Help: Newbie who got hacked through hikvision

[kaz]

Hello,

You read that right. I am urgently in need of help/advice regarding this.

(A bit long but please bear with me)

Until 5 months ago I knew nothing about DVR, Router, Port Forward, DDNS, IP etc. But because I was in need of a security camera (all hikvision) to be installed in my residence, I went ahead and learn what needs to be learn in order to get my security camera system up and working.

Needless to say, I have a complete working security camera that I can access through the IVMS app and I can also access my camera management interface via DDNS (using No-ip).

But, as I am typing this, I am not sure that I really understand the risk about what I did.

....

because I got hacked very recently.

I think I am "lucky" because I was notified soon enough. But this was enough to send me into overdrive, as I changed all my passwords, installed antivirus in all my computers, make my router "invisible" and disabled UPNP.

and no, my router cannot be remotely accessed.

I port forward HTTP,HTTPs,RSTP, and SERVER with different numbers. I do not use 80 or 8000 or 443.

I have a static ip, but I still use No-ip as my DDNS (honestly I dont know why I did this).

-------------------------------------------------------------------------------------------------------------

My question is:

1) am I fairly "safe" that I don't use UPNP anymore?

This has come to my attention that every time I try to access my router web interface (LAN) and Hikvision dvr web interface, I get this "unsecured" page.

The top left hand corner, where there is a grey lock with a red stripe across.

I do not understand why I keep getting that. Or how to make sure that every time I access both pages, they will be secured (green lock).

I tried to access my Hikvision DVR web interface via HTTPs, I am unable to access the page.

Why is that?

Lastly, how did the hacker managed to get my personal information from?
------------------------------------------------------------------------------------------------------------------


Please, I greatly appreciate anyone who can assist me with this.


Thank you.

 

[Camit]

Don't ever use upnp

Don't port forward any ports ever

Use a vpn when connecting remote then you don't need no ip or any other crap.

Your getting there but very far off..

 

[Camit]

Use a vpn like one of these 12 Alternatives to Freelan | Top Best Alternatives

there are two different types of vpn s so don't get them confused.. I try new ones all the time.

Oh and the one I like the most is freelan..

 

[nayr]

Your not safe forwarding any ports; even if you change the numbers.. the services identify them selves, they know whats running on any port.. Your no more safe now than you were before.

VPN Server on your router or go home; Start here VPN Primer for Noobs

Next up configure your firewall to block all internet traffic too/from your cameras/recorder, then reboot and restore all your devices to factory default and reconfigure em and you'll be in a pretty safe spot.

 

[alastairstevenson]

I port forward HTTP,HTTPs,RSTP, and SERVER with different numbers. I do not use 80 or 8000 or 443.

You are taking almost the same risks as when you had not changed the ports from the defaults.
They are still accessible, the initial scan just takes a bit longer.

The top left hand corner, where there is a grey lock with a red stripe across.

I do not understand why I keep getting that. Or how to make sure that every time I access both pages, they will be secured (green lock).

You are showing a considerable amount of ignorance, if I may say so, if you don't know the difference between an HTTP connection and an HTTPS connection.
HTTPS will encrypt traffic in transit - it will not change your risky port forwarding configuration.

 

[kaz]

Hello,

Thank you for your replies @Camit @nayr @alastairstevenson.

Honestly, after staying up all day till dawn to change passwords and port numbers, I am dismayed to find out that I am still vulnerable.


@alastairstevenson

You know, I too would have stopped myself from being so ignorant.

-------------------------------------------------------------------------
@nayr

VPN you say? (pardon me for this, I am having a headache from the lack of sleep). I manage to read it, and from what I understand is that if I installed VPN on both my home router and my iphone, it allows me to remotely access my DVR as if I am still in the local network?

suppose I use OpenVPN (I have a Tp link router), I install the VPN in my router and after I Install VPN in my iphone too? How does that affect the IVMS app?

you mentioned "If you configure your OpenVPN server to listen on port 443", so I will still need to use port forward then?

If I am successful in setting up my VPN, I can just simply type my DVR's ip address (from anywhere in the world) and be logged into my DVR web management page?

Do you know of any good tutorials about understanding VPN? It seems that I understand better with a video tutorial.

-------------------------------------------------------------------------
@Camit

Yes, unfortunately I missed the "disable UpnP because it is vulnerable".

Can I ask, do I set up my VPN first then I do a factory reset on all of my devices after? is that how the workflow goes?

can I use the came IP address for each respective security cameras and DVR's? or do I have to change them like I have to change the passwords?

-------------------------------------------------------------------------




Thank you.

 

[nayr]

@nayr

1. VPN you say? (pardon me for this, I am having a headache from the lack of sleep). I manage to read it, and from what I understand is that if I installed VPN on both my home router and my iphone, it allows me to remotely access my DVR as if I am still in the local network?

2. suppose I use OpenVPN (I have a Tp link router), I install the VPN in my router and after I Install VPN in my iphone too? How does that affect the IVMS app?

3. you mentioned "If you configure your OpenVPN server to listen on port 443", so I will still need to use port forward then?

4. If I am successful in setting up my VPN, I can just simply type my DVR's ip address (from anywhere in the world) and be logged into my DVR web management page?

5. Do you know of any good tutorials about understanding VPN? It seems that I understand better with a video tutorial.

1. Correct
2. Correct, it has no effect its transparent.. it'll work like your at home, everything on your home network will.. you'll be on your home network even through your remote, thats what a Virtual Private Network is for
3. The router has the IP, no forwarding anything.. this is if your router lets you run your VPN Server on the port you specify, if not dont worry about it.
4. Correct
5. Youtube, search "Your Router Model OpenVPN Server Setup"

 

[kaz]

@nayr

Thank you for your reply.

Alright I will look into youtube on VPN setup to get a better understanding of it.

I really would like to try out the OpenVPN, but as I will be away (i dont really want to mess the current settings now), I would like to still be able to view my residence through the IVMS app.

I know it is not okay, but for the moment can I close the other ports (HTTP, HTTPs, RSTP) to "minimize" the opening of my network? And I only port forward SERVER to be able to view in my IVMS app?

I hope its not too silly for me to ask, how on earth can that hacker get into my network system and manage to steal my information?

I think I saw a "suspicious" IP address in my DHCP client list. But when I searched for it, it turned out to be a Hikvision product.

This is where it gets confusing.

I had bind all my hikvision products with their respective ip numbers, but only this one was not in the IP/MAC bind list. I only have 6 hikvison units (including the DVR), but with the "suspicious" ip adddress, I have an amazing 7 hikvision units listed in my router.

Do you think that this was where the intruder got it?

-------------------------------------------------------------------------------------------------------------------------------------------------

I don't think I read this anywhere,

but when you are installing the VPN server in the router, do you do a hard factory reset first?
Then you proceed with the VPN server install, and then you assign the Ip for the security camera and the DVR?

Do you need to hard factory reset the cameras and the DVR too?

Can you assign the same Ip address for the cameras and DVR?

(I dont know about this), but do you need to reset anything from the PC? In case something was downloaded to it to track my records or changes?

-------------------------------------------------------------------------------------------------------------------------------------------------

Thank you so much @nayr.

P.S at the height of my paraonia, I actually disconnected my WAN cable (from my modem) when I made changes to my router (like, SSID broadcasting, password and admin change, IP/MAC address binding).
Because I thought, well maybe they could not intercept what I am doing when I made the changes.

 

[nayr]

Your IVMS app will work just fine, no port forwarding is acceptable, zip, zero, nada, ziltch: Backdoor found in Hikvision cameras

VPN Server should change nothing on your network; it has no influence on the local network at all its only used for when your not on your local network; but would like to be.

Just setup the VPN and never forward another port again.. you only need to reset devices you think been compromised because they could have added there own backdoor logins.

 

[kaz]

hi @nayr ,

I readt that OpenVPN is a SSL protocol. However, my router does not have this protocol. It has PPTP, L2TP and IPSec.

Does that mean I cannot use Openvpn services? Are services like PureVPN or Express VPN recommended?

 

[Camit]

hi @nayr ,

I readt that OpenVPN is a SSL protocol. However, my router does not have this protocol. It has PPTP, L2TP and IPSec.

Does that mean I cannot use Openvpn services? Are services like PureVPN or Express VPN recommended?

I think purevpn and express vpn are the wrong type of vpn those keep you anonymous from the net.. someone correct me if I'm wrong

 

[rnatalli]

VPN is the way to go. If you have a NAS, it likely has a package for OpenVPN making setup pretty easy or a router with DD-WRT also has it built in.

 

[nayr]

hi @nayr ,

I readt that OpenVPN is a SSL protocol. However, my router does not have this protocol. It has PPTP, L2TP and IPSec.

Does that mean I cannot use Openvpn services? Are services like PureVPN or Express VPN recommended?

no that does not mean you cant use OpenVPN, does your router have OpenVPN Server built in?

PureVPN and ExpressVPN wont do dick but cost you money; those services are so you can watch US Netflix from Europe or whatever.. not for securing your network.

 

[dt-cam]

I have a static ip, but I still use No-ip as my DDNS (honestly I dont know why I did this).

-------------------------------------------------------------------------------------------------------------

There is nothing wrong with using DDNS with a static IP. If you ever decide to get rid of the static IP and switch to dynamic, all of your devices should already know about the DDNS name, if you used the static IP on all your devices, you'd have to change it on all devices. This might not be a big deal if you only have a few devices, but still, not a bad idea to keep using DDNS.

As stated, always use a VPN vs opening ports. If you must open ports (even for a VPN) make sure the password you set is very strong so that if someone does see a service running on a port they'd still have to deal with cracking a strong password.

 

[zero-degrees]

Hey @kaz what makes you believe you were "Hacked"? I've read most of the string above and don't see it outlined anywhere. Simply noticing an IP address doesn't mean "information was stolen". If you are port forwarding directly to your DVR/NVR that exposes that device and allows someone to take controll of it, but as you know we don't store a lot of "information" on said device, so that's why I am curious what was stolen..

Wanting to secure your network is the right mind set and correct your security holes, however I am curious what occured to set you down this path?

High level without details sounds more like you have a security problem/malware on one of your PC's if you are having personal info compromised.

 

[kaz]

hi everyone,

Thanks for the reply. mil was sick and I had to take care of her.

@nayr Nope. I checked, it does not have open VPN server built in it. I am thinking of downloading dd-wrt firmware into my router to be able to use openvpn.... am I right?

@dt-cam oh, I remembered. my last ISP didn't have a static ip. (at that time I thought that I cannot port froward and use DDNS service with a dynamic IP) So I went and changed another ISP that does provide a static ip. Hence why I still use my DDNS.

@zero-degrees hmm, my apologies. perhaps hacked was not the right word? okay so this is what happened that day.

I my bank info was stolen and "used", perhaps from using the same internet connection for my DVR's and Security cameras. That was the first and only time I did it. and *BAM*, I was informed that "I" had purchased an XXX amount from XXX website.

They must have got in my computer and though my DVR internet connection.

is this hacked? or malware?


Thank you guys!