almost lost $8000 cause of TeamViewer left opened on desktop

[luv2liv]

so i left TeamViewer overnight. password was simple like ferrari1. and someone was able to log in and took control. i didnt know though cause i left home already. first strange text came in... code 12345 is available for the next 5mins for you to login to paypal. i ignored. suggestfull payment $1000 to OnePLus came in email. then $2k, then another $1k, 2k, n finally $2k is when i got home to get Paypal and notice the mouse was moving!
the pc had MYSMS opened in a browser to receive/send text. all the hacker had to do login to paypal with my password already saved in browser and it was easy as pie. they ordered a bunch of OnePlus phones
Burgeiere, Laurent
4 Rue nicolas leblanc
93200 Saint-Denis
France

Francois, Kabila
4 Rue denfert rochereau
93200 Saint-Denis
France
i opened a Fraud dispute with Paypal already and waiting now. When i called OnePlus, the operator said there's a hold on this order from Paypal already so she cant even cancel the order...i would have to call Paypal myself to do so.

does TeamViewer even have 2fa? how was i targeted and how to prevent?

 

[sdifox]

TV has 2FA. And if you use simple password...

 

[IEC]

Having a text messaging app open on a PC defeats the purpose of 2FA.

Because of Teamviewer having the potential to be used to gain control of a machine remotely, I do the following
1) Enable 2FA to require approval for new devices connecting on the account (I use a separate throwaway email for this, and only login to it from a secure workstation)
2) Use a strong password unique to TV
3) Disable weak/random/quick access passwords

 

[lxskllr]

Dunno, but that password is utter shit. Something like that might be fine for a web forum(you don't reuse passwords, right?!), or other things of little importance, but the keys to the empire should have better security. Your first step should be getting a password manager, and generating better passwords.

 

[IEC]

Dunno, but that password is utter shit. Something like that might be fine for a web forum(you don't reuse passwords, right?!), or other things of little importance, but the keys to the empire should have better security. Your first step should be getting a password manager, and generating better passwords.

Password manager won't help if the machine the password manager is on is compromised. The computer should be considered compromised until proven otherwise due to the attacker apparently having hours to do whatever they wanted on the machine.

 

[lxskllr]

Password manager won't help if the machine the password manager is on is compromised. The computer should be considered compromised until proven otherwise due to the attacker apparently having hours to do whatever they wanted on the machine.

I assume he'll be blowing his install out, and starting new. Unless someone sees me type my password to my manager, it would take a render farm an indefinite period of time to get into my database(which is locked right after using it).

 

[luv2liv]

i just spoke to paypal. and he was able to cancel all. but he wont be able to transfer the money back to bank. money will be sitting in my paypal account until i manually transfer it.

good thing the punk didnt send Gift Money or else thats $8000 down the drain! i have updated this thread title accordingly. hmmmm maybe i should open a new bank account with $100. if i get hack in the future, i would only loose $100

TeamViewer is off now until i sort it out with your suggestions.
now, how to find out if keyloggers or other malware were injected while i was away? i m thinking of just using an older image to restore and be done with that

 

[rh71]

Thanks for the reality check. I should lock down TV better.

 

[Red Squirrel]

Leaving something like Teamviewer open sounds like a bad idea. At least use something that runs locally only like VNC and then setup OpenVPN so you can remote in. Only allow IPs you trust to login to the VPN like your work place or other places you may want to login from.

 

[Fir]

all the hacker had to do login to paypal with my password already saved in browser and it was easy as pie.

This individual isn't a hacker. They were an unauthorized user. Why anyone would have access to paypal saved in their browser is beyond me. And at least have your PC set with a timeout after 10 min or so it locks requiring full credentials (both u/p) to unlock.

 

[RLGL]

Team viewer has security issues, using latest version may help

 

[Darwin333]

If you have a decent image you can install I would definitely do that. Then get a password manager, I use and love Lastpass but there are others. Lastpass will automatically generate very strong passwords any length that you want, auto login to websites with a browser extension, you can log in to the site from any other PC to get passwords if you need to login from a PC other than your own, and you only have to remember one strong master password that I highly suggest you use 2FA with. Also if anyone else might have access to your PC I suggest setting it to log out of Laspass every X hours.

 

[luv2liv]

wow. a lot of good tips!
i have heard of lastpass n need to look into that asap. thanks everyone!

im still curious how that punk found out my TeamViewer was sitting idled and waiting for connection though. that TV code is long, did he scan the whole spectrum of numbers to log onto?

 

[paperfist]

Wow I spent 6 hours doing IT work on my moms mac last night with TV. I had no idea it was so easy to take it over. I know she didn't turn it off and we just used the auto generated passwords.

 

[Elixer]

wow. a lot of good tips!
i have heard of lastpass n need to look into that asap. thanks everyone!

im still curious how that punk found out my TeamViewer was sitting idled and waiting for connection though. that TV code is long, did he scan the whole spectrum of numbers to log onto?

Looks easy enough....

TeamViewer issues emergency fix for desktop access vulnerability

Guess you never patched up?
http://www.zdnet.com/article/teamviewer-issues-emergency-fix-for-remote-access-vulnerability/

BTW, you should file a case with the police, so you have a record of this.

Heck, they may be able to bust this punk as well...

 

[lxskllr]

Heck, they may be able to bust this punk as well...

Yea, cops are all about hard work.

I wouldn't bother with cops unless you feel like wasting time. You'll get as good a result by praying.

 

[VirtualLarry]

Thanks for the heads-up, patched (hopefully fixed).

Btw, when you first install TeamViewer, I think that it gives you the option to install it as a service, is that service vulnerable, and can people connect to your PC, if you are just running that service, and not the TeamViewer application? Is there a way to find out if the service is running, without the application?

 

[Riok]

how was i targeted and how to prevent?

I guess you were targeted by simple scanning and then bruteforcing. They were certainly very low profile hackers and may not have injected trojans but you should not consider your pc safe anymore.

On top of all the basic advices given here I'll add:

1) The computer you do your banking on should not be accessible remotly anyway.

2) Please consider that if you have not protected your password database with a main password, they could have revealed ALL your saved passwords.

For your information, some places of 93 are no go zones. Two weeks ago a police woman was beatten by a crowd next to this place. I won't give the link for that here but a more 'funny' video: Here is what happens in 93

 

[Red Squirrel]

The only time cops will get involved with cybersecurity related stuff is if it was a big corporation that was the victim and they will go balls to the wall to find the person and make sure they get a penalty worse than what a murderer would get. They could not care less about individuals or small businesses though.

 

[luv2liv]

I never update anything if it is working. The only thing I do update is win7. Guess lesson learned.
Though I didn't lose any money today. I'm going crazy thinking the punk mighta copied important documents like photos of ss cards. This is exactly why I wanted to lock up windows folders... The only way to copy or open a locked folder is with a pw but windows just doesn't have this feature like Linux

 

[Red Squirrel]

At this point I would change all your passwords everywhere, at the very least.

But I would still advise against using anything like log me in setup as an "always on" mode as it means literally anyone can go in if they decide to brute force it, or if a security flaw is found, etc.

 

[darkswordsman17]

For your information, some places of 93 are no go zones. Two weeks ago a police woman was beatten by a crowd next to this place. I won't give the link for that here but a more 'funny' video: Here is what happens in 93

Not sure why you added that shit to your post.

I never update anything if it is working. The only thing I do update is win7. Guess lesson learned.
Though I didn't lose any money today. I'm going crazy thinking the punk mighta copied important documents like photos of ss cards. This is exactly why I wanted to lock up windows folders... The only way to copy or open a locked folder is with a pw but windows just doesn't have this feature like Linux

Well then you're dumb. I can see having a buffer in update to make sure an update doesn't screw something up, but you should be updating everything as updating Windows alone won't keep you secure.

Don't a lot of those methods on Linux have vulnerabilities? As does any locking/encryption, really. But you can accomplish what you want by setting up multiple users and then setting privileges/access.

Hell not sure why you'd have that type of stuff readily accessible anyway. I'd keep things like that (that I wouldn't be using often) in some manner where I can physically limit access on top of digitally limiting access. And then have offsite backups in a secure location (bank lockbox or something?) too, if its that important to you.

 

[Alpha One Seven]

Yep, there are hundreds of ways of letting yourself get ripped off. Try to avoid them all.

 

[Riok]

Not sure why you added that shit to your post.

Like it's written in the post it is "For your information". If he was wondering what kind of place is "93200 Saint-Denis in France" he can follow the youtube links and get an idea. General culture.

And if he was wondering if there is any chance the hackers would be arrested by the police, it seems complicated.

I have heard about places in Eastern Europe where many people make a living of hacking. I can now imagine this happens in some places in France also.

 

[purbeast0]

Am I the only one on this forum who has no clue WTF Team Viewer is?