-2

I'm monitoring my home network with Wireshark, since I believe my computer is being actively hacked. I looked up a LOT of IP addresses, but didn't find any suspicious ones.

Can a connection be hidden from Wireshark? What evasion techniques do hackers usually employ?

schroeder
  • 125,553
  • 55
  • 289
  • 326
kiec00
  • 49
  • 5
  • 2
    Most connections are TLS protected so you won't see anything. Additionally the number of network connections make it really hard to find "something suspicious". That is like finding a needle in a haystack. Most hackers don't need to access your PC. Weak passwords make hacking easy by just guessing them. Or you use passwords at multiple services and one service as hacked so that the password leaked. Those are the common ways people get hacked. – Robert Jun 29 '22 at 20:28
  • be sure to audit your connected devices within your google account - also check the account recovery mechanisms that are in place to ensure no extra avenue has been added - change your google account pwd - and review the concept of [strong passwords](https://security.stackexchange.com/search?q=strong+password) – brynk Jun 29 '22 at 21:46
  • Your details about cloud accounts do not seem relevant at all to your question since that does not occur from your computer. Your details in your comments below about what is actually happening on your computer are more relevant. – schroeder Jun 30 '22 at 07:33
  • Why risk it, when in doubt nuke from orbit. https://security.stackexchange.com/questions/138606/help-my-home-pc-has-been-infected-by-a-virus-what-do-i-do-now/138617#138617 – CaffeineAddiction Jun 30 '22 at 22:49

2 Answers2

1

If they have your account's username/password (or stolen valid session cookie), they don't need need to be on your home network to access your cloud services like facebook/google drive. They can login to your accounts from their computers (pretending to be you) and for example delete files from your google drive. Then when your computers sync with google drive, the expected behavior is to delete those your hacked account deleted (as google thinks you decided to delete them). Change your passwords and force logout active connections.

For google you can go to their security checkup page at:

https://myaccount.google.com/security-checkup/

I would consider enabling two-factor authentication as well as reviewing all the existing devices that are currently logged in.

Similarly, I would check your facebook account at:

https://www.facebook.com/help/securitycheckup

If you think someone has installed malware on your computer, it may be necessary to backup relevant data and reinstall the OS from a trusted source.

dr jimbob
  • 38,936
  • 8
  • 92
  • 162
  • I made new passwords, using now VPN, forced logout from everywhere. Asked for a new IP from my ISP. But somehow he still coming back. Playing with my mouse DPI when im playing, disconnecting me from Wifi, etc. Is hardware firmware roothack that rare, and complex that its a nationstate security level thing? – kiec00 Jun 29 '22 at 22:39
  • 1
    Those things sound like normal hardware issues, not a "hack". I think you are combining normal hardware issues with whatever happened to your online accounts. – schroeder Jun 30 '22 at 08:07
  • @schroeder It would be an interesting hardware issue. I tested it. Doesn't appear when I browsing the net. Doesn't appear when I farming in jungle. Does appear when I go for a gank, or when it is teamfight in LoL (League of Legends). It only occurs when I'm in PVP. And I pressing the same buttons (using left and right mouse button only, and Q,W,E,R buttons on keyboard). And I'm NOT pressing accidentally anything else. – kiec00 Jun 30 '22 at 08:55
  • 1
    Ok, that's a lot of evolving details. No, this isn't a "hack"... No one is going to go through the effort to maintain persistence on your computer just to "mess you up" in PVP ... – schroeder Jun 30 '22 at 10:43
1

Can a connection be hidden from Wireshark?

Yes, if the attackers control your computer they can control what Wireshark sees.

What evasion techniques do hackers usually employ?

Many different techniques. Too many to discuss all of them here. For example, a hacker can hook file system calls and make certain file or folders "invisible" to all users. For example, a "hacker" can run processes/threads indirectly by taking over other processes and injecting code. Etc. Etc. Etc. This question should be more focused or it might be closed.

hft
  • 4,940
  • 17
  • 32