A Cyberheist Subscriber's Own Hacking Horror Story

VNC

Here is a cyberheist subscriber who sent me their own hacking horror story.

"Stu, thought I’d give you one. You can use it if you want. Just make it anonymous. So, being in IT we think we are more secure than most, even though we know the internet is a very scary place. I’m the CTO for a major company, I’m bloody invincible!

Last night I’m relaxing in my recliner and look over at my PC which is in the family room at the desk. I see that apps are opening up and the mouse is moving all over the place with no one sitting in front of it.

For a moment, I sit there bewildered and then realize, I’m watching someone hack my PC. I jump up and grab the mouse to try to shut the PC down and notice my VNC icon is active. We end up fighting for control, so I just power it off.

I’ve installed VNC on the PC and setup a route through the firewall so I can get to my PC remotely. Good idea right? Well apparently, someone guessed my password.
They were on the PC for 29 minutes (found this out after reviewing the event log). Long enough to initiate a $2800 transfer from Paypal to Eduardo Godo with a spainmail.net email address.

Had I not seen it, I probably wouldn’t have found out about it for a few days. The killer here is that we had Paypal setup to remember our ID/password so they didn’t need to crack anything else.

So now the panicked calls to Paypal, Wells Fargo, Barclay. After 90 minutes on the phone, our checking account is cancelled, our credit card is cancelled (they were the two funding sources for Paypal) and Paypal is opening an investigation.

Perusing the event log for VNC server events, I see they have been trying to break in for as long as the log goes back. I notice that about 10 days ago, there was an indication that the password was accepted for access but from an IP address that couldn’t have been me.

However, it disconnected after about 2 seconds. I’m assuming they have a bunch of ‘botted’ PC’s making attempts to get in and when it does, the info gets logged for a human to look at later.

I’m still not sure that the Paypal access was all they did. We’re going to check our accounts daily until we feel secure. Needless to say we’ve gone out and changed our passwords for anything that has to do with money.

I feel so ticked off, mostly at myself for using what was obviously a too simple password that let them get in."

Get the latest facts, news and tools you need to protect your network against cybercrime!

Learn about the most current cybercrime tactics, cyberheist schemes, social engineering scams and ransomware attacks, as well as hints and tips from the pros to help you prevent hackers penetrating your network. If you are frustrated by gullible employees in your organization who regularly fall for phishing attacks that infect your network, this new e-zine gives you the ammo to defend your network against cybercrime.