41

To begin with, I am not very computer savvy. I am an older person with an older computer and a 2003 Windows XP using Google Chrome for a browser. (If anyone is old enough to remember when Windows first came out, and remembers their hologram security seal with a baby touching a computer screen - that baby was my son.) I am widowed, and without resources for help with computer problems, so I would greatly appreciate some help. But you might have to explain things in common english!

We have a wireless router provided by AT&T with WPA2. I have had a suspicion for a while that a neighbor is a hacker. Recently, if I log onto my computer late at night, it tells me that I don't have an internet connection. When I check the wireless network, my network doesn't even appear. What appears is a network that I don't recognize with a 5 bar signal strength. If I refresh the network list, my network appears (with signal bars), then the bars disappear on the unknown network, and I get a connection.

This must mean that someone is hijacking my network, or hacking into my computer at night - right?

Anders
  • 65,052
  • 24
  • 180
  • 218
Susie
  • 407
  • 1
  • 4
  • 6
  • 16
    Could you please state the SSID (Name) for the 5 bar network? Also a foolproof way of detecting if that unknown 5 bar network is your own is to compare MAC adresses between both, I'd recommend you use a network scanning tool. Also, congratulations for such a well formulated question! – EChan42 May 24 '16 at 12:28
  • 23
    This sounds more like a network fault than intentional harm. – Luke Park May 24 '16 at 13:03
  • Have you connected to the unknown network? If so, did it require a password? If so, did it accept yours? Not sure if it is a good idea to try this, but if you already have it would be interesting to know. – Anders May 24 '16 at 13:29
  • 52
    Off topic, but not really; you should very much consider upgrading to an operating system newer than Windows XP. Windows XP has stopped receiving any security updates from Microsoft as of April of 2014. It's needlessly risky to continue to use it. – WorseDoughnut May 24 '16 at 15:53
  • 29
    a not very computer savvy older person who knows what's WPA2 and ask a question on an information security website...? you must be the coolest grandpa ever – lelloman May 24 '16 at 21:50
  • 27
    @lelloman: cool, yes, but a person named Susie is more probably a grandma. Not that it matters for the question, ofc. – Guntram Blohm May 24 '16 at 23:56
  • 1
    @Anders If there was a rouge AP that already knew his normal networks' password, odds are the hacker would just take over the normal AP instead of broadcasting their own at that point. Same results, with less hassle or suspicion. – WorseDoughnut May 25 '16 at 14:16
  • 2
    Yes, I am of grandmother age, but I don't have grandchildren yet. Being widowed, I am trying to hold onto my home on a limited income, so I can't buy a new computer, and I don't have a smart phone. My husband had a Ph.D, and was a well respected aerospace research engineer, but sometimes life turns the world upside-down on you. – Susie May 25 '16 at 17:02
  • 1
    I have not connected to the unknown network. It is also WPA2 and password protected. – Susie May 25 '16 at 17:05
  • 1
    While looking for the SSID (although I don't quite understand what you're asking) I noticed that the unknown network has no bars showing in signal strength. This is only so when I have a connection to the internet. Very late at night, my network name completely disappears from the network list, and my internet connection is disrupted. At the same time, the unknown network shows 5 bars. My own network only ever shows 4 bars. – Susie May 25 '16 at 17:12
  • @Susie the SSID is the "name" of the network. It's the name that shows up beside the signal bars. What is your SSID (your network name) and the strange SSID (the other network name), respectively? Are they the same? – Jamie Counsell May 25 '16 at 19:36
  • Counterpoint: If someone were hijacking your network at night, why would they be so sloppy as to leave it open for you to recover merely by refreshing your list of networks? Why would they leave such a trail of their activities and such an easy way to defeat them? Why would they not simply KO your network entirely during their takeover thus leading you to blame AT&T instead of them? This points far more parsimoniously towards some sort of strange hardware and/or software configuration rather than a hacker with a penchant for psychological games. Or at least, the former is far more interesting! – underscore_d May 25 '16 at 21:15
  • 3
    Although I agree with the consensus here that it's not hacking (probably a conflicting router on the same channel), It's not a bad idea to consider any new behavior some kind of attack for the purposes of evaluating the problem. If your response is gaged at an attack then you've dealt with the worst-case scenario. Don't let these folks make you feel like you overreacted--your response of trying to understand and fix the problem is completely appropriate. Good luck! – Bill K May 25 '16 at 21:40

5 Answers5

53

It is unlikely a hacker stealing internet access will have the sophistication (or need) to make the wireless network change between different names.

It is more likely that someone/some device nearby installed a new wireless network that happen to broadcast on the same channel as yours (there are only 3 or 4 non-overlapping ones to choose from) and have a higher signal strength. Depending on the signal strength of your router and the capability of the wireless card, the latter may fail to detect your network until the other one goes quiet.

One solution is to reconfigure your router to use a different channel. This option is normally under the "wireless" or "advanced wireless" section in the web configuration interface of the router. Another one is to find out who operates the other network and ask them to reduce power (it is possible they're violating FCC rules).

You'll find a WiFi analyser on a smart phone very hand for both solutions. They can tell you what network are using which channel and the make of the router (useful for hunting them down). On Android, there are many options. I think the best one is Wifi Analyzer. For iOS, the only option is Apple's own AirPort Utility (see guide).

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
billc.cn
  • 3,892
  • 1
  • 17
  • 24
  • 3
    Good point. It's worth noting that if she is inadvertently connecting to another unsecured network then it puts her at risk. It also means that instead of being hacked it is almost as though she has accidentally become the hacker. (not really, but it's still a bit funny) – KnightHawk May 24 '16 at 14:41
  • 2
    Bit misleading in the second paragraph. You can most certainly legally boost an APs power (to a certain extent) without breaking FCC rules. – WorseDoughnut May 24 '16 at 15:50
  • @JeffMeden I did not indicate the other network was trying to pretend to be the same one. I was stating that it could be so powerful that the computer cannot even see the original network and confused the OP into believing that her network was replaced. – billc.cn May 24 '16 at 17:19
  • 1
    If that were the case the internet connection would be unusable as long as the neighbor's device is in use. Since the symptoms reported suggest it's only a daily (or less) very brief outage, this is unlikely. – Jeff Meden May 24 '16 at 17:34
  • 4
    @WorseDoughnut I felt that way too. Unless some measurement is done, it is impossible to just assume they are violating FCC rules. Also, where is the AP located in his home related to the computer? One possible scenario is the AP in living room by the front door, and he is in the back of the house while neighbor AP is facing the backyard with LOS to OP's computer through the glass window. Fact is, don't make assumptions. – Mindwin Remember Monica May 24 '16 at 20:08
  • 2
    I wish i could downvote this answer more. "Your neighbor's wifi is stronger than yours? They're probably violating FCC regulations. It can't possibly be something simple like distance, or brand, or something reasonable like that." - billc.cn 2016 – WorseDoughnut May 25 '16 at 12:42
  • I have not connected to this unknown network. It is also WPA2 and password protected. My neighbors are not close enough to have 5-bar signal strength. But this network only shows 5 bars when my internet connection is interrupted and my network disappears (late at night). During the day, when I do have an internet connection, the unknown network has zero bars. – Susie May 25 '16 at 17:17
  • Instead of discounting my concerns offhand, let's assume that this hacker actually is sophisticated. I live very close to Intel, and not far from the Silicone Valley in CA. The person that I suspect is fairly well off financially. But since being widowed, I have been bullied, and my house has been repeatedly vandalized. Not all affluent people are nice people. – Susie May 25 '16 at 17:22
  • 1
    Susie Thank you for the new info. Based on it, the situation in @JeffMeden's answer seems to apply better. You can confirm it by checking the router's "up time" (time since last boot) right after your network is restored or see if your external IP address changes each time it happens. (I really hope it's nothing more sinister than equipment issue or interference though.... – billc.cn May 25 '16 at 19:17
  • 5
    @Susie we understand the pain of antisocial bullying, but you haven't given us much to use to answer this empirically. IMO if someone were trying to employ bullying tactics they would venture to knock your wifi connection completely offline long term (devices to do that are not very expensive, but illegal to use), compromise your computer to delete/ransom all the files, etc. Since your symptoms line up much more closely with failing equipment (as most of us are versed in tech support we get a sense of these things) its best to eliminate the most practical problems first. Hope this helps! – Jeff Meden May 25 '16 at 20:04
9

To your fear that a local hacker is trying to compromise your internet connection and/or your computer, it's actually quite hard to "fake" an WPA2-AES protected access point: the handshake doesn't expose the key and if there were a rogue device posing as the AT&T router, the handshake would fail with an error message. So, as long as you heeded any warnings about invalid passwords when connecting, and never tried to connect to any SSIDs than the one you configured for your AT&T device, your internet connection is safe.

Further, the symptoms (a strange no-name network appears with strong signal in place of yours, then disappears) sounds a lot more like the AT&T device is merely rebooting: they don't have the most robust customer prem equipment and this can happen automatically; sometimes triggered late at night. If it happens more than once every week or two, you should contact them for troubleshooting and to obtain a replacement.

Jeff Meden
  • 3,976
  • 13
  • 16
  • 4
    This sounds much like failing hardware. That might be because of rebooting, as Jeff noted, or some other problem. Since you (Susie, the question-asker) are using a computer that is over a decade old, I wouldn't be surprised if you haven't upgraded your router to something recent. So, chances seem sensibly high that you're using an old router. Consider replacing the old (likely failing) equipment. It sounds like there may be a neighboring network (nothing wrong with that) which becomes more prominent during the times your network is failing. Not a neighbor's attack. – TOOGAM May 24 '16 at 18:08
  • Again, instead of discounting my concerns offhand as equipment problems, let's assume that my new-ish router isn't rebooting or failing, and that there quite possibly is a sophisticated bullying hacker targeting me. Why does my internet get disconnected when his network activates? – Susie May 25 '16 at 17:53
  • 4
    @Susie Your question is "Am I being hacked?". The experts here are telling you that it is unlikely. They're not discounting your concerns offhand; they're answering your question. And 2 years really isn't "new-ish" for a router; I've had routers fail completely within a year (although they usually last longer). – Beofett May 25 '16 at 18:58
  • 2
    @Susie interrupting WiFi is amazingly easy, intentionally or unintentionally. Hard is compromising or impersonating a properly configured WPA2-PSK device. So, rule of simplest explanation applies unless you have more details you can provide like other unexplained computer behavior. – Jeff Meden May 25 '16 at 19:19
  • 4
    @Beofett The OP asked a very well-written and interesting question but is kinda marring the discussion by seeming only to want to be told what they have already decided is true. – underscore_d May 25 '16 at 21:08
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/47443/discussion-on-answer-by-jeff-meden-my-wifi-network-is-replaced-by-another-networ). – Rory Alsop Oct 26 '16 at 06:33
  • @Susie Rather than "rebooting", it could be that your router goes into some kind of "sleep" or "low power" mode late at night: it might not be broadcasting its existence (so doesn't show up initially) but responds to a re-scan and shows up then. – TripeHound Jan 28 '19 at 12:05
8

Here are some things you can try that may help you out. As you stated that you are not too computer savvy, I'll not be giving you any difficult instruction if I can help it.

  • Possibly try turning off your router when not in use. This may reset your password to the default (I believe this might be printed on the device itself)
  • If you can plug a hard line from your PC to your router, this will keep you on a physically secured connection. You could turn off the wireless from here if you wanted to.
  • You might need to call AT&T and get some 'in person' help. You can find a lot of good information here and other places online, but they do have diagnostics that they can perform and walk you through over the phone to help troubleshoot for problems.
  • If you are comfortable logging into the router itself and looking around the options there, one of the things you should be able to see is a list of connected devices. No guarantee you will see any information about your neighbors computer. What you should see is the MAC address of any connected devices. If you list them out and compare to the devices you own you can find out if there is someone else on your network.

There are any number of other things that might help you, but I think I covered the basics. For now, it's hard to tell exactly what the trouble is, these things will hopefully help you out. Seriously give it some thought to calling AT&T or anyone that you know to help you out in a more personal manner. (I don't recommend Geek Squad though, too expensive. For some of their prices, you're better off getting a new PC at times.)

KnightHawk
  • 719
  • 3
  • 10
  • 1
    *This may reset your password to the default* Mine doesn't. – EKons May 25 '16 at 10:30
  • 3
    I would advise against turning your router off frequently. Often ISP's will pick this up as a fault and reduce the speed on your line causing further issues. you should really only turn off your router if you really have too and infrequently as possible. an alternative however is to turn off just the wireless signal. many routers have a button or switch to toggle this. – Harvey May 25 '16 at 10:32
  • Unfortunately, there isn't a feasible way to connect the cable to my computer. I wish I could, and not have to use a wireless router! – Susie May 25 '16 at 17:38
  • I don't think I can turn off the router without also disconnecting the cable television by doing so. – Susie May 25 '16 at 17:40
  • 1
    "Possibly try turning off your router when not in use. This may reset your password to the default" LMAO, _really_? Have you actually seen this? If so, cite which brands do this nonsense, so we can avoid giving them any money. Although, to be fair, I'd say the same to @Harvey about ISPs who would punish us for saving power; again, _really_? they react to perceived problems on the line by, not fixing it but, _worsening_ it? Both of these are new levels of technological inanity if true. – underscore_d May 25 '16 at 21:03
  • 1
    Its a well known fact that router disruption flags up an 'IP Profile' with ISP's. If your constantly turning your router off and on you will build a 'Negative IP Profile' and the ISP will assume you have a fault on the line, its not punishing you, its to ensure you don't have problems. In this occurrence you have you contact your ISP for an IP Profile reset. On the first few days of connection you are instructed to leave your router on for this reason! and please, routers are designed as low power devices. your saving very small amounts with your router off. – Harvey May 26 '16 at 10:07
  • @underscore I have not with certainty seen routers that revert to factory settings after being off/unplugged for periods of time. But I warned that it may happen anyway in effort to err on the side of caution. Not all routers have on/off switched and turning it off would require unplugging it. If done for an expended period then I suppose some models may revert to factory settings after long periods without power. If this is wrong, then the OP has nothing to worry about in this respect. – KnightHawk May 26 '16 at 20:44
1

Don't worry. You are not being hacked. It is perfectly normal for your computer to detect one or more wireless networks other than your own. Mine is currently showing half-a-dozen - I live in a residential area and all my neighbours have wireless Internet too!

This sounds very much as if a close neighbour has a wireless network on the same channel as yours. Get someone who knows how to set a different channel on your router, or talk to your immediate neighbours, ask if the network name you are detecting is theirs, and maybe they are technically savvy enough to change THEIR channel. Also try re-positioning your router. Just a few inches can make a surprising amount of difference, as can getting it out from behind something that may be blocking the signal. Wireless signal strength is not always logical! Remember the old days when we sometimes had to hold the TV aerial in the strangest positions?

Laurence
  • 145
  • 3
0

Your computer being disconnected when the other wifi shows up sounds like you're being bumped off -- which was previously achievable with WEP and (I think) still is with non-encrypted (open) networks, where an attacker could go as far as to pretend to be the router. However, if you are using WPA2 as you say your router supports, then you shouldn't have this problem.

As a result it seems much more likely that what you are experiencing is an issue with interference and is further likely due to the fact that the other network comes in stronger than your own: If they're using a channel that interferes with the one your router is on and they are broadcasting at a stronger strength (routers often have an option to change the signal strength, and custom firmware often allows for even stronger signal strengths) than your own router, then they may very well be knocking you off by sheer interference and not through any intentional hack attempt.

Thus, rule this out first -- but it requires logging in to your router and changing the channel it broadcasts the wireless network on. Most people prefer to use only 1, 6, or 12 (if I recall correctly) as those do not overlap each-other. So, if you're on 3~8, try 1 or 12, etc. ... if you've tried this and it hasn't solved your problem, edit your question with that info. You may also want to try finding wifi network scanning/mapping software that works on your computer to see what the specs (channel, etc.) of the other network are to see if you can avoid getting interference from it.

EDIT: Another thing that comes to mind is if they are trying to bump you off intentionally, they may be trying to abuse the fact that some devices will automatically connect to certain networks, particularly open networks. However, if you do not connect to this network and make sure your computer does not automatically do so, it shouldn't be a problem (aside, of course, from the annoyance / inconvenience of being disconnected).

Keilaron
  • 101