Hacked Facebook Page/Account - any help?

DoubleCheese · 9 May 2013 at 13:09

A local Cafe has just been hacked and they've asked me whether I can help at all.
The owner has a personal FB account and they've created a FB Page for their Cafe. Earlier this week she got some email's about some Paypal purchases for Advertising on FB. She logged into FB and she was no longer the Manager of the page, just an Advertiser.
She believes her Hotmail and Paypal have also been compromised and some money spent on FB Ads. All three accounts had the same PW.

She's changed the PW's on all three and is trying to get back in control of the page to remove some of the content that the new Manager is posting! But she's not getting any help (yet) from FB Help.
She thinks it might coincide with them installing Wifi in the Cafe. Is it possible to sniff login's for Accounts like this over Wifi? I don't think they've set up a Wifi Key or anything yet. Would that help though if you had the Key anyway?

Any advice I can pass on to help them out? I'm going over later to show her LastPass for creating stronger unique Passwords.

Thanks.

dfarrall · 9 May 2013 at 13:34

Yep definitely possible. And it would help if you used WPA2 and just handed out the key.

Other than waiting for FB theres nothing you can do.

Raumarik · 9 May 2013 at 13:37

Wifi security is a bit of an oxymoron tbh, but no guarantee that's how they got the password. Could have been a guess, someone she shared it with, malware on another PC she's used etc etc.

Haggisman · 9 May 2013 at 14:23

I would hope they had the sense to install a semi-decent wireless access point with separate VLANs for management and customer PCs, along with decent strength security - i.e WPA2?

httk · 9 May 2013 at 14:24

I think malware/phishing is more likely than Wifi hack, but yes, they should put a WPA2 key on and then just put the key on a noticeboard in the cafe.

Cafe owner should make sure she has firewall switched on on her computer, and virus scan wouldn't hurt.

Edit: Plus, make sure router password is changed from default!

xGBHxPegasus · 9 May 2013 at 14:28

Its very easy to sniff Facebook account details via an android phone on any wireless.

Most likely someone may have sat on the wireless and waited for her to do something with Facebook and grabbed the details from a page refresh

DoubleCheese · 9 May 2013 at 15:26

Thanks for all the answers so far. I'll ask them to check the following:

- Router Login details
- Whether Wireless AP has 2 channels for Work and Guests
- Turn on WPA2 for both and put the key on the board for Guests
- Turn on HTTPS and 2 Factor Authentication for FB, Paypal and Hotmail.
- Check for Firewall and AV on work laptop

Anything else that would help them?

dfarrall · 9 May 2013 at 16:52

xGBHxPegasus said:
Its very easy to sniff Facebook account details via an android phone on any wireless.

Well that's simply not true...

It's a VLAN you want to create, not separate channels. But unless it's a decent router it wont support it.

Haggisman · 9 May 2013 at 16:56

DoubleCheese said:
Thanks for all the answers so far. I'll ask them to check the following:

- Router Login details
- Whether Wireless AP has 2 channels for Work and Guests
- Turn on WPA2 for both and put the key on the board for Guests
- Turn on HTTPS and 2 Factor Authentication for FB, Paypal and Hotmail.
- Check for Firewall and AV on work laptop

Anything else that would help them?

Change the default SSID and use a strong password - i.e. non dictionary (at least for the private VLAN), and if the router allows it, restrict access to the web interface to the private VLAN and the IP of the admin PC.

If they need a suggestion for an AP that allows multiple channels, the Netgear WNAP210 is quite a nice bit of kit for ~£100, allows 8 wireless channels, and gives the option to separate wireless clients. The other option is getting a free AP from Meraki by sitting through one of their webinars (although you need to be an "IT professional", so may not be an option depending on the exact nature of the business... that being said, they could always be the "IT Manager" of the cafe

)

If they're with Virgin, then the Superhub actually supports multiple channels and (I think) VLANs so that might be a possibility.

paradigm · 9 May 2013 at 16:57

dfarrall said:
Well that's simply not true...

It's a VLAN you want to create, not separate channels. But unless it's a decent router it wont support it.

It doesn't necessarily need a VLAN at all.

Two completely disjoint networks can co-exist on a single router without the need for VLANs. Certainly the case for some of the devices I have here.

Haggisman · 9 May 2013 at 17:02

paradigm said:
It doesn't necessarily need a VLAN at all.

Two completely disjoint networks can co-exist on a single router without the need for VLANs. Certainly the case for some of the devices I have here.

If you do some clever trickery with subnets and NAT, yes, but it's not an ideal way of doing it (or particularly simple for a novice to set up). Plus an attacker could simply give themselves a static IP on the subnet they want to attack and have full access....