How-to: Help! My IP address has been hacked!

Tool - Hacksaw - Evan Amos, Public Domain That was a genuine call for help recently, a friend-of-a-friend thing where I happened to be the closest thing to an IT expert they knew.

Rather than contemptuously asking "what do you mean your IP address has been hacked" my first question was - what are the symptoms, how do they know they've been 'hacked'? This covers a multitude of sins, very few of which have to do with a discoverable fixed IP address.

And at risk of boring everybody with another Security-101, I'm going to outline my first thoughts.

It's not an IP address hack. It will be down to basic software security.

Having a static IP has nothing to do with getting hacked. Running a vulnerable machine or network does.

Lot's of people have static IP addresses - set with old broadband accounts, or they asked for one to run a website from home. New broadband accounts from the ISP's nearly all use dynamically allocated IP addresses which seldom stay fixed for more than a few days at a time.

I periodically re-start my router in order to reboot the connect and get a new IP address from the network provider.That doesn't stop enterprising script-kiddies probing the ISP's network for active IP addresses and looking for vulnerable machines.

If your machine comes up with an IP address that doesn't start with 10., 172.16-32, or 192.168, and you're not running a business network, then that's a non-standard IP address for home use, I'd suspect foul play, like it’s being re-directed through a proxy.

Every home router should be secured - time was the Wi-Fi would be 'open' by default and you would have to set-it up to use encryption and a password. Check that it is encrypted - the WiFi icon will have a padlock or a sheild over it. If not, that needs turning on. An 'open' wi-fi network is like leaving all your doors and windows open in the house.

Even then, check the encryption properties. Older routers  were often setup to use a form of encryption called WEP which is notoriously easy to  crack. These days you want WPA-PSK encryption which is currently hack-proof 9the joys of 128-bit AES encryption, if you want to know).

If the machine is definitely infected with malware, rootkits or ransomeware, unplug it from the Internet - remove the ethernet cable or turn off the Wi-Fi.

You need a removal tool such as Kaspersky Rescue Disk (free download - but use a different, unaffected machine to get it) to do a sweep and destroy of any malware on the infected machine.

In the physical world, plenty of people know where I live. That doesn't mean it's easy for them to get into my house. Continuing the house analogy, you think an intruder got into your house and now you're worried he might be able to get back in because you haven't moved your house. The proper response is to install locks, fences and a burglar alarm. 

In computer terms,
  • make sure you're behind some kind of reasonable firewall (most home routers qualify as basic protection)
  • enable Windows firewall in the Action Center, or get a third party firewall (Zone Alarm is still free but basic).
  • immediately run windows update until it won't give you any more updates
  • instal and run a decent anti-virus/ anti-malware program - good free ones include Avast, Avira, Clam-AV, or at a pinch, AVG-Free. These also need to be kept up-to-date with virus definitions. Norton Security/MacAfee are expensive options and no better than the free optons, for the most part. You can get paid-for Security Suites as a one-stop shop if that suits better.
  • Do NOT rely on Microsoft Security Essentials, I've had hackers punch straight through un-detected TWICE in 6 months on friends machines, I dumped it on mine some time ago.
So that's the advice I sent back up the line to the alleged victim. I'm waiting to see the diagnosis of the actual fault. You never know, maybe somebody did hack their IP address. Maybe not... RC

Image credit: Junior Hacksaw by Evan Amos, Public Domain