This happened to us recently. Today the accountant rushed over to me and asked if I could check why our ADSL usage had spiked. Now the reasons for this happening could be related to any of a ton of reasons.
One of them is stolen account details.
Now living in South Africa – with limited bandwidth thanks to Telkom and their cronies – stolen account details can be problematic. If your cap is maxed out you will soon find yourself without internet access, and if this happened to a business it could seriously mess up a person’s day.
So our account details were harvested – somehow – and some guy entered the username and password into his router and was happily surfing the web on our ticket.
The “how” of getting hold of our account details is still a bit of a mystery, since we do not have our details in our routers (which can be compromised) but – ahem – elsewhere. No I will not tell where.
Here is how it CAN be done though:
In our case Jaco and I did the following.
- Got hold of the IP address:
If you are an ADSL user your ISP should provide you with a page where you can see which IP addresses are allocated to your account details. In our case we used the system that the First Tier operator provided us. - Logged into the router.
Now this is where the fun starts. This genius got hold of illicit account details but failed to disable “remote administration” on his router. Long and short of it was that we could access his router, and if we were so inclined completely mess a few things up for him. - Cracked the admin password.
Strike two. Jaco was a bit ahead of me on this one. I tried “admin”+”password”, “admin”+”admin” and then Jaco came through on skype with ‘I’m in, “admin”+”administrator”.’ Rock solid security that. - Check the username and password for PPPOE.
Now here I won’t divulge the complete “how”, suffice it to say that if you think really hard, and apply basic web page troubleshooting knowledge you will be able to easily see what is the password entered into the PPPOE page. I was stumped, but Jaco snarfed it quickly then showed me how. We now had confirmation that this router was using our account details to log in.
So there it was – proof that whoever this was had been surfing the web with our account username and password. We decided not to mess around with the router, but simply changed the account password on our side – I then logged into the account thief’s router and clicked “disconnect” on the “status” page. That ensured that he did not continue surfing on our account – try and log in again, password changed – so sad…
So, how can you stop this from happening to you in reverse? How can you keep your login details from being snarfed remotely?
- Turn off remote administration on your rooter.
Turning this on makes it possible for hackers to remotely access your rooter. - Change the default username and password for router access.
The internet is full of lists of default usernames and passwords for every brand of router imaginable. Change it, and make it hard to guess. - If possible, remove the dial-in details from your router completely.
Use a PC (like a Linux Firewall or such) to run PPPOE through your router. If it is configured properly nobody will be able to access your dialup details. Normally a hacker will not spend any time to figure out where the dialling PC is located on your lan. And there is basically no way that he can get further “in” on your lan than your router if you are a bit wise on security.
So there you have it. Hacking is not necessarily hard, and protecting yourself against hackers should not be hard either. A bit of savvy should do it.
No related posts.
LinkUp (1)
Nathan Smith (1)
Olga Roac (1)
Quintin (1)
Rice Cooker (1)
Ronda Peterson (1)
Sticky Scissors (1)
Top Ten Tablet Re... (1)
Comments
Leave a comment Trackback