How easy is it for some random person to break into your computer?

[Mai72]

Had a coworker a few years ago tell me that his friend's computer was hacked into by another 4Chan member. He then went on to tell me that I should have a post it note on my laptop's camera lens because if someone were to break into my computer, and acess the camera then they could spy on me and watch my activities. Or, they might get into my folders and hold my info randsom, etc. If I'm not engaging in peer to peer, going onto shady sites, or just engaging in bad online behavior how likely would it be for some random guy online to be able to access my laptop? I have an antivirus with firewall, etc. BTW, I have my camera and audio deactivated. I guess that doesn't mean much if someone were to gain access. I also onluy visit a few sites anyway. This being one of those sites. Other sites would be YouTube, Amazon mainly. A few others. That's about it. Also, could someone do a random IP scan and break into your PC that way? I know that most IP addresses are public.

Side Note: When I lived in Asia I had attempted hacks into my email, Steam account, quite often. Also, I had one successful attack into my Google pictures account a few years ago. An ex coworker had her email hijacked, and a malicious emal was sent from her contact list to everyone. I clicked on a link embedded in her email and they got into my pictures. Everyone on my email list were getting my pictures. After that happend I got spooked and got really serious about safeguarding my computers.

 

[ViviTheMage]

If you want to stop against ransomware, you need to have offsite, incremental backups. This will solve a lot of problems, and give you piece of mind that files are backed up off site as well, for other issues. Fires, floods, failed hardware, etc.

If you want to stop against malware or getting the ransomware in the first place, you need to follow safe browsing habits. Get plugins for your browser that block malicious content, or URL's. Plugins like ublock origin, HTTPS Everywhere, Ghostery, etc. You can take it a step further and install a pihole DNS server to handle all devices behind your networks requests. You should also make sure your anti virus is up to date. If you are on Windows 10, the build in Windows Defender is actually one of the best, so keep that updated.

If you want to stop against getting into your accounts with poor passwords, or re used passwords. You need to follow better password management practices for different accounts. You can go as far as password management with a tool like keepass (local), or lastpass (web based). If you want to be proactive, change your password every so often. But as long as you have a long and complex password (20+ characters), you are in better shape then most.

When logging into websites, make sure they have an SSL lock on the top left, and that the certificate is valid, any browser will tell you if the session is secure.

And yes, putting a cover over your webcam is a good idea. They make nicer ones online, or you can just use electrical tape.

 

[Zanovar]

Recently had an email from some prick trying to rip me off.He said he has vidoe of me jerking off on webcam.pay me this or ill upload it everywere.nice try twat.the scary thing is he probably sent out a shit ton of those emails.some idiots probably fell for it.:S

 

[ViviTheMage]

Recently had an email from some prick trying to rip me off.He said he has vidoe of me jerking off on webcam.pay me this or ill upload it everywere.nice try twat

Scam, just ignore it.

 

[Zanovar]

Scam, just ignore it.

indeed

 

[[DHT]Osiris]

Had a coworker a few years ago tell me that his friend's computer was hacked into by another 4Chan member. He then went on to tell me that I should have a post it note on my laptop's camera lens because if someone were to break into my computer, and acess the camera then they could spy on me and watch my activities. Or, they might get into my folders and hold my info randsom, etc. If I'm not engaging in peer to peer, going onto shady sites, or just engaging in bad online behavior how likely would it be for some random guy online to be able to access my laptop? I have an antivirus with firewall, etc. BTW, I have my camera and audio deactivated. I guess that doesn't mean much if someone were to gain access. I also onluy visit a few sites anyway. This being one of those sites. Other sites would be YouTube, Amazon mainly. A few others. That's about it. Also, could someone do a random IP scan and break into your PC that way? I know that most IP addresses are public.

Side Note: When I lived in Asia I had attempted hacks into my email, Steam account, quite often. Also, I had one successful attack into my Google pictures account a few years ago. An ex coworker had her email hijacked, and a malicious emal was sent from her contact list to everyone. I clicked on a link embedded in her email and they got into my pictures. Everyone on my email list were getting my pictures. After that happend I got spooked and got really serious about safeguarding my computers.

Your computer itself? Virtually impossible. If you're at home, you're behind a NAT'd device that even if comp'd isn't really capable of providing a 'jump point' to infect/take control of your machine. Spy on traffic maybe, yeah, but nobody's going to find/download/delete your tax returns from there. On a public wifi, maybe, with a lot of caveats. The person would have to be on the same wifi as you, and you'd need some pretty severe vulnerabilities unpatched for that to be possible.

Much more likely that some rando accounts of yours would get hacked.

 

[ViviTheMage]

Your computer itself? Virtually impossible. If you're at home, you're behind a NAT'd device that even if comp'd isn't really capable of providing a 'jump point' to infect/take control of your machine. Spy on traffic maybe, yeah, but nobody's going to find/download/delete your tax returns from there. On a public wifi, maybe, with a lot of caveats. The person would have to be on the same wifi as you, and you'd need some pretty severe vulnerabilities unpatched for that to be possible.

Much more likely that some rando accounts of yours would get hacked.

Or ransomeware, that's pretty common these days. The attack vector in is you hitting a website and infecting it yourself.

 

[OccamsToothbrush]

Had a coworker a few years ago tell me that his friend's computer was hacked into by another 4Chan member. He then went on to tell me that I should have a post it note on my laptop's camera lens because if someone were to break into my computer, and acess the camera then they could spy on me and watch my activities. Or, they might get into my folders and hold my info randsom, etc. If I'm not engaging in peer to peer, going onto shady sites, or just engaging in bad online behavior how likely would it be for some random guy online to be able to access my laptop? I have an antivirus with firewall, etc. BTW, I have my camera and audio deactivated. I guess that doesn't mean much if someone were to gain access. I also onluy visit a few sites anyway. This being one of those sites. Other sites would be YouTube, Amazon mainly. A few others. That's about it. Also, could someone do a random IP scan and break into your PC that way? I know that most IP addresses are public.

Side Note: When I lived in Asia I had attempted hacks into my email, Steam account, quite often. Also, I had one successful attack into my Google pictures account a few years ago. An ex coworker had her email hijacked, and a malicious emal was sent from her contact list to everyone. I clicked on a link embedded in her email and they got into my pictures. Everyone on my email list were getting my pictures. After that happend I got spooked and got really serious about safeguarding my computers.

1) Bullshit. That crap about hijacking a web camera is a scam as old as web cameras themselves. It's an attempt to blackmail incredibly stupid people, so congrats, you work with incredibly stupid people.

2) It's almost impossible to break into a PC. What does get compromised are accounts, like PayPal, NetFlx, iTunes, Amazon etc. Some of that happens on the remote end when the server is compromised and some of it happens on easily guessed passwords. The vast majority of that is done by phishing though, not hacking. Nobody is sitting there in Russia trying to hack into a PC or an ebay account because they don't have to. The idiot owners of said accounts are all too eager to give up their passwords to anyone that asks. Some scammer spends 10 minutes to create an email that looks like it came from PayPal or Bank of America or ebay with a heading like "Your account has been compromised, sign in NOW to change your password!!" and sends its out to thousands or tens of thousands of idiots and lets them line up to give away their bank logins. Nobody hacks into an individual PC because nobody needs to. Theyll phish 10,000 logins quicker than they could hack a single PC. The people who cry that they got hacked are actually saying "I'm the biggest idiot on Earth and I fell for a scam that a braindead lemur could recognize in 2 seconds and I GAVE MY PASSWORDS AWAY. " So it's time for you to get your ass off ATOT and LEARN SOMETHING about how scams work because by posting this drivel you're clearly lost on the whole concept of what can be done by hackers and how they do it. All your little anecdotes of Steam accounts and email accounts being hacked were almost certainly not hacks at all, they were simply idiots who fell for common scams and you're probably one of them.

3) About the only way for a hacker to get into a PC and install ransomware, keyloggers or rootkits is if you open the door and let them in. Reread point #2. Nobody is going to hack your PC, they're going to sending out a mass email like "Click here to see Mama Cass naked!!!" or start a torrent with "Logins to every paid porn site on Earth" and then sit back and let the 1% stupidest people on earth infect themselves by installing it. If you have even a shred of a clue about how computers and accounts are compromised and 1 functioning brain cell to learn how to protect yourself you're pretty much immune. If there are two cars in a parking lot, one securely locked and one with the doors open and engine running, which is most likely going to get stolen? You think some thief is going to stand there and break into a car when there's one to take with no effort involved? DON'T BE THE ASSHOLE WHO LEAVES HIS CAR RUNNING. A tiny tiny tiny tiny bit of knowledge is all it takes to protect yourself from this crap.

 

[Jerem]

I usually have my banking logins set to ask me a security question each time I log in (don't remember this computer). I was thinking that was more secure. Now I'm not so sure. All my passwords are in an encrypted file so my biggest vulnerability would be a key logger. If that were the case then I just gave the hackers the answers to my security questions. So security experts, am I more secure or less secure?

 

[dasherHampton]

Recently had an email from some prick trying to rip me off.He said he has vidoe of me jerking off on webcam.pay me this or ill upload it everywere.nice try twat.the scary thing is he probably sent out a shit ton of those emails.some idiots probably fell for it.:S

I got a similar one. The only thing that made it slightly next level is that it had my old email password.

The scams are coming fast and furious. I've gotten quite a few amazon ones that say I ordered a Nintendo gift card or something and ask me to log in to verify.

Not two days ago I got one asking me to update my brokerage account info for security purposes. It looked very legit. I really hope people aren't falling for these things.

 

[BarkingGhostar]

If you want to stop against ransomware, you need to have offsite, incremental backups. This will solve a lot of problems, and give you piece of mind that files are backed up off site as well, for other issues. Fires, floods, failed hardware, etc.

Why? Every month I perform a clone operation with the clone physically removed from the case. How does ransomware get at it?

 

[lxskllr]

Mama Cass naked you say? Got a link?

 

[skyking]

Why? Every month I perform a clone operation with the clone physically removed from the case. How does ransomware get at it?

It does not. Offsite protects you from personal tragedy like a house fire. If you have a garage or some other secure space that is not attached, that is a good idea for your backups.

 

[Kaido]

Had a coworker a few years ago tell me that his friend's computer was hacked into by another 4Chan member. He then went on to tell me that I should have a post it note on my laptop's camera lens because if someone were to break into my computer, and acess the camera then they could spy on me and watch my activities. Or, they might get into my folders and hold my info randsom, etc. If I'm not engaging in peer to peer, going onto shady sites, or just engaging in bad online behavior how likely would it be for some random guy online to be able to access my laptop? I have an antivirus with firewall, etc. BTW, I have my camera and audio deactivated. I guess that doesn't mean much if someone were to gain access. I also onluy visit a few sites anyway. This being one of those sites. Other sites would be YouTube, Amazon mainly. A few others. That's about it. Also, could someone do a random IP scan and break into your PC that way? I know that most IP addresses are public.

Side Note: When I lived in Asia I had attempted hacks into my email, Steam account, quite often. Also, I had one successful attack into my Google pictures account a few years ago. An ex coworker had her email hijacked, and a malicious emal was sent from her contact list to everyone. I clicked on a link embedded in her email and they got into my pictures. Everyone on my email list were getting my pictures. After that happend I got spooked and got really serious about safeguarding my computers.

Security is a tricky thing these days. If you want to get serious about it, there are some paid (and free) solutions that do a tremendous job:

1. Get a paid annual Malwarebytes license. It handles anti-virus now, in addition to anti-malware. Plus, it has an active cryptolocker monitoring system (Ransomware Protection). It's extremely good.

2. Get a paid Macrium Reflect license (SuperDuper & Time Machine if on a Mac). It can do scheduled image backups (including incremental) to a USB hard drive or NAS, and also has an active cryptolocker blocking system (Image Guardian) for safe-guarding the backup files themselves from cryptolocking.

3. Get a paid Backblaze account. Very cheap. Unlimited encrypted cloud backup.

4. Setup every account you have with 2FA. Use Authy (for reasons), not SMS. SIM hijacking is pretty commonplace.

5.Use Google Chrome with some good plugins, like uBlock Origin, HTTPS Everywhere, and Privacy Badger.

6. Use a password manager like Roboform. Use the built-in random password generator. Generate new unique passwords for all apps & sites on a monthly basis. Sign up for email notifications on haveibeenpwned.com. For security questions, generate random passwords as well. Remember Sarah Palin.

7. Use a VPN like NordVPN or TunnelBear, especially in public.

8. Always use a router at home to access the Internet. Never connect your computer directly to your modem. The Netgear Orbi is my current recommendation.

9. Cover your webcam when not in use. Look up "webcam cover" on Amazon for cheap packs. For people who think it doesn't happen, it does.

10. Use a better firewall with network monitoring. I like Glasswire on PC & Little Snitch on Mac.

11. Setup a Pi-hole on your network. A Docker version is available. You can goof with Docker Desktop for Windows if you want to try it out first.

Sounds like a lot, but it's not: install a few programs. Change all of your passwords once in awhile, and make sure they're unique to the website. Use app-based 2FA. It takes a few hours to get everything setup & running, but it's pretty easy to maintain!

 

[Red Squirrel]

Through a web page, very easy. There is so much browser based client side code now days with Javascript and all that stuff. Just landing on a bad website can have your machine compromised. I think that's how lot of ransomware happens, people are tricked to going to a URL and when they load it it's game over. From there it can spread to the rest of the network.

Most people are behind a NAT firewall so it makes direct attack much harder unless you have a port forwarded to something and there happens to be an exploit. (ex: a game server or something) but if you put that stuff on a separate vlan you should be fine.

 

[zinfamous]

Recently had an email from some prick trying to rip me off.He said he has vidoe of me jerking off on webcam.pay me this or ill upload it everywere.nice try twat.the scary thing is he probably sent out a shit ton of those emails.some idiots probably fell for it.:S

yep, got two of those recently from two different "hacked emails" in my spam folder. ...subject line mentioned an actual old password of mine, that I used many years ago. ...I actually used to use it on a lot of accounts, but I know I haven't used that one in many years, and all of my passwords on all accounts are completely randomly different.

but the email was very generic other than that: "deposit bitcoin in blah blah account." I'm, like, if dude was serious and had video of me stroking the meatwagon, then they would have sent proof of content. Also, I realized that I honestly don't give a fuck, because there are some simple basic facts that govern males of my age:

--nothing like that could ever threaten my social reputation (sorry, not in highschool or younger. no one fucking cares)
--I'm a dude. Other guys that I know would laugh and not care. Girls, in general, wouldn't even watch.
--I'm not a celebrity...and besides, they survive that shit when it really could effect them.
--oh yeah, I don't even have social media anything, haha.

But, the fact that he posted a real password meant that my information was compromised some time ago, and dude purchases an old list and was just farming, likely because he couldn't get anywhere with that password. My guess is that it was a much older Newegg account (those assholes have been compromised so many times it isn't funny, and it runs logical to a time period when I had a Newegg account using that password, but long since dormant, with no current cc attached to it), or possible the Equifax thing...though I'm not sure how that would have lead to that password. I have also, some years ago, got notice from gmail that some dude in China area was trying to access my email (...don't think I used this password for gmail ever, ...but hell, I might have, tbh. not sure, really).

oh yeah, I did also recently get a 2factor request on my phone for some account logging into the "China region." ...didn't even tell me what account it was, so I guess it must have been my google/gmail? generic Android/google account 2fa?

 

[ViviTheMage]

Why? Every month I perform a clone operation with the clone physically removed from the case. How does ransomware get at it?

If ransomeware got some files, and you didn't realize it before your back up, and that is your only, you are hosed. That is why I advise for incremental back ups with decent retention.

 

[mopardude87]

Oh i bet if someone got a hold of my stuff, they may just consider leaving it alone. My bookmarks alone would scare off prob any potential attacker LOL.I would love to be a fly on the wall in their room with their confused looks on their faces if they ever gained remote access to this.

 

[JulesMaximus]

Recently had an email from some prick trying to rip me off.He said he has vidoe of me jerking off on webcam.pay me this or ill upload it everywere.nice try twat.the scary thing is he probably sent out a shit ton of those emails.some idiots probably fell for it.:S

I saw that video. It’s super steamy.

 

[Captante]

About the only way for a hacker to get into a PC and install ransomware, keyloggers or rootkits is if you open the door and let them in.

Bottom line if somebody wants your info badly enough they're going to get it one way or another but hacking into a patched and properly secured Win 10 PC is usually not like the movies where its depicted as low-hanging fruit.

Thing is my information for example isn't worth much so although they'll take it if it drops in their lap, no bad-guys are really looking for it. In addition my PC (hopefully like most folks here) is up to date & locked down pretty tight which makes it at least annoying to get into.

As one of my Novell 3.1 instructor's told me many years ago: the easiest way to get a corporate network users password is to walk right up looking official and ask for it.

I agree ... IT security would be a piece of cake if it wasn't for the dang users who know just enough to make them dangerous.

 

[TheVrolok]

Security is a tricky thing these days. If you want to get serious about it, there are some paid (and free) solutions that do a tremendous job:

1. Get a paid annual Malwarebytes license. It handles anti-virus now, in addition to anti-malware. Plus, it has an active cryptolocker monitoring system (Ransomware Protection). It's extremely good.

2. Get a paid Macrium Reflect license (SuperDuper & Time Machine if on a Mac). It can do scheduled image backups (including incremental) to a USB hard drive or NAS, and also has an active cryptolocker blocking system (Image Guardian) for safe-guarding the backup files themselves from cryptolocking.

3. Get a paid Backblaze account. Very cheap. Unlimited encrypted cloud backup.

4. Setup every account you have with 2FA. Use Authy (for reasons), not SMS. SIM hijacking is pretty commonplace.

5.Use Google Chrome with some good plugins, like uBlock Origin, HTTPS Everywhere, and Privacy Badger.

6. Use a password manager like Roboform. Use the built-in random password generator. Generate new unique passwords for all apps & sites on a monthly basis. Sign up for email notifications on haveibeenpwned.com. For security questions, generate random passwords as well. Remember Sarah Palin.

7. Use a VPN like NordVPN or TunnelBear, especially in public.

8. Always use a router at home to access the Internet. Never connect your computer directly to your modem. The Netgear Orbi is my current recommendation.

9. Cover your webcam when not in use. Look up "webcam cover" on Amazon for cheap packs. For people who think it doesn't happen, it does.

10. Use a better firewall with network monitoring. I like Glasswire on PC & Little Snitch on Mac.

11. Setup a Pi-hole on your network. A Docker version is available. You can goof with Docker Desktop for Windows if you want to try it out first.

Sounds like a lot, but it's not: install a few programs. Change all of your passwords once in awhile, and make sure they're unique to the website. Use app-based 2FA. It takes a few hours to get everything setup & running, but it's pretty easy to maintain!

All good advice and I second the opinion that it sounds like a lot more work than it is, and doesn't take tons of technical know how.

 

[Hans Gruber]

Who actually keeps stuff on their computer that they would worry about losing? External hard drives, USB flash drives always come in handy because they are not connected to anything.

Always have a separate computer for banking or business transactions.

 

[OccamsToothbrush]

Who actually keeps stuff on their computer that they would worry about losing?

Hey, do you have any idea how long it would take to replace 20 yottabytes of porn?

Bottom line if somebody wants your info badly enough they're going to get it one way or another...

Completely true. But unless you're a major mob or cartel person that the government is after, nobody wants your info badly enough. Nobody is that interesting and nobody else has information that is worth that much effort. There's simply no need to attack PCs one-by-one hoping that a rich person is hanging onto pictures of himself cutting up a hookers body. You send out a mass phishing attack to a mailing list of thousands you'll get plenty of bank and PayPal accounts to siphon. Way more result for almost sero effort. There is enough low-hanging fruit for scammers to gorge themselves on, they're not trying to break into any PCs because they don't have to break in. Idiots line up to give their stuff away.

 

[Svnla]

Kaido and other posters, thanks for the tips and links.

Question for experts/gurus. I do have Avira AV (free) and Malwarebyte (Pro - paid version) on my computer. What are the online AV scanners to scan my computer to double check that my PC is clean? I have been using ESET free online scanner. Wonder if there are anything else better on AV/malware scanning.

I used to have the paid version of Kaspersky but did not want to continue to pay for it. I wonder if I need to pay for it or get the paid version of AV instead of the free one(s).

 

[snoopy7548]

I used NOD32 for the longest time until I finally realized it wasn't worth it. The built-in Windows Defender, plus AdBlock, is fine for 99% of people. Maybe scan for malware once a week with MalwareBytes free edition.