I have a colleague at work who has had disputes with his neighbor for several years now. My colleague is a nice guy. So I believe him when he says that his neighbor is a jerk. His neighbor is a retired computer Security expert who sits at home now with nothing to do all day.
So this neighbor spends his days terrorizing my colleague, digitally. This neighbor hacks in through my colleague’s wifi and resets his streaming boxes and cable boxes, changes his router settings, snoops through files, changes passwords, etc… He uses man in the middle attacks, pretending to be the refrigerator or some other appliance or device, and once in to the network, wreaks havoc.
My friend from work says that his router is un-crackable except that the neighbor doesn’t come in through the internet. He comes in via the wifi. This friend is at his wits-end. He seems to be giving up, saying this guy is “the man, I lose and can’t do anything about it”. So how does one stop a guy like this, without having the same skills yourself, to fight back or to trap him in to a situation where this guy can be prosecuted?
My friend has filed police reports. The police don’t know what to do either. If you block all but white-listed devices and someone pretends to be one of your white listed devices, it seems that there is no defense. My colleague keeps his PCs turned off when not in use and runs vpn on each individual pc to keep the use of the computer private when not in use. But it’s like he has to be an outlaw on his own network as someone else controls everything.
Because every device is potentially already compromised, start by turning everything off, and disconnecting every device from the local network. Disconnect the router from the internet.
Permanently stop using WiFi.
Use only Linux.
Do not connect any device to the local network until it has been made safe.
In some cases making it safe would mean selling the device and buying a replacement. All passwords must be non-default and must be new passwords, not used before on any device. In other cases making it safe would mean restoring from a known good backup. However if this has been going on for several years then that may be impossible, in which case it would need a backup now, then blow it all away and then a selective restore, taking into account that any file that has been restored from the recent backup may have been compromised. In some cases making it safe could mean just blowing it all away and starting again (where that is acceptable).
When bringing the local network back, less is more i.e. bring back the most needed few devices and see whether it is immediately re-compromised.
Even this won’t be adequate if the neighbour has put in low level (i.e. boot firmware) compromises. For that, you will need Pureboot and a Librem Key.
This is however a technological solution to a problem that may not be technological.
It isn’t possible to man in the middle wpa3. Your neighbour doesn’t fully understand what is going on. Here is what actually happened:
At some point in time your friend had either weak security or temporarily no security on his wifi.
All a sophisticated tech needs is a few minutes to install remote control software somewhere on his network. There is an infinite number of those, sophisticated users know of ones that hide quite well, especially the really malicous ones.
The neighbour is using that remote app to access a point on your friends network and fiddle with everything.
Your friends needs to rebuild his network from scratch and reinstall every single system from original oem disks and that will go away. This includes reinstalling his NAS and re-flashing his smart tv to factory defaults.
WPA3 was not claimed to be the only Wireless security in use and most IoT devices do not support WPA3 placing most access points in WPA 3/2 compatibility mode for functionality and an attacker can still exploit WPA2 vulnerabilities then.
We can’t and don’t know due to insufficient information. Sure your scenario is more plausible than OP’s but there are nearly an infinite number of possibilities. This isn’t to take away from the recommendation to reload everything (which is solid advice), just to acknowledge that isn’t guaranteed effective precisely because we dont know what actually is happening here. Irvinewades advice is more extreme but solves for more potential scenarios.
There’s also the option of hiring outside professionals to investigate the security breach and remediate. With the added bonus that if this is in fact an attack and not something else, that most incident response teams will know how to properly log information including chain of custody of that information to be usable as evidence in both civil and criminal matters.
Personally I’m always a bit suspicious of these types of scenarios as they’re so often hit and run posts or end up with more holes in their than pegboard.
Yes! I deal with nasty rootkits all the time at work fixing clients networks that have similar problems. Your advice is sound irvinewade. You’ve gotta go back to the tree and start from scratch. Most likely firmware is compromised from the start. There is probably a rootkit living on the network that just reinfects even brand new devices as soon as you plug them in.
We’re talking about ripping out motherboards, replacing computers, phones & routers, setting up new firmware on everything, secure network firewalls, quarantining all questionable devices that may be infected (like the TV) on isolated guest network subnets, hardening your linux distros and the whole nine yards.
I’m actually working on a similar project right now, its a lot of work, and its not cheap!
It would be better for your coworker to resolve any issues with the neighbor. I hope that your colleague isn’t at fault nor a criminal. Maybe it was the neighbor who called the police on your coworker. It is better to stay away from danger, considering that these issues may jeopardize your employment.
That said, the situation is hacking the internet network. It would be much worse if electricity, phreaking, and radio jamming/hijacking is involved. I see electricity, phreaking, and radio jamming/hijacking as the ultimate hacker profile because it deals with the basis of modern telecommunication. If I was a hacker, I would probaby want to improve on such knowledge and skills, preferably on specific channels/frequencies. For example, I have suspicion of my neighbor to use walkie-talkies. I am not sure if the radio frequency is detectable by law enforcement. He may know about phone and radio technology. He also had past instances of desperation before the property tax deadline.
If the opening post involves electricity, phreaking, or radio jamming/hijacking, internet network might be the least in concern, depending on the judiciality and severity of the situation.
Ethernet connection alone will not save your cowork if a evil maid attack occurs at the designated location.
Most Wifi routers have a “guest network”. That will allow internet (but not LAN) access for convenience (e.g. browsing on your phone, browsing on laptop, etc.).
disconnect everything, especially all the “smart” crap and IoTs
Ask your ISP to replace the router - tell them there is suspicion of firmware compromise
Buy a Purism Laptop with PureBoot Bundle
connect it wired (Ethernet)
At this point, you have a clean known-good setup. And you should be able to spot any low-level compromise or implants, should the attacks resume. You might want to leave it this way or start troubleshooting/experimenting with turning wifi back on (guest disabled) and eventually connecting other devices (but do you really need a smart toaster or security cam?) Be aware, though, that it could be very hard or impossible to detect previous compromises or new ones on any device that is unable to be checked for tampering (that is: almost everything except your Librem laptop…)
This is the way I’d do it.
Get a new ISP connection, additional to the infected one he’s got.
Make it an ethernet only home network so no wifi.
So there would be 2 separate networks, a clean one and dirty one.
Gradually add devices one at a time to the new clean network after ensuring the devices are clean, that is they are either new or factory resetted or properly reformatted and fresh install. If a device is not clean don’t add it.
And don’t add “smart” devices, home security camera’s such as “Ring” nor Google Nest nor Amazon Alexa home devices and all other similar products - all these devices are Globalist surveillance devices.
Optionally, not using Windoze or Apple OS’s is good. Using a super noob friendly Linux OS such as Mint he would probably find fun. Also optionally boycotting every thing Google “Don’t be evil” on the clean network.
For the dirty network that become a honeypot. Gradually, over time one can eliminate the devices connected to it.
This approach your good friendly neighbor friend doesn’t have to have any special skills. This is a no stress, no rush method. A great opportunity for him to learn new common sense skills and good habits with out doing lots of study or sweating on it.
Point him to Rob Braxman tech (aka the Internet Privacy Guy) if he wants to learn a bit about privacy and security the fun way, with out sweating on it.
By one at a time, at leisure, adding clean devices to the clean network. And one at a time, at leisure, removing contaminated devices from the dirty network, that is to say, the honeypot network - one might using this process - work out how the unfriendly neighbor jerk is hacking in. Possibly even setting a trap for the unfriendly jerk neighbor, aka a sting, that could lead to prosecution.
Or just leave the unfriendly jerk neighbor to wasting his time and energy breaking into the honeypot
Personally, I would, on the slimmed down honeypot network, throw up some hurdles for the unfriendly jerk neighbor to ‘crack’ lol
If the bad neighbor is exceedingly capable, he would have compromised your friend’s social networks and understand the social graph of how you relate to your friend and who you are, then visited this forum to review what advice you gave to your friend.
I wonder if it would also be wise to do something totally unexpected from the perspective of the bad neighbor, such as coming up with your own ideas different than the advice you find here, so that the bad neighbor doesn’t expect it. Not anything that would be a bad practice, but simply something unexpected.
Yes, I wondered that too. In that sense, this topic should probably have been “private”. However “that problem, that day”. First of all the OP’s colleague would have to be persuaded to follow the advice here, then execute it with total reliability.
