Repeatedly having my Windows 10 Account Passwords Hacked.


Joined
May 23, 2016
Messages
53
Reaction score
0
Wondering if anyone here knows high-security ways to secure the Windows SAM (Security Accounts Manager) file from being hacked via remote network access or physical access to an unattended machine.

Have already informed the police (though they don't do anything) that a neighbour or local burglar enters the property when I'm out and copies written passwords. They may also install malware on the computer or perhaps all hacking is done remotely via installed malware.

Regardless, the local area constantly give me the impression that my computer activity is closely watched.

Can anyone answer the questions in the first paragraph or give me advice on how to maximise security and the privacy of my computer and its usage?
 

Bif

Joined
Oct 17, 2015
Messages
1,164
Reaction score
440
The only thing I can say is to use a ridiculously strong password using hexadecimal,upper and lower case letters.
And DON'T LEAVE PASSWORDS WRITTEN DOWN IN PLAIN SIGHT..
Just an FYI, ALL of your computer activity is always being closely watched regardless of compromised passwords.
 
Last edited:
Ad

Advertisements

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
12,235
Reaction score
1,964
AND...... You should probably consider wiping it completely if you're convinced that it is compromised.
You can create the best password in the world, but if you have a keylogger watching you, it's a waste of time and effort.
Get the installation media, wipe the machine as in low level format, disconnect it from any network, perform a clean custom install, change all your usernames and passwords everywhere, even if it means creating new accounts from scratch.
 
Joined
May 23, 2016
Messages
53
Reaction score
0
I appreciate the above advice and have very recently fully reinstalled the OS. I'm beginning to think it's a neighbour since the passwords are guessed so quickly.

If it is then this surely counts as harassment as well as a slew of other crimes. I just wish they'd leave me alone.

Anyway, if anyone can think of more inventive ways to identify the hacker or intruder or evidence of their efforts, or very inventive ways of securing the computer in order to discourage them it would be very helpful.
 
Joined
May 6, 2015
Messages
2,399
Reaction score
372
Reinstall the machine with Linux. Don't write down passwords. Don't use WiFi.
 
Joined
May 6, 2015
Messages
2,399
Reaction score
372
A simple question. Do you have remote access turned on? Have you ever turned it on?


Another one. Do you see anything in startup ( use Task manager) that you are not sure about? And do you see any services that look suspicious?

And yet another. Any accounts on the machine that you didn't put there?
 
  • Like
Reactions: Bif
Joined
May 23, 2016
Messages
53
Reaction score
0
A simple question. Do you have remote access turned on? Have you ever turned it on?


Another one. Do you see anything in startup ( use Task manager) that you are not sure about? And do you see any services that look suspicious?

And yet another. Any accounts on the machine that you didn't put there?
I'm probably confused, but under Settings > Accounts I am the only account on the machine.

There are, of course, multiple Auditing accounts (Administrator, Administrators, System, etc.) though my understanding is these are all automatically managed from the computer.

I once had the Remote Desktop service active to allow Microsoft tech support to troubleshoot the machine. It is now disabled.

I once also thought I saw it listed as 'Running' under Services.msc despite the fact its Status was set to 'Disabled'. I may have been tired and misread what was there but if you're familiar with any malware that shows that exact symptom that might help me clean the machine and identify the infection vector.
 
Joined
Feb 18, 2016
Messages
2,826
Reaction score
622
Is your modem WEP - WPA secured? I would be turning off my SID broadcast name, changing the access password and also PC password.
 
Joined
May 23, 2016
Messages
53
Reaction score
0
I've tried all of the above suggestions at one time or another but so far no solution has resulted in the desired effect.

I can only assume that my internet use is being actively monitored by an individual or group of individuals (rather than by an automated system designed to prevent crime or security breaches).

If anyone has some expert knowledge as to how to identify hacking attempts on the local hardware and how to obfuscate internet use across the ISP and wider internet - that would be ideal.
 

Bif

Joined
Oct 17, 2015
Messages
1,164
Reaction score
440
Just contact you IPS and let them know of your concern.. they should be able to make suggestions as what to do..
 

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
12,235
Reaction score
1,964
I've tried all of the above suggestions at one time or another but so far no solution has resulted in the desired effect.
And despite all that .... you're still being targeted and harrassed?

Do you have any idea what has made you so popular with this person or persons?
What is on your computer that someone needs so badly?
Have you lost any critical data, passwords, credit card numbers, bank account numbers, something that you can provide to the police as evidence of a crime?
Anything left on your computer as possible evidence of cyber-stalking, or cyber-bullying?
Do you have any suspicions or suspects (friend, family member, neighbor, stranger)?

There are professionals who specialize in forensic examinations who may be able to assist you or possibly even a local, trusted, tech shop that might be able to suggest a combination of physical firewall products coupled with software to protect yourself against this type of harassment.
 
Joined
May 23, 2016
Messages
53
Reaction score
0
I tried setting up an IPS on my last clean install of this OS
Just contact you IPS and let them know of your concern.. they should be able to make suggestions as what to do..
I tried configuring an IDS on my last clean install of this OS but I probably didn't follow the instructions correctly. Furthermore it was a poorly designed IDS and only detected intrusions - it did not prevent them.

Mainstream, paid-for Antivirus software seems to send so much data back to the central server network of the vendor as to constitute a form of spying in and of itself.

Has anyone successfully maintained the absolute privacy of the contents of their computer and total privacy of their internet usage?

I'm trying to do work on my computer but am constantly publicised to various data-collection agencies / companies who, when I fail to purchase their products, proceed to further publicise exactly the work which could result in me getting paid enough to even consider their merchandise.

I'm trying to maintain the privacy of my work and influences long enough to allow me to develop a unique product, rather than one that is clearly the result of a series 'rip-offs' of other people's work.
 
Last edited:

Bif

Joined
Oct 17, 2015
Messages
1,164
Reaction score
440
I meant to say ISP.. they may have a handle on it.
I'm at a loss as why you are being targeted.
 
Joined
May 23, 2016
Messages
53
Reaction score
0
I meant to say ISP.. they may have a handle on it.
I'm at a loss as why you are being targeted.
I don't know either.

This is usually described as 'third party influence' in my diction. Someone who assumes you want something without being able to cater to their own wants and needs. Third parties usually become extremely reactionary when their services are declined, which is why I'm nervous as to the results of my requests for internet privacy.

I can only hope that most people on this forum realise that when content / data is uploaded to an internet server and when that server receives a request for such data, there really is absolutely no need for any human being whatsoever to be aware that such an exchange of information occurred between client and server.

The only event such record is even needed is if activity occurred that directly 'red flags' specific contents of a server's activity log and even then only that data exchange requires inspection.

I'm presently in a situation where most of my activity is observed. If I have performed any behaviour that contravenes such 'laws' of the internet then I would expect a warning or request for change of behaviour from a neutral party, be they 'third' or otherwise.
 
Joined
May 6, 2015
Messages
2,399
Reaction score
372
What make and model is your router. Is your ISP connection automatic with DHCP? Did you ever log on to your routers admin page and change its password?

Routers can be hacked but it is unlikely but I think that the routing tables could succumb to a man-in-the-middle attack where all your traffic is being intercepted...unlikely but not impossible.
 
  • Like
Reactions: Bif

Bif

Joined
Oct 17, 2015
Messages
1,164
Reaction score
440
As well, did you use the default router password when setting things up or did you change it?
It's scary as hell how many folks just use the default password..this could very well be the problem.
 
Joined
May 23, 2016
Messages
53
Reaction score
0
Indeed. A mobile phone set to 'sniff' a router's broadcast frequency will pick apart any broadcast encryption in a matter of hours if not faster.

Changing the password becomes more of an inconvenience for the user than the individual automating such a task. However, such an automated task should fall under the crime I define as 'hacking' though which I'm sure security experts have a more technical term.

Regardless, Wi-Fi is the least secure of all data distribution methodologies of which I'm personally aware.

You would continue to assume that such activity remains criminal, however, and further reduces the productivity of someone attempting to work to develop a saleable product. If this is contrary to a more corporate mentality of how to go about developing products, it wouldn't be beyond the corporations budget to effectively 'ignore' an individual that isn't on their payroll and which has respectfully and politely declined such 'services' on numerous occasions.
 

Bif

Joined
Oct 17, 2015
Messages
1,164
Reaction score
440
I'm not sure what you're objective is anymore.. legal action?.. advice on legal action?..?
Not certain if the info you are looking for is here..
 
Joined
May 23, 2016
Messages
53
Reaction score
0
I can't really disagree with you Bif.

I suppose I'm looking for a very in-depth, technical forum as far as Windows is concerned.

The advice provided above is useful but unfortunately mostly the kind of information of which I'm already aware.

If anyone has more technical, in-depth knowledge of ways to protect against the slew of freely available, well-publicised tools to hack a computer, could they please PM me.

Much appreciated for all your assistance.
 
Ad

Advertisements

Joined
Oct 26, 2016
Messages
1,515
Reaction score
409
Wondering if anyone here knows high-security ways to secure the Windows SAM (Security Accounts Manager) file from being hacked via remote network access or physical access to an unattended machine.
turn off remote access in the first place and do not let anyone remotely access your computer, not even "Microsoft".
second: don't you lock your doors when you are out? an Alarm system and/or surveillance system may help to indentify unwanted persons...
how did you know you have been hacked??
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top