Has my pc been hacked.

[Janeleaper]

Hi. I have a slightly odd situation. I'd just like to know what people think I should do, if anything.

A few weeks ago, I found I could not access my gmail account. The password was not recognised. So, I answered the security question instead. I was puzzled because I'd certainly not changed the password, which was a strong one.

Then the same day, I went to log into my bank account, and got a message warning me that someone had tried to access the account from a computer other than my own. The person had got the password right, but not the security question that is asked if login is from an unauthorised computer.

So, I changed the password on my bank account too.

No fraudulent activity seems to have taken place. My friends haven't received emails asking for money or anything like that.

Today, I went to check my gmail, and found my password was not recognised again.

So, I've change the passwords on both my bank and gmail accounts for a second time, using strong passwords, and this time I've used Onboard, rather than the keyboard.

Is there anything else I should be doing?

[OpSecShellshock]

It's really hard to determine from the listed facts whether or not your computer specifically has been compromised in some way. Certainly it isn't necessary to compromise someone's computer in order to do the things that have been done with your accounts.

You can check in gmail to see when your account has been accessed from somewhere other than your own computer, I believe, although that won't tell you how. You can also go into the settings for gmail and check to see if any forwarding rules have been applied while this other person had access to the account.

My best guess: some site that you have signed up for using that gmail account has been breached, which led to your account name being exposed. If you use an easily guessed password, or used the same password for gmail that you used on the other site, then it would be easy to get into your mail account. If you also use that mail account to communicate with your bank, then anyone who can read old messages on that account would find out what your bank is and could possibly get your username on that site. Then they'd try using the same password as the mail account or would try to brute force it with a reasonably high possibility of getting in depending on the strength or uniqueness of the password. Or they could use the fact that they know both your email address and your bank to conduct a phish. Could be lots of things really.

Sorry this is happening. Hopefully we can help.

[Janeleaper]

Thanks for the reply.

My gmail password was strong and not used for any other site. My bank password was also strong and not used for any other site. Naturally, they have been replaced with equally strong and unique passwords.

It's that that puzzles me, really. The only way I can think that my password could have been revealed is by malware copying the keystrokes. I'd been advised to use an onscreen keyboard, but because I use Linux, I did not think it would be necessary.

[sidzen]

As a suggestion --

Download, burn to CD, and learn how to use puppy linux from LiveCD to acess bank account, especially. Dedicate your smallest USB stick to use with puppy to save your config files on it (encrypt them if you so desire) and take the stick out when done with puppy each time.

[Ms. Daisy]

Like OpSecShellshock said, it's hard to know how it happened based on what you said.

Don't forget to consider the simple stuff. Is it possible that perhaps you mixed up the passwords on the accounts? I've done that before, temporarily locking myself out of ubuntuforums when I was using a password for another site without realizing it. If it happens again, find a way to confirm that you're using the correct password on the correct site.

Do you use any kind of browser security (blocking scripts, blocking ads)? Do you have the browser remember passwords? The browser is a popular attack surface & there are things you can do to increase your security there. Take a look at the basic security wiki and see if you're doing those things already.

If you're concerned about malicious stuff already on your computer, you can look at the "Did I Just Get Owned" wiki to help you track down anything suspicious.

[mr-woof]

Do you use any other machines? Have you accessed the sites on any other machines?

[Janeleaper]

Thanks for the replies.

Yes, my browser remembers passwords.

I'll try out all the suggestions.

No, I did not forget a password or use the wrong one.

[Janeleaper]

Mr Woof. I do use other machines occasionally, but when the security breach occurred, I'd not used another machine for weeks. The message from my bank stated that another machine had tried to access my account, had the password, but did not get the security question right. The security question is asked only if access is from an unauthorised machine. All my machines (desktop and notebooks) are authorised.

Also, although my browser does memorise passwords, it does not do so for my bank account.

[OpSecShellshock]

A period of weeks between the interception of credentials and their attempted use by others is not unusual. Usually one party will distribute malware, one will maintain the infrastructure for intercepted credentials to be delivered and stored, and will sell or give them to yet another party for actual use. It could honestly have been any of the computers that you had used in the three or four months prior to the unauthorized access attempts.

[0011235813]

I recommend you install KeePass2 or the Lastpass add-on to generate very secure passwords that only require you to remember the master password to use (try: iN$@nec0de$0feternity) .

As for the keylogger idea, I would follow the requested ufw configuration wikis and block outgoing ports except http,https,smtp etc.
Checking your logs would be a good idea too. And the DidIJustGetOwned wiki + all the stickies in this category.