Home > Vendors >

CPA Network Accounts Hacked! How To Solve The Problem? (23)

06-14-2011 08:51 PM #1 LiveRich503 (Member)
CPA Network Accounts Hacked! How To Solve The Problem?

Sup Everyone,

I'm super frustrated for whatever reason it appears that my cpa network accounts are being accessed and the login details for the email and password are being changed, resulting in my original email for the account not even being on file.

Why would anyone want to change it? Could this be a Human or a Bot?

I have been trouble shooting the situation and it appears that only my CPA accounts are being messed with, none of my emails or any other accounts online are...no Facebook,Forums, Ad Networks Etc...

I am running on a MAC and have Antivirus running, nothing is being detected.

I've changed all passwords for all accounts..

But still appears that 'whoever' is accessing it is changing my log in details for the second time after a few days or normal access.

Has anyone experienced this problem? I've once again changed all Passwords and Emails..

Yet still feel unsure if this is going to resolve the problem.

LET ME KNOW WHATSUP!! ANY ADVICE WILL BE APPRECIATED! THANKS!

06-14-2011 09:02 PM #2 yale47 (Member)

What did the networks say to you after you contacted them? Usually they can see what IPs are logging into the account, so at least you can find out what country and general region they're in (unless they're using proxies).

As for your computer:

I'm writing this with the assumption that you're using your home internet connection (wired or passworded wifi) and not connecting to an open wifi hotspot to do your work. If you're on a passworded wifi, hopefully you are using WPA/WPA2 encryption and not WEP, which can be cracked in minutes.

If multiple CPA networks are affected, it definitely sounds like you have some kind of keystroke logger installed. Usually if a machine is compromised like that, I would format it and reinstall everything from scratch. Once the machine has been rooted, I wouldn't trust it even after running malware removal programs. Anti-virus programs don't pick up 100% of viruses because they're built to detect signatures of mainstream viruses. So if you want to be safe, backup your data, wipe the machine with the OS install disc, and start over.

Edit:
I find it very strange that ONLY your CPA network accounts have been affected and not anything else. May because they logged into all your accounts and saw that these accounts involved money. Do you do any online banking? If you use Gmail, have you noticed any strange IPs logging in? There's a link at the bottom after you sign in to show you previous login IPs.

06-14-2011 09:05 PM #3 hippo (Member)

Attacker probably came into your cpa account with "Forgot your password?" option. Have you got weak security question, with that I think if the answer could be tracked with google or facebook or any other source?
The second option he could come into your account is keylogger, don't rely on antivirus if you are under attack. Antivirus program maybe can detect known harmful software but it's not so hard to code custom harmful software, undetected by antivirus program.

I recommend you to log in to your e-mail acc, check for security question and change it. And make answer unlogical. Let me say: Don't put a question where did I born? and then answer your real location where did you born. It's so easy with all social networks and other platforms to track many informations about people.

I hope you will solve that asap.

06-14-2011 09:13 PM #4 yale47 (Member)

Quote Originally Posted by hippo View Post
Attacker probably came into your cpa account with "Forgot your password?" option. Have you got weak security question, with that I think if the answer could be tracked with google or facebook or any other source?
The second option he could come into your account is keylogger, don't rely on antivirus if you are under attack. Antivirus program maybe can detect known harmful software but it's not so hard to code custom harmful software, undetected by antivirus program.

I recommend you to log in to your e-mail acc, check for security question and change it. And make answer unlogical. Let me say: Don't put a question where did I born? and then answer your real location where did you born. It's so easy with all social networks and other platforms to track many informations about people.

I hope you will solve that asap.
There's at least some security through obscurity there since most people wouldn't know that there is a CPA account tied with his particular e-mail address. Also most password resets are simply ones where you type in your e-mail and it sends you a reset link. But you are right, it is good practice to put obscure security questions. Usually I put the answer in a language other than English.

06-14-2011 09:18 PM #5 LiveRich503 (Member)

Yes I am working from home with a secured connection, no free wifi spot.. This is the first time in over 4 years anything like this has happened. My AM's told me they don't have access to banking information through the account so I'm not sure what they would want to access it.

All of my other accounts have online have not been compromised.....as of yet.

I do online banking, I do have gmail activated on my iphone could they be accessing it through that device perhaps?

Even after all my PW's are changed should this stop them?

Wouldn't I see a keylogger in my Activity monitor on my MAC? Or is this very hidden?

My email login's have all been changed to the same email address so it must be the same person....Man super frustrated...is wiping the computer the final resort?? Thanks for you input man.

06-14-2011 09:25 PM #6 yale47 (Member)

Quote Originally Posted by LiveRich503 View Post
I do online banking, I do have gmail activated on my iphone could they be accessing it through that device perhaps?

Even after all my PW's are changed should this stop them?

Wouldn't I see a keylogger in my Activity monitor on my MAC? Or is this very hidden?

My email login's have all been changed to the same email address so it must be the same person....Man super frustrated...is wiping the computer the final resort?? Thanks for you input man.
Gmail through iPhone
Doubtful since Gmail's IMAP/SMTP uses a secure connection.

Will changing your passwords stop them?
If your computer is indeed compromised and they're not bored of toying with your accounts, then it will not stop them. They will simply log whatever you type.

Will you see keylogger process in Activity Monitor
I don't come from the Mac world, but it is essentially BSD in the background. Viruses can do things like replace commands like "ps" to hide themselves from process lists. It's happened to me before on Linux boxes... so I wouldn't really trust the output of the Activity Monitor.

Is wiping out the computer the final resort
Generally I'm paranoid to the point where I would wipe everything out and start over immediately. And if I were compromised to the point that you have been, I definitely would do it. I have all my data on a separate partition as the OS, so it's easy to nuke it and get going again.

06-14-2011 09:38 PM #7 LiveRich503 (Member)

Dammit..Thanks man for you input...

Man anyone reading this I suggest you do a double check to make sure things are secure with your passwords etc....

If i go back to a previous time or backup with time machine will it save the keylogger if that is the issue, I don't want to restore it with it installed..?? Man just so much crap on this computer I'd hate to nuke and restart again.

Is there anything to find out if i even have a keylogger on my system??

06-14-2011 09:48 PM #8 yale47 (Member)

Quote Originally Posted by LiveRich503 View Post
Dammit..Thanks man for you input...

Man anyone reading this I suggest you do a double check to make sure things are secure with your passwords etc....

If i go back to a previous time or backup with time machine will it save the keylogger if that is the issue, I don't want to restore it with it installed..?? Man just so much crap on this computer I'd hate to nuke and restart again.

Is there anything to find out if i even have a keylogger on my system??
I don't actually know how OS X accomplishes backups via Time Machine. If it's imaging the whole disk and then writing out incremental changes each backup, then theoretically you could restore it to a state before infection. If it's just backing up certain files and not all the critical systems files, then it would stand a less chance of succeeding. Perhaps someone with more OS X experience can chime in?

The main problem is that you don't know what date the compromise occurred, so you wouldn't necessarily know how far back to go. Your data (docs, pdfs, etc) should all be fine, though.

As for detection, I've used command-line tools like chkrootkit and rkhunter on Linux. These take a bit of geekiness to install/use, and I don't know if it would work on OS X.

06-14-2011 10:01 PM #9 LiveRich503 (Member)

Thank you man... seems like there's not much I can do but change passwords, erase computer, and keep things secure. Don't know how they slipped in but man it is frustrating as hell.. hope no one else has to deal with these issues, its taken a toll on my marketing the past few weeks literally..

06-14-2011 10:07 PM #10 yale47 (Member)

Quote Originally Posted by LiveRich503 View Post
Thank you man... seems like there's not much I can do but change passwords, erase computer, and keep things secure. Don't know how they slipped in but man it is frustrating as hell.. hope no one else has to deal with these issues, its taken a toll on my marketing the past few weeks literally..
You're welcome With the whole world shifting online these types of things will happen more and more since there is so much financial incentive. Best of luck!

06-14-2011 11:58 PM #11 dantheman (Member)

Quote Originally Posted by LiveRich503 View Post
Thank you man... seems like there's not much I can do but change passwords, erase computer, and keep things secure. Don't know how they slipped in but man it is frustrating as hell.. hope no one else has to deal with these issues, its taken a toll on my marketing the past few weeks literally..
I had something like this happen to me last year in the summer. I was blind and stupid enough to download this program from this guy I knew. He stole all my fb pages and hacked all my accounts. It was heart-breaking, literally. Tens of thousands could've been made. Although that did happen, I'm glad it did because it caused me to have a whole different perspective and I've learned from my mistakes so now I shouldn't be doing this later in life.

06-15-2011 12:15 AM #12 yale47 (Member)

Quote Originally Posted by dantheman View Post
I had something like this happen to me last year in the summer. I was blind and stupid enough to download this program from this guy I knew. He stole all my fb pages and hacked all my accounts. It was heart-breaking, literally. Tens of thousands could've been made. Although that did happen, I'm glad it did because it caused me to have a whole different perspective and I've learned from my mistakes so now I shouldn't be doing this later in life.
Hey Dan, I know how that feels since I've been screwed over by business partners in the past also. But I hope something like that doesn't permanently alter your perspective as to never trust anyone again. There are many trustworthy, genuine people out there. Trust is earned of course, and I've met some great people since my incident that I now trust a great deal. Working together, we've accomplished many things I couldn't have by myself

06-15-2011 12:21 AM #13 dantheman (Member)

Quote Originally Posted by yale47 View Post
Hey Dan, I know how that feels since I've been screwed over by business partners in the past also. But I hope something like that doesn't permanently alter your perspective as to never trust anyone again. There are many trustworthy, genuine people out there. Trust is earned of course, and I've met some great people since my incident that I now trust a great deal. Working together, we've accomplished many things I couldn't have by myself
It actually sucks to be screwed over. It didn't just change my perspective on people but because I was hacked and didn't have as much money, I stumbled onto affiliate marketing and have learned a lot and try to view things differently. I know there are a lot of trustworthy, genuine people but when it comes to money, it's like they're a totally different person. I'm just being more aware now and cautious than before. 2 minds are better than 1. That's definitely a proven fact (I think ) Working with other people causes you to brainstorm and then eventually someone has a great idea or plan.

06-15-2011 12:26 AM #14 yale47 (Member)

Quote Originally Posted by dantheman View Post
It actually sucks to be screwed over. It didn't just change my perspective on people but because I was hacked and didn't have as much money, I stumbled onto affiliate marketing and have learned a lot and try to view things differently. I know there are a lot of trustworthy, genuine people but when it comes to money, it's like they're a totally different person. I'm just being more aware now and cautious than before. 2 minds are better than 1. That's definitely a proven fact (I think ) Working with other people causes you to brainstorm and then eventually someone has a great idea or plan.
Money definitely changes people. I've had someone flip around and offer to testify me against me in court because it served their interests. My current business partners actually offer to let me audit their books and files (but I don't.. I trust them)

06-15-2011 12:29 AM #15 dantheman (Member)

Quote Originally Posted by yale47 View Post
Money definitely changes people. I've had someone flip around and offer to testify me against me in court because it served their interests. My current business partners actually offer to let me audit their books and files (but I don't.. I trust them)
True that. I can usually tell when someone is greedy and/or aren't trustful by their actions and what they say. You found some good partners Although you never know, one day they might slip some stuff and you'll never know.

06-15-2011 03:36 PM #16 nickkk (Member)

The fact that your passwords are being changed every few days most likely means its an automated process thats hitting your accounts. Some of these networks are EXTREMELY vulnerable once your on the inside (ie: once you have an account with them). Linktrust and Hitpath, for example, have lots of XSS vulnerabilities on their report pages --- if you are logged into a network that runs on them and I can get you to visit a page of my choosing, I can grab your cookies without you knowing and browse the network as you (and in turn, change your passwords, emails, etc). Getting you to visit a page that triggers this is really easy too - ppv over a networks login page, add an iframe to a forum sig, etc. These types of 'hacks' are really hard to prevent and unfortunately are not very well known in our industry.

06-15-2011 07:56 PM #17 LiveRich503 (Member)

Man I'm thinking it must be something on the network side of things, cause only my cpa accounts seem to be getting messed with....well as of so far....sigh....

But its definitely human cause one of my AM's was contacted and asked to change my email on file.

I don't see what the benefit could be of messing with my accounts....but man this SURE is frustrating as hell!! Can't get any work done! Someone Help!

06-15-2011 08:22 PM #18 joshtodd ()

You need to contact all of your networks and tell your Affiliate Managers what is going on. Change the email address on file with them and the password, and do it from a different computer. Tell them to disable password changes on your account through Forgotten Password if that is possible with their tracking system. Next go ahead and wipe your computer like they were saying. Finally, make sure that you aren't using the same password for every network. Make each one unique and use capital, lowercase, numbers, and special characters (if allowed). You can use something like LastPass to keep track of all the passwords.

It almost sounds like it is somebody that you know personally... Could that be a possibility?

06-15-2011 08:49 PM #19 LiveRich503 (Member)

Yeah it definitely isn't someone I know personally... One of my AM's told me my account information was changed and most likely is was from someone overseas perhaps trying to change my payment to Paypal, that way they can run fake leads make some cash and run off....Said there has been a few incidents of this happening in the past.

Completely is a production killer as I been juggling all this crap.

Phoned my AM's told them to change the password over the phone for me, I'm not going to log in for a moment and then see if changes still occur...
Talk about a bunch of HACKER B.S.!

Welcome to the world of CPA Fraud...

06-15-2011 09:16 PM #20 klax (Member)

are these CPA networks running the same tracking platform? Who knows probably someone from inside. It also sounds more someone who knows you. At this point, you should take no risks, backup data, and install everything again, also call your bank to put restrictions while you resolve the issue.

06-15-2011 10:08 PM #21 LiveRich503 (Member)

Yeah the networks are running tracking on a few different platforms so I kind of ruled that out...I'm guessin they got to all my accounts by my main email address, or if they infiltrated my email they would of gotten easy access to all the acceptance emails and login details from each network.

But even after changing passwords and things still being messed with makes me believe it could possibly be a keylogger on my system.

Question is, if I back up all my files and data and the 'keylogger' is hidden in one of these files and then I reload it after I wipe it will it reactivate it??? And leave me right back in the same situation?

From what I can put together they are only targeting my CPA accounts so they must have some type of agenda...CPA wise.

Strange thing is some of my accounts are pretty inactive with little or no revenue generated while others have a few 100k in revenue ran through them, doesn't seem to be a particular preference from these infiltrators.

Sucks cause as an affiliate we have dozens of accounts online, I'm even questioning if any of my self serve adnetwork accounts are being tampered with..

All I can do is sit back and see if this all blows over.. Thanks everyone for your input. I'll keep you posted on what happens.

06-15-2011 10:27 PM #22 yale47 (Member)

Quote Originally Posted by LiveRich503 View Post
Question is, if I back up all my files and data and the 'keylogger' is hidden in one of these files and then I reload it after I wipe it will it reactivate it??? And leave me right back in the same situation?
I would mostly worry about binaries, although PDF readers (especially Adobe Acrobat Reader on Windows), Flash, etc. all have vulnerabilities. That's why there are so many updates for these things. You have less to worry about since you're on a Mac, though. If you install programs, always stick to ones from well-known companies if possible.

The big thing is that your browser (any browser) can be vulnerable to drive-by download attacks while you're just casually surfing the web. I've had that happen to me twice already. The last time I got a virus, I was using the latest version of Firefox at the time. I visited some site about cats (lol), Adobe PDF Reader launched itself for some reason and then closed. I had stupidly left "JavaScript" and "View in Browser" options enabled in Adobe Reader (very dangerous features...). It just took a couple of seconds and my PC was infected. People inject malware into hacked web servers and ads all the time.

06-16-2011 12:34 AM #23 LiveRich503 (Member)

Man makes me think this only started happening after I installed the latest version of firefox.. Last month.

But then again at this phase my paranoia has me thinking of all types of possible scenarios so who knows...

Guess ima have to wait and see if this blows over. I'm sure another affiliate has had to experience this problem as well if so let me know what resulted from your experience.

Home > Vendors >