Posted on Thu 16 April 2020 in Random

Earlier this week after I woke up, I saw that my computer was on. At first I thought it was playing a video but didn't understand why it would be. Anyway, after a purchase was made on Amazon to the tune of $500 I noticed it was logged in to my Amazon account. I immediately grabbed the mouse and prevented another purchase from happening. The user on the other end realized I was there and quit almost immediately. While the hacker was quitting I noticed they were using "AnyDesk" which I never installed on my computer. AnyDesk is a remote control software application commonly used by others to control PCs. I ran some virus scanners (Windows Defender, Avast, and MalwareBytes), but none of them picked anything up. These were also active at the time this took place, so all three of these completely failed me. Never again will I recommend them to anyone.

Since AnyDesk was installed remotely without my knowledge or consent, this means the hacker had access to my machine to install this stuff. How they got in, I have no idea. Maybe it was a random PDF file I downloaded months ago, or maybe it was after my son ran an exe on his own (separate) computer after visiting a pirating site last week. Or perhaps it was something else. The point is, I will never know for sure.

After this happened, I ran the "reset my PC" feature on all of my Windows 10 machines and manually re-installed everything I use. I also installed BitDefender which claims it is constantly monitoring for threats, but I truly have no idea. I have lost all faith virus and malware scanners.

Moving forward, I am planning on building my own firewall using pfSense so I can monitor all network traffic coming in and going out. Even if I am not watching it 24/7, I can at least see reports to determine if anyone has made it inside of my network. At that point I can take steps to lock them out. This is the theory anyway.

I have also moved all sensitive data onto a USB drive that is only physically attached when I need it and my machines are now configured to use / for their DNS.

I hope this is enough to keep me and my family safe from hackers, but I won't truly know until I have that firewall. I shudder to think what would have happened had I not caught the hacker red-handed. I likely would not have known my computer was compromised, then who knows what they could have done over the following days or weeks (or even months).