a lot of technical jargon. A decent DSL router would have been useful. :(

I should also mention that the hard drives of our computers are 20GB and 40GB respectivly and wherever that 20GB went, it doesn't seem to be on either of the computers. Not that I'd know where to look.

Looking at event logs won't work I think, as our broadband is the 'always on' type, and our main computer is on 24/7 because the power button is broken and it's a nightmare to start.

We DO have a wireless network, however. And I know that our neighbour also has a wireless network. But considering he helped us secure it in the first place, I doubt it's him. I could always go and interrogate him however. :ninja:

[KC]

Maybe its not your neighbor, is it possible some on a war drive found your network and came back for more? Best soultion I can think of that or another one of your neighbors, bought a laptop with wireless, ran a scan and used your network, with/without knowledge of what they where doing.

I am leaning towords a unsecure wireless network, or someone did something they don't want to fess up to.

[nhut]

Maybe its not your neighbor, is it possible some on a war drive found your network and came back for more? Best soultion I can think of that or another one of your neighbors, bought a laptop with wireless, ran a scan and used your network, with/without knowledge of what they where doing.

I am leaning towords a unsecure wireless network, or someone did something they don't want to fess up to.

The wireless lan is secured with WEP or whatever, though. I suppose it's possibly someone worked out the WEP key, which isn't a nice thought. Does WEP key cracking (that sounded odd) happen alot?

[KC]

Well a quick google search yeilded this this . Nothing is secure.

[CloudEngineer]

I'd go question your neighbour

[technics]

hmmm... looks like you need a better router and maybe another antivirus/scanner program, and yea ask your neighbours.. you never know what neighbours can do, when i was living in middle east my neighbours used to steal our sattelite channels, and we didnt even find out for a month.. at that time there wasnt alot of security as there is now with needing a card etc.. but you get my point anyway dont you :)

[configure Veteran]

I'd go question your neighbour

No one is going to admit it though, specially if he helps securing the system in the first palce :/ Well, give it a go, see if you can pick anything wrong when you tell him what happened.

[perochan]

Bring your dad with you when you go talk to your neighbor O_O you never know if he might be a fat dude with beer stomach ready to jump you if he thinks you are accusing him for stealing or something.

[markus]

Your wireless router should have a simple logging page that tells you from where wireless logons where made!

[uniacidz]

If your neighbour secured it, he may have left a hole opeb for himself. Dont discount that.

Also if on a wireless as before mentioned, its not fullt secure and someone may have got in.

Hope you find the solution.

[tomwarren Veteran]

You'd be suprised how easy it is to get WEP keys. Funny how many you can get inside of London as well. I'd be careful with that wireless device :s

[Boogiman]

Do you have a wireless network connection. If so, i hope that u have a securety on it of some kind becaus anyone can tapp your connection with the right software. I do it at school all the time :shifty: to bypass the spyware of my teachers.

Greets Boogi

PM me for more info if you want.

[xerox]

Do you have a wireless network connection. If so, i hope that u have a securety on it of some kind becaus anyone can tapp your connection with the right software. I do it at school all the time :shifty: to bypass the spyware of my teachers.

Greets Boogi

PM me for more info if you want.

:laugh: :laugh: :laugh:

It helps to read the whole thread before posting, ya know ;)

[john smith 1924 Veteran]

LOL!

Again, i'd retiterate what creamy said. It's possible he's doing you from behind. Why dont you create some wireless problem, get him "to fix it", and see what exactly he does?

[Jason the Eighty Eighth]

it would be cool if you can steal data using a wireless network. i would steal movies, music and porno from the people living next to me :D :D

seriously though, you should ask your ISP for a printout of your daily usage history, including uploads. i believe all ISPs are legally required to keep this data. look for any patterns (i.e first day you download 1.5Gb, second day you download 200Mb, third day you download 1.5Gb). that would surely tell you there is a virus on your computer.

also, surely you would have noticed your harddrive being quickly filled up. if not, then your ISP is crap and made a mistake.

thirdly, assuming that download size is simply due to you uploading, it is rather impossible. i've read that once you upload, 20% of that upload will contribute to your download size, due to ACK packets being sent back to you, hence downloading those packets. in simple terms, if you upload 100Mb, you would have downloaded 20Mb. that means assuming you download a maximum of 2.5Gb a month, and this month you mysteriously downloaded 20Gb, that means you would have uploaded (20 - 2.5 * 5) = 87.5Gb.

[mark03]

someone's been downloading pr0n... ;) :laugh:

[poind]

That's a *LOT* of use in a relatively brief period.

Don't know what all NZ's laws are (or what would justify such a bill even if such use occurred), but, if you're sure no one on your end knowingly did such things, keep hammering the ISP for each and every bit of info that shows this even happened.

For a bill like this, it's their court burden to prove this was your knowing fault, generally speaking, assuming there's even something in place that allows them to make such charges. Those are *huge* charges even *if* one uses the internet so massively.

[slysy]

take steps to secure your network

1.Change the WEP key often

2.Disable brodcast SSID

3.Choose a unique SSID (not the default - use symbols numbers and letters)

4.Change the password for the settings on your router from the default

5.Enable wired access to router setup only (if available)

Following these steps will greatly increase the security of your wireless network

Edited January 16, 2004 by slysy