I have a home network with one desktop now running XP, but which ran Windows 98SE (Target) until four weeks ago, and another desktop now running Windows XP. Both the computers are connected to a D-Link wireless router which is then connected to a DSL/broadband modem. Neither of the desktops have a wireless card. Only the laptop does.

I purchase a D-Link Wireless router about three years ago and installed it. In a rush to get the installation done, I installed it and inadvertently left the Wireless option in the enabled state because I thought that one only needed to disable the SSID broadcast.

Since I used Windows 98SE, I could see the cupped hand under the C: folder.
About three months ago, I started to back up my files (including sensitive data) on an external high-capacity USB portable Hard Drive with the power to the DSL modem disconnected with the intent of taking a backup before upgrading to Windows XP.

Sometimes, the external hard drive would complain that it could not be disconnected even when I clicked on the USB icon/connection tray followed by clicking on Stop. Most of the time, though, it would stop the device, in this case, the external Hard Drive. Although I was the only one using the drive and had closed all the Windows Explorer sessions, I could not explain the behavior.

Note that I had not realized that one needed to disable the wireless option entirely and not just the SSID broadcast. I know better now.

Anyway, I upgraded from Windows 98SE to Windows XP and on some occasions the exact same problem started cropping up while I attempted to stop the USB external Hard Drive even when there was nobody using it and power to the Internet connection had been stopped. Unbeknownst to me, after the upgrade, I had left everything on in the default state as far as the wireless option was concerned. So, even though I had disconnected the Internet cable, the wireless modem was still on with all its defaults, including the default admin password.

I used the perform the backup in less than 15-20 minutes at a time, usually on the weekends.

I noticed the error message about not being able to stop the USB device cropping up, checked the Internet for wireless settings and realized that my system must have been compromised.

I then disabled the wireless feature and the SSID broadcast. Also, since the Internet connection via the DSL modem was always diasbled, I suspect that the system was compromised via the wireless option.

I want to add that the Windows PC to which the external Hard Drive was hooked has a REALTEK card (and I read that in certain cases it fails when it comes to file sharing) and I could not access the files on the desktop used in conjunction with the USD Hard Drive, the one on which the backups were made. Also, I have logged onto my laptop and found that I could not access the files on the Windows PC (Target) even though I was on the same network.


Now, given all this information, do you think my PC was compromised or I am still dreaming?

Thanks,

Dreaming.

Thanks for the response. I am still concerned, though. Let me know what you think.

The points I wanted to drive home were:

1. The wirelss router to which the desktop was connnected was on.

1. Although the DSL modem had its power turned off, meaning there was no way an intruder could come in over the Internet, at least that's what I think, the wireless segment was on with all the defaults (admin password in default mode, default SSID broadcasting, etc.). Hence, the LAN and WLAN were, both, on, with the (hacked target) desktop connected to the router.

2. Given this information, could someone have come in over the wireless network and hacked into my desktop which had the USB drive (with the sensitive information on it) connected to it?

3. The reason I think this happened is because many times when I tried to stop the USB device, the system (desktop) would complain that the USB device could not be stopped, even though I was not using the USB drive in any way and no Windows explorer sessions were open. Yet, funnily enough, after a while, I was able to stop the USB device and unplug it.

4. Also, the Windows File and Print Sharing were still on.

5. Is it normal for the USB External Hard Drive to complain that it cannot be stopped when nobody I know of was accessing any file on it or using Windows Explorer?

Please let me know. I am very concerned because I think that even though the Internet connection was off, an intruder could have come in through the wireless connection.

What's on the drive? What is on it in which it would attract someone to continually connect to it? Interesting pictures, music???

Consider the human factor aspects too. "One man's junk is another man's treasures." It goes the other way too.

Even if it was exposed and someone did take a peek, what could be bring them back?

Do you have any other applications or instances in which the USB drive's letter was active (i.e. DOS/Command Prompt)?

The drive contains sensitive information like financial information, banking information, tax returns, information which could enable someone to empty my bank accounts, photos of important documents, passwords for several sites, etc.

Something which I would never divulge to anyone.

No, I had nothing like the DOS command prompt open. Hence, the concern that my system may have been compromised. This is one of those things that drives one nuts because of the associated paranoia.

How much time has lapsed since your discovery versus your corrective actions?

There is No way to know unless you can find an extra MAC number in the DHCP Server that does not belong to you.

There can be other things beside explorer that access Hard Drive (Scheduled Indexing Defragging, etc.).

In any case it is Water Under the Bridge.

Link to: Wireless - Basic Configuration. (http://www.ezlan.net/Wireless_Config.html)

Link to: Wireless Security. (http://www.ezlan.net/Wireless_Security.html)

Link to: Network Segregation - Adding security to Wireless Network (or to any peer to peer Network). (http://www.ezlan.net/shield.html)

:cool:

I doubt you were compromised.

Turning off SSID broadcast in fact does conceal your wireless network from most people although a serious hacker can easily discover it. Serious hackers rarely take any interest in a home network.

Devices that refuse to disconnect is not uncommon.

Some tips for the future:
- Never share the whole of the C drive.
- Never store passwords.
- Use widows encryption on a financial folder.