Daily Cyber-Harrassment

Started by vongo1ax, July 27, 2023, 03:46:16 PM

Previous topic - Next topic

vongo1ax

 Good evening,
I have been dealing with daily cyberharrassment from some loser in my neighborhood. I do not have a background in networking or cybersecurity. This person is on my network and is accessing my devices from my phone to my PC. This is my parents house so they also have access to their devices as well. So this is a very frustrating situation for me.  They are remoting into my computer and clicking around moving my mouse interrupting my videos. they are making threats by way of interacting with whatever media i am watching example: say someone shoots someone on netflix, they will pause my video to send a message. I need this cowards information to provide to the police. I need to gather identifying information of the user like their IP address and anything else that will allow me to make a report to the police so they can investigate the situation. I have Kali and Ubuntu downloaded in a virtualbox, i have wireshark pcaps of times during the intrusion and i have snort Logs of when they are accessing my pc. I need help in making sense of these logs and determining where the exploits are coming from and can provide these logs if needed. I would kindly appreciate any suggestions and ways to go about getting this information. Let me know what else you would like me to provide

deanwebb

A few questions:
1. Do you think you know who this person might be? If the person lives with parents, a short discussion there might get things to stop, especially if a consequence would be the parents' internet access being cut off.
2. What you describe indicates that you have malware in your system that has opened up a path for an attacker to use. This also means that personal data outside of the harassment is potentially accessible and accessed. This is serious - what antivirus are you running to detect these threats? What applications may have been installed recently that you need to uninstall? What are your Windows firewall permissions and which ones need to be closed off?
3. Reading the PCAP files - you mention the attacker has used remote control on your devices. I would start with a search for RDP or VLC protocols. Any IP address involved that isn't from your home addresses will point to the outsider.
4. HOWEVER, once you have that outside address, you only have the next hop out. The attacks might not be originating from that location - another victim's gear may be compromised and is used as a base to attack you. It may also be possible that your home gear is used as a base to attack someone else. So do NOT do any sort of "hack back" move. Instead, "work back" and find the ISP that owns the first three parts of that IP address and let their abuse team know that you've been hit by something in their range. They've got tools to engage with and stop that sort of thing, and visibility into the network that you'll never have.
5. If you don't see RDP or VLC in the PCAP, look instead for HTTPS sessions that originate from outside your home network. Those are also indicators of where an attack is coming from, and you may be getting attacked from more than one location.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.