Can someone use my RDP for hacking?

Senso · Sep 20, 2016

So I had a computer at home with Remote Desktop on, I usually download stuff all the time, so it's powered even at night. One day I noticed that someone created a new account so I immediately disabled RDP, and deleted the account. I don't know what they used it for, or how much time, but here comes the important part:

Today I got a letter that I'm summoned to court as a witness, and after I made a call that what is it about they said because "internet fraud". I was pretty shocked and still, and angry, because I never had anything to do with these kind of stuff. I can see two possibilities:

1: A family member did something, which I find unbelievable, I can't imagine them doing such thing.
2: My rdp was used to access the third person's stuff on the internet.

I'm not a big expert, so I don't know if the second one is doable, if they use my rdp for fraudelant business/hacking will it be my IP address which gets caught?

Hellfire13 · Sep 20, 2016

first things first...go to a nearest police station...lodge a complaint explaining everything...@@@plausible deniability...

next...contact ur isp...get a copy of ur ip browsing history...

next...match that copy with the accusation date and time...see if u find anything consistent...specifically look for ip adresses and domain names...

post back here...

also...just offtopic...are u aware about tor network and do u host a exit node by any chance???

USAFRet · Sep 20, 2016

1. What country is this?
2. Do you access the PC via RDP from outside your LAN?

If you have the relevant ports open, and you access the system from outside, and you have a weak password, and there is a new user account that you did not create...then it is possible that it was someone else.
Either a family member, friend of a family member, or someone from outside.

It could have been something you 'downloaded', giving access to whomever.

Senso · Sep 20, 2016

Hellfire13 :

First, thank you for your suggestions

Yes I know what Tor is, but I don't use it, It was on my system a long time ago for couple of days, but I don't host exit node

Hellfire13 · Sep 20, 2016

couple of other queries...
how did u realise that a new account has been created???
do u or any of ur family member use torrents/tor network???
which country are u in???
how long u been using this rdp???
what security features do u use during this rdp???

Senso · Sep 20, 2016

USAFRet :

1: I'm from Europe, Hungary.
2: Yes

I see, then it's possible, it wasn't a family member! At least it gives a little hope. Thanks

Hellfire13 · Sep 20, 2016

did u get any intimation about wat kind of fraud they framed u in???

Senso · Sep 20, 2016

Hellfire13 :

I have a guest account and my main one, and there was another one I did not create, the main is pw protected
Yeah, we all use torrents, but not tor network
im from hungary
I think it was couple of months I used it, not all the time, I do turn off my pc sometimes.
And it's only password protected.

"did u get any intimation about wat kind of fraud they framed u in???": nope, they only said it's internet fraud, and if I don't know anything I don't need to say anything. They also asked If i know someone named "Csaba" but there is no one named "Csaba" in my family. I'm summoned on the 27th. I guess I will find out everything

Hellfire13 · Sep 20, 2016

Csaba

anyone in ur social network...chat frnzz...other communities resembling that???
any suspicious files u/family members opened in ur/their torrent downloads???
do u access torrent through rdp, also...which pc do u connect to or connects to u???

USAFRet · Sep 20, 2016

I would suspect it was something from inside, from one of your torrents.

Senso · Sep 20, 2016

Hellfire13 :

Nah, I don't know any Csaba, neither the others.
Sometimes my antivirus do flag files for infected, but I usually quarantine them, It's the same for the members of the family too.
Yeah I think, what do you mean by "which pc do u connect to or connects to u" if you mean in rdp ,we used it with a friend, he was able to connect to mine, over the internet.

mbarnes86 · Sep 20, 2016

Hi

I am surprised that if the law enforcement authorities in your country suspect comuter crime involving your pc they have not seized your pc for forensic examination

Do you have a wireless network?
Does it have a strong password ?

It would be difficult to determine if your pc or your wireless network was hacked

Or is the summons from a civil court ?

Regards
Mike Barnes

Hellfire13 · Sep 20, 2016

may be offtopic...

did u at any time use any other port other than 3389 for rdp???
did u ever test with telnet and did it ever not terminate telnet automatically, after such tests???
do u use any security service to monitor 3389???
if you go to Windows Firewall with Advanced Security and select Inbound Rules, do you see three rules starign with Remote Desktop? Are the rules disabled and can you simply enable them from the right-click menu?

USAFRet · Sep 20, 2016

I still think this was a connection initiated from your PC, rather than from outside.
Something you torrented came with an additional payload.

"Sometimes my antivirus do flag files for infected, but I usually quarantine them, It's the same for the members of the family too."

Search

Can someone use my RDP for hacking?

Senso

Reputable

USAFRet

Hellfire13

Titan

USAFRet

Titan

Senso

Reputable

Hellfire13

Titan

Senso

Reputable

Hellfire13

Titan

Senso

Reputable

Hellfire13

Titan

USAFRet

Titan

Senso

Reputable

mbarnes86

Splendid

Hellfire13

Titan

USAFRet

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page