Campus wifi might be hacked


#1

Hi community,

I am an University student and i have been receiving spam emails from an email which looks to be mine.

The emails contain my on campus wifi password, and also conatain vague threats to sent screenshots of “sensitive” websites I have visited to all my contacts ,if the ammount has not been paid. These threats have however not been met in the required time, so I do not worry about them.

I am however still concerned with the fact that they do have my password for the wifi, and the emails are sent from my account to me. The emails are however not in my sent box, and uppon further inspection the website for the oncampus wifi has no digital sertificate.

Do any of you have anyway answers as to:

  1. How the password was obtained

  2. How the emails where spoofed to look like my gmail tag and says it is sent from me

  3. How to address this problem in the future.

Futher information:

I have since scanned my devices fot trojans and other mallware, and have changed my password, but recieved a email later containing the new password.

Is this maybe the wifi network that is compromised and not my device?


#2

Seriously you have been HACKED, I strongly suggest you better report to the IT department in your uni or police, they can give you more solid advice and action.

Since I am not even a noob in cyber security, I can’t answer your questions, but just give you some suggestions to avoid further problem:

  • Don’t visit sensitive content or some private things under public WIFI, they are generally more dangerous.

  • Regularly clean your history

  • Separate your personal gmail account and Uni gmail account, better just use Uni account ONLY in study.

I personally consider it’s your campus WIFI being hacked rather than your device, you change your password and they show you how you change them…that’s crazy


#3

I also believe it is the uni’s wifi.
Since my email password and wifi account password are different i do not think my fisical email was hacked but only the identification account I use for the WiFi.

I do agree with keeping seperate accounts, and all the tips you gave are worth implementing.


#4

Use VPN.

202020202020


#5

…are you asking how someone obtained a password that would be known to hundreds of people? Matriculation, maybe?

Um, they spoofed your email by spoofing.

Did the mystery emails look something like this?

Hi anon, we noticed you have been downloading a fuck-ton of porn on the campus network on <your account>. Pls stop or we will report you.

Stop downloading porn on campus wifi.

well, it’s either that or your school WiFi login page has been replaced with a phishing page. In that case your machine should be fine - but you should change your passwords related to your school email just to be safe.


#6

Sounds like some is trying to troll you.


#7

Sometimes I really wonder how people who actually don’t have a clue about those matters while there is clearly enough documentation for large audience in YouTube about those matters, end up on these kind of project like eve-tech.

Anyway,

You don’t provide enough informations for us to help you.
1/ Was your password à matricule ? A combination of your name or something provided by uni ? Things that could be generic for all students ?

2/ was your password the same than in other websites ?
3/ was your password in the database of haveibeenpwned.com?
4/ what was the composition of your password ?
5/ who control the WiFi connection? The it of the Uni or some third entity? In the case of some uni in Belgium it would be the city.
6/ how do you actually know it’s the WiFi of the uni? How do you identify it ?
7/ what kind of WiFi is it ? Is it a radius connection or wep? Wpa ? Look on YouTube on how to identify correctly the security protocol in place. If there is no certificate it is most likely not radius.
8/ is it the same password than on the infrastructure of the uni?
9/ I didn’t understand a thing about your mail story. So you are saying that the mails were sent from your gmail account ? Man really be clearer or do some screenshots.

So about the WiFi password, depending of the kind of connection it’s easily hackable. The guy/girl just need to be in your surroundings and having you disconnected several time in a specific order and time frame. If it is a radius connection secured by a certificate, to my knowledge, the only way with reasonable ressources and not a supercomputer and if the radius server has been well configured is to hack the Uni server or one of your hosts.
The actual antivirus can’t protect from crafted Trojan. Just look at the noob Micode on YouTube about him making a Trojan not detected by kaspersky and you’ll see. And this guy didn’t have any degree in computer science nor is he a recognized hacker.
The only way you can protect yourself is to reinstall Windows and flash your bios in the worst case.
If you used a generic password then clearly you were quite’ inconscious and this guy has just poking around website like haveibeenpwned to retrieve your password.

What I can be sure of is, if you used gmail and he got access to it, you can look in your recent activity why peripherals have accessed it and when and from where. But the only way he could have found your password is through hacking your host or if you used a generic password. Every transaction with google is encrypted, mail software through imap starttls or website through tls certificate.
Plus you could have avoided it by activating 2FA.

For the website you visited, since as I’ suspecting it it’s not through a radius server that you are connecting to your WiFi, he/she can easily wireshark your surfing experience and see which website you are visiting, which exact URL. But if the website is secured with a certificate then he can’t see shit about what are you doing exactly on this website, unless your hosts are hacked.

To be sure to protect you from those kind of things, when you are any WiFi, use a VPN. He will know that you are using a vpn and which one with the IP address but he won’t be able to see shit, unless again your hosts are hacked.


#8

there’s a scam going round where by spammers send out evidence of one password you have which has been compromised and sold as evidence they have all your passwords and sensitive data


#9

This is a scam that has been running for several months now - ususall pat less than USD1000 by bitcoin.

Suggest ensure you change any of the compromised passwords and then be certain your security is up to date and regulary refreshed. VPN may help


#10

This scam is known for years nothing to be alarmed by it. And no Steve sorry but the security here is useless. I know at least 4 different framework of different attacks right on top of my head to circumvent any security. It depends of the infrastructure not much to do with the client, that’s why we need more info. Stop launching stupid advices just because you want to be listened to.


#11

Is there a VPN that you would particularly recommend?

I have heard plenty of VPNs that turns out to be owned by data mining company or companies with questionable motives like PIA, HMA, ProtonVPN, NordVPN, etc. which makes it hard to trust a random VPN service.

I currently use SigaVPN, but not for sensitive personal dats as I don’t fully trust it yet.


#12

I’ve linked a website in another thread some months ago.
vpn comparaison from a guy of trust

I’ve linked interviews too from some very important peoples in the cyber security community whose independence are unquestionable. https://youtu.be/VBsLSfPs2PE

Nordvpn has always been a no go for cybersec as PIA and honnestly I don’t even understand why so many youtubers are accepting some sponsoring contracts like linus tech tips… He knows better than that. I don’t know hma.

But again, it depends of what you do on internet. And more importantly what are you protecting you from. State? Companies ? Crackers?
I don’t see where you heard something about the paid version of ProtonVPN for example. They are old researchers from CERN( the last lab like Los Alamos and completely free thinking from any industry lobbies, in which clearly I’m in total confidence), completely crowd developed at start and completely autonomous now. To my knowledge they don’t need any money from the oustide and I have complete confidence in their infra setup and their technology.
So if you have real concrete stories about something I’m very eager to hear it from you.
Anyway protonvpn is good solution as Mullvad is. Mullvad has been created by a couple of journalists very well known for their investigation in Sweden if I remember correctly or was it Denmark. Not sure anymore.
Both solutions are very secure and there is no way that those companies sell data to other companies.
Simple proof of that for protonvpn is that I’m a client for years now and I didn’t received a single spam in any of my inboxes. If they were exchanging data samples with other entities(except the State) I would have at some point received some and that would be the same for any of my colleagues or friends.
And for Mullvad their business model make it impossible to extract any form of data of it.

But again, that doesn’t mean that you would be protected from the State threat if you use vpn for malware distribution activities or other nasty things . They do in some extent log your ip addresses and all vpns does that. It’s a simple infrastructure problem and diagnostic tool. When you are maintaining a network you actually need to do that. And we don’t use vpn to protect from the State but from individuals or companies. It essentially protects you from some threat crackers models and from companies who want to track you. That’s why we use them.

If you need something who prevent the State threat model, then use TOR inside a whonix vm for example. Or use Qubes OS. or even only the tor browser is even more secure.
And you know if you have ever managed an onion router for TOR then you would know that it’s very logical that it logs IP adresses. Of course in the case of TOR, it’s the quantity of onion router that you need to past through and the fact that it deletes it and rewrite over and over all the ip addresses which makes it impossible to track.


#13

Proton vpn is legit, proof me wrong.


#14

Just to illustrate the kind of bullshit article that you can encounter on internet :slight_smile:

  1. We operate out of the US which is one of the few, if only, countries without a mandatory data retention law. We explored several other jurisdictions with the help of our professional legal team, and the US is still ideal for privacy-based VPN services.

yes, there is no retention law true. But USA is the origin of the group Five eyes and 14 eyes. Every security agencies have full power under the patriot act and subsequent laws to invade the offices of the internet provider, VPN provider and things like that. It’s in this spirit that the security agencies can cut cellphone services, line services etc on a district during an operation -> Because they have full power over it. They can seize what ever they want for national security.
Besides the whistleblower, there is no threat to any security agency in USA who would like to listen to any of your communications in the US and outside. Which can obviously be a good thing if there is a major terrorist attack or something like that but which is a major pain in the ass for privacy rights.
Just for everyone to compare, is there any similar events like “swatting” in Europe? Not to my knowledge.
In belgium for example, the police need for an instruction judge(and they are really different than the US judges) to have the right to listen to any line even in the event of a terrorist attack in progress. And you need to have a solid case to do that. There is no big redacted files because of national security even in the national archive. And the telecom provider negociate each year their price with the department of justice legal eavesdrop and it’s way pricier than the same thing in the USA I can tell you that.
But of course in belgium for example, you would have a retention data law.
This is an example on why you need to contextualize each bullshit answer you are reading on internet and that you realize the full extent of the power of a security agency in USA.
And this is why in the cybersec community you never take a VPN from north america and even less based in north america.


#15

Is it possible that schools block VPN connections?


#16

very unlikely. But it could be. In general then you just need to use another connection port. A lot of VPN propose several openvpn configuration files, some with UDP connection, other with TCP connection, other on the 80 TCP port (which is the port for browsing internet in general) etc etc.


#17

Unfortunately protonvpn uses IKEv2 on their macos client :frowning:
So I can’t make any changes.


#18

I’m pretty sure that you can seek configuration files for openvpn in protonmail


#19

@TheDestiny look for thé app tunnelblick. That’s the alternative to OpenVPN.
Then look on protonvpn for the Linux configuration client and you will take those configuration file in place of the vpn in house client for macOS