Hacker problem

Idris_PIdris_P CaliforniaMember Posts: 47
10 Comments 5 Likes Name Dropper Photogenic

I have a hacker problem and he keeps connecting this device to my router from a remote location Mac address is 78:F2:9E:60:22:48 and has also changed his Mac address to the following,78:F2:9E:60:22:50/also 00:05:04:03:02:01/also DA:A1:19:61:89:9E. Fingbox did not alert me to this device only until I did several vulnerability scans nor did it block the device as it says it should.How do I stop this hacker from getting inside my network?


Best Answers

  • vulcansheartvulcansheart Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    Accepted Answer
    I noticed you're connected to "Xfinity" WiFi. Is it possible you have an unlocked SSID? Comcast uses the default "Xfinity" SSID for their nationwide hotspot coverage using home/business routers. These devices that you see connecting are probably nearby devices that are legitimately connecting to the open hotspot network. Check your address on this map and see if you are listed as an open hotspot:


    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
    CiaraneJony
  • vulcansheartvulcansheart Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    Accepted Answer
    @Guest159 You stated that you have been dealing with a specific individual that has followed you to a new location, and continues to gain access to your WiFi? If this is in fact true, then you simply need to step up your game. Please visit this thread for some assistance in hardening your home network

    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
  • vulcansheartvulcansheart Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    Accepted Answer
    @Brettly61, you seem to have had some troubles of your own as you've posted on several other discussions here. Would you like to begin your own discussion so perhaps the community can assist?
    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
    Idris_P
  • KomoKomo Posts: 30
    10 Comments Name Dropper 5 Likes Photogenic
    ✭✭
    edited December 2019 Accepted Answer

    um yea! it definitely does sound like he has a mental illness! He sounds like some kind of sick sexual deviant.

    Idris_P

Answers

  • Idris_PIdris_P CaliforniaMember Posts: 47
    10 Comments 5 Likes Name Dropper Photogenic

    Thanks for your response @vulcansheart.I bought my own router after buying fing.So the hotspot functionality is not enabled.the Mac address starting with 00:05:04:03:02:01 has been mysteriously appearing on several different routers.when I received my fingbox and activated it that Mac address and along with the ip I clicked watch.So when I bought my new router and connected it and applied fingbox,fingbox alerted me that the device was in range.so low and behold I happen to see the person that I suspect of hacking my router on his motorcycle and sped off after I blocked the device.

    T_I_75Hronos
  • pwmeekpwmeek Member, Beta Tester Posts: 131
    100 Comments 100 Likes 5 Agrees 5 Awesomes
    ✭✭✭
    <snip>. Check your address on this map and see if you are listed as an open hotspot:


    That map is seriously incomplete. I can see a half dozen open "xfinitywifi" hotspots in nearby apartments which are not shown on the map. I would not depend on this map to check whether my own Comcast modem/gateway/router/wifi box was open or not.
    --Pete
    Bon Vivant and Raconteur
    Idris_P
  • OrangeBucketOrangeBucket Member Posts: 16
    10 Comments First Answer Photogenic
    edited December 2019
    A brief trawl suggests 00:05:04:03:02:01, which I believe tends to be associated with x.y.z.254 addresses (varying with your configuration), is normal for your brand of router. I saw it suggested that it is associated with the ability to plug in a POTS analogue phone to use with VOIP. Does that make any sense in your case?

    With regard to the other addresses: 78:F2:9E:60:22:48/50 are assigned to Pegatron (the other address is a Google device) and could easily be a pair of interfaces on the same device. For example, some devices use different MAC addresses for 2.4G and 5G Wi-Fi. Have you definitely eliminated everything you own? Nothing with anyway similar addresses? Remember that it doesn't have to be configured for IP. For example I have a Wi-Fi extender that my router shows as connected that doesn't have an IP address associated with that MAC, but does with a virtual version of it. Nothing like Powerline adapters or anything floating around doing their own thing?

  • Idris_PIdris_P CaliforniaMember Posts: 47
    10 Comments 5 Likes Name Dropper Photogenic

    @OrangeBucket Every device that is mine I have on file.If I ever get a new device I first take down the information properly.When I connect the device I then make sure everything is accurate.I am the only one who uses my network and only have 3 devices connected.A smartphone,fingbox and my ps4 excluding the router Mac addresses for 2ghz and 5ghz @OrangeBucket I respectfully appreciate all your input on this matter.

    As far as Mac address 00:05:04:03:02:01 disappeared after buying a new router and it never reconnected,it showed as in range and alerted me.I then blocked the device and that was when I was 💯% sure that the device was in no way associated with my router.Everytime I would change either my router password, SSID name etc the same individual will drive back into my neighbor Hood and park within range and do his dirty work.I will go outside and then the person will hurry and speed off so that I can't catch him.

    When I lived at another location I dealt with the same situation and most likely the same individual.And repeated random devices would connect to my router within ten min after changing all passwords.I always had the hotspot disabled while using an Xfinity router.

    T_I_75
  • vulcansheartvulcansheart Member, Beta Tester Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    pwmeek said:
    <snip>. Check your address on this map and see if you are listed as an open hotspot:


    That map is seriously incomplete. I can see a half dozen open "xfinitywifi" hotspots in nearby apartments which are not shown on the map. I would not depend on this map to check whether my own Comcast modem/gateway/router/wifi box was open or not.
    You disagree that there is value in knowing if your wireless network is a published hotspot? It's good that your neighbors aren't on the map. The less accurate it is the better if you're trying to stay hidden...
    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
  • nakedpwrnakedpwr Member, Beta Tester Posts: 2
    First Comment Photogenic

    vulcansheart - hey man that was actually really good read!

    CiaranvulcansheartHronos
  • pwmeekpwmeek Member, Beta Tester Posts: 131
    100 Comments 100 Likes 5 Agrees 5 Awesomes
    ✭✭✭
    pwmeek said:
    That map is seriously incomplete. I can see a half dozen open "xfinitywifi" hotspots in nearby apartments which are not shown on the map. I would not depend on this map to check whether my own Comcast modem/gateway/router/wifi box was open or not.
    You disagree that there is value in knowing if your wireless network is a published hotspot? It's good that your neighbors aren't on the map. The less accurate it is the better if you're trying to stay hidden...
    No, I said that using this incomplete map is not an accurate way of detecting whether your own Comcast modem/WiFi is a public hotspot. I certainly believe that you should know about your own network; just that this map does not tell you the condition of your own Comcast Modem/WiFi.
    --Pete
    Bon Vivant and Raconteur
  • vulcansheartvulcansheart Member, Beta Tester Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    edited December 2019
    Edit*
    Comment double-posted for some reason.
    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
  • Idris_PIdris_P CaliforniaMember Posts: 47
    10 Comments 5 Likes Name Dropper Photogenic

    Thanks for the feedback @vulcansheart and others.

    I thought I was stepping up my game in a way by purchasing my own router and purchasing a fingbox because it stated that it stops hackers.All steps to harden my network I took a while back.Making sure my firewall is up etc. Disabled upnp and disabled WPS change default password to a strong password with the full amount of characters it will allow.Not broadcasting my wifi name with a string password.

    This individual is bypassing everything and is going straight to the router and then attaches a device to it and then routes my traffic to him.

    Then I start seeing altered webpages and content that I am not even looking for.I don't save passwords to browsers anymore and only way I noticed to prevent entry is to constantly changing the router password or simply turn off my router when I'm not using it.

    I believe this person will and at any means research any router I purchase and any device for defense will search and find flaws either a webpage itself,app and device.

  • Brettly61Brettly61 Member, Beta Tester Posts: 5
    5 Likes First Comment

    I wanted to comment on this guy’s hacker problem. I’ve been in your shoes. For over 14 months, I was plagued with a hacker. I had one of Xfinity’s Arriss routers’ completely comprised by a hacker. This punk, I assumed based on the hours etc he was active that he was a student in or a neighborhood kid. He locked me out of my own router changed the passwords and hardened the firewall. And he erased the Bios on my laptop somehow costing me a new computer

    When the Comcast guy brought me a new router, he basically confessed that simple HomeNetworking is full of local area hackers trying to get your bitcoins and credit card numbers. Over a year later, and some very active vigilance on my part, the creep went away after he stole my credit card number and rang up a bunch of apps at the App Store.

    I just have had be thing to say to young people that this is not a game. It not ethical hacking. It’s criminal. And i am keeping logs and and running zenmap and wireshark and narrowing down where you live. And I was less than 30 meters - in any direction- close to catching a criminal who stole from me, trespassed onto my virtual property, changed my setting and cost me a lot of sleep.

    These hackers need punishment and the ISP’s of the world need to stop brushing the Home Networking customers off.

    I hope it goes better from here

    Idris_PBoombiesKomoVABelle
  • VABelleVABelle Member Posts: 48
    10 Comments 5 Likes Name Dropper Photogenic
    ✭✭

    Same here & it’s been going on for years. I’ve moved 3 times and it’s only a matter of days before Hacker is back in, although in my case it’s not to steal credit card information. I have found tiny holes drilled in the bathroom & bedroom; security cameras turned off & on, and footage even erased. Sometimes he goes into my accounts & turns off auto-payments, or changes admin passwords; turns off the notifications on my apps like Xfi and even hacked my security system apps and turned the alarm off. The police won’t (or can’t) do anything without proof or evidence. The only thing I can think is the dark web is teeming with equipment that breaks through most security measures and only the most astute Geek Gods can keep them out. It’s a game, an adrenaline thrill, a challenge for the diabolical genius hackers who make destroying other people’s lives their main goal. Maybe it’s a club where they have challenges and contests, and share their methodology. They probably take a blood oath.

    ISPs need to do more to protect their customers, that’s all. The Fingbox is a good start but more needs to be done.

    Komo
  • KomoKomo Member Posts: 30
    10 Comments Name Dropper 5 Likes Photogenic
    ✭✭

    I am going through the same issue. It is very easy to change a MAC address and the attacker can also be using YOUR MAC, especially if you have whitelisting rules. They can easily clone your MAC. Your computer and devices can be used to scan others in your area. So can your neighbor’s computer, etc, etc. These are pivot attacks. Network security is only part of the issue. It will not solve your problem until you thoroughly check your systems and start beefing up End Point Protection.

    It is very possible that the reason why you see browser history that you didn’t do, is because the hacker is creating false TLS certificates which will allow them to downgrade HTTPS connections to HTTP- which will make data unencrypted and easier to read. It will be clear text. They will do SSL tunneling to achieve this. So definitely disable IPv6, set up firewall rules on all ports that are known to use HTTP is a start.

  • KomoKomo Member Posts: 30
    10 Comments Name Dropper 5 Likes Photogenic
    ✭✭

    Idris the good news is you aren’t alone, but bad news is, I don’t think moving or getting a new ISP or exchanging routers will help. The attacker has managed to gain persistent access to you. Hopefully it can be resolved quickly and easily. When hackers hone in on a target they do Recon, reconnaissance first. They want to get info on the target. The more they can find out, the better. Next, they start finding vulnerabilities. This can be a thousands of different exploits based on servers, email providers, your make and model of phone/ computers, etc. There are lists that are updated daily that show steps on how to exploit vulnerabilities that are specific to hardware and software. Once they’ve found an exploit they will gain access. The first level of access might not necessarily be any form of privilege escalation, but it could be only a matter of time before they obtain those rights. The objective is to remain “stealth” and go undetected. They don’t want the target to be aware they have been compromised. Once privilege access has been granted, the next goal is to maintain their connection to the target. Persistence. During this time, your data is being dumped, they are stealing credentials, spying, using bandwith , whatever their intent was...they are doing it. Next depends on how bad the hacker is. Yes, being hacked in the first place is bad. But there are levels to hackers. A grey hat will hack and steal things. But a black hat destroys and has malicious intentions.

    So that leaves the finale’

    When will the hack stop? When you break the connection or does it stop because they are done with you? In some cases, it might not be safe for you to try to remove the hacker. There is a possibility that they’ve laid traps and the code they’ve injected is set to destroy everything if you try and mess with it. This is why in forensics they copy data in “read only” permissions so it doesn’t disrupt malicious code that can set off bombs. It’s also to preserve evidence and maintain integrity of data for inspection.


    Some people say there are 5 levels to a hack, some day 7. Regardless of any of the above, you should definitely back up everything you can. Use encyption.

  • KomoKomo Member Posts: 30
    10 Comments Name Dropper 5 Likes Photogenic
    ✭✭

    Also, let me say just one more thing. Sorry my response is a bit winded. But to people peoples minds at ease, MOST of this type of hacking doesn’t require the attacker to be close to you. They can be halfway across the world and get on your network, never even stepping foot in the country. They can get Remote Desktop access, connect to you thru FTP or SSH, they can compromise your devices- so if your devices are infected then your network can be easily compromised. And they don’t wait around all day and fire off a bunch of commands when they see you online. They continue their day and view logs when they feel lIke it. Adjust their code accordingly to what they see and what they want.

    Remote hacking is not a users fault. ISP want people to think it’s someone close by causing the chaos because it takes a lot of accountability out of their hands.

    Many hacks nowadays don’t require that the user did anything wrong at all. That a user didn’t click on anything or visit a malicious site.


    just something to think about.

  • Idris_PIdris_P CaliforniaMember Posts: 47
    10 Comments 5 Likes Name Dropper Photogenic

    In response to your comment.Wat you just described isn't what I have been experiencing.When I change my IP for instance I've visually viewed the hacker returning to his favorite parking spot to then again obtain the information needed.Ive also have him recorded now on video.

    Wat I've learned to do is manually change the routers IP address and sit and wait for this hacker to return.Not to mention I have a neighbor who lives on the street where he/hacker parks his black 2 door mustang or when he rides his all black motorcycle also lets me know of his arrival.

    Hackers might be able to do what you have stated but this hacker is not that advanced.This hacker does sit at home and monitors what website I go to and wat I view online.Steals my passwords,alters webpage content etc etc a few ddos attacks here and there etc etc.This hacker is obsessed possibly suffers from various mental disorders.Possibly feels that he has every right to be an internet spy,a internet peeping Tom.

    Komo
  • Idris_PIdris_P CaliforniaMember Posts: 47
    10 Comments 5 Likes Name Dropper Photogenic

    The main thing this hacker does and is interested in,is wat porn I'm watching.How sick is this hacker.What grown man has a high interest concern of what another grown man is watching on the internet?

    Nothing I do on the internet is illegal and I do not engage in illegal activity and will not engage in anything illegal on the internet.I do my best and practice safe internet usage.And as far as going to the website and learning to do wat he is doing to do back at him,I will have to pass on that.All I'm trying to do is maintain my privacy and internet privacy for me and my child.This hacker wants to keep invading that.

    Komo
Sign In or Register to comment.