GEEK TO ME: User witnesses invasive attack in progress

Question: Came to Destin, using Wi-Fi from condo building (every condo unit has own router, all have same password.) Hubby noticed someone "took over" his computer, visited different websites, etc. We actually saw the cursor move, etc. Husband hooked up with a VPN, and thought we had solved the problem, but it happened again today. Any suggestions? How do we get rid of this "hacker"?

– Barbara V.

Destin, Florida
Answer: Wow, Barbara! To actually witness an attack in progress must have been uncomfortable, to say the least. But the fact that you actually saw the activity on your screen – including the movement of your mouse cursor – is rather telling in this case. I’ll get there, but I need to explain a few things so that all my other readers understand what we’re talking about.
Readers, the VPN that Barbara mentioned is a Virtual Private Network. It is a way to extend the private portion of a network across a public network (such as your condo Wi-Fi, and the Internet). It makes your device (computer, phone, pad, etc.) work as if it is connected directly to the private network. This gives you privacy and anonymity by masking your computer’s Internet Protocol (IP) address, making your activity virtually untraceable. Most such connections are also highly encrypted to provide even greater privacy and security.
Now, Barbara, I believe the reason that the VPN isn’t helping you is because you essentially closed and locked the door after the bad guy was already inside. Knowing you were going to be using your PC on a publicly shared Wi-Fi, you probably should have installed the VPN before ever connecting. That would probably have halted this interloper at the door, or better yet, prevented him from ever seeing you in the first place.
There’s two things about what I just said. First, I said “probably” and second, it’s already happened anyway. The former I said because I have no way of knowing how and when this person initially gained access to your computer. The Internet makes it possible for these cyber criminals to reach out anywhere in the world in real-time, so it could have happened before you ever left home. Then there’s the latter part, which is why you wrote in the first place: it’s already happened, so how do you rid yourself of this pest?
To me, the defining characteristic of this event is that you’re able to see mouse actually moving, and see the activity occurring. That’s a highly unusual method of stealing computer resources. Usually, the “bad guy” doesn’t want you to know they have access, so they can take their time going through your files, stealing your personal information, and perhaps even installing software. Your attack has all the hallmarks of a careless teenager on a joy ride. By the way, it’s certainly worth saying that you should be far more worried about what was done to your machine when you could not see it, than when you could.
You obviously have some sort of software running on your machine that’s giving this person access. This is typically referred to as “remote desktop” and is designed to give (legitimate) users remote control of a computer from a distance. I often use it to access computer resources at home when I’m away. It can be done through a phone, pad, or computer. Software such as this would not be stopped by your VPN, because it is doing exactly what it was designed to do – give a remote person access to the PC.
There are a good number of these remote desktop apps out there these days, and many are free. Typical titles include SplashTop, AnyDesk, LogMeIn, GoToMyPC, Team Viewer, and Chrome Remote Desktop. These are only a few – there are many others. If you knowingly have one of these installed, change the access passwords, and double and triple-check to make sure the only remote users authorized are ones you recognize. It should go without saying that you should not be on the Internet when you make these changes, so you can be sure no prying eyes are watching. If you have not intentionally installed one of these titles, you should go through your installed software and remove any that you find.
Until you’re absolutely certain you have the problem resolved (and perhaps even afterwards!) consider securing your computer when you’re not using it. Shut it down, or put it into hibernate mode so that the next dog who comes sniffing around won’t be able to get in. And if you see the cursor start to move on its own, or websites being accessed, take it off the Wi-Fi immediately.
To view additional content, comment on articles, or submit a question of your own, visit my website at ItsGeekToMe.co (not .com!)