My iApollo HD Lite was hacked - help!!

[Fairweathergardener]

Hi Everyone

I've posted this on the DIY forum as a warning for other CCTV users, However, I'm in need of some techie networking help to advise me on what data, if any is likely to have been compromised by the hacking of my CCTV box. 

Some background, you may have seen some of my previous posts about problems with my old cctv box interfering with my Internet and also Live View on web interface not behaving. Well, I got a new system and while I was dismantling the old one and checking settings for transfer across etc, I noticed it had been hacked. Please see this link Your CCTV system was hacked! Can you prevent it?
and Thousands of hacked CCTV devices used in DDoS attacks

In the first link, that's exactly what I found on my box - an additional user called "system" which said your box has been hacked please secure. I also had the same web interface issues with Live Preview. 

My installer put this in nearly 3 years ago and at the time he only told me to change my admin password which I did. I left the factory password alone as that's what I was advised to do. It was the usual Dahua 888888. So I think that's where and why it was hacked so easily. For what nefarious means I don't know. I haven't been burgled while this was going on, so it's not for that purpose. I did have all the internet issues whereby intermittently since the web interface issues (which is since it was hacked), and my internet would slow down so it was unusable even with an ethernet cable straight into the router. Then it would free up again for a while before it happened again. I don't know if that was hackers using my CCTV box as a route for DDos attacks (not that I now what they are, just that they use up all your bandwidth - can someone explain please?) or maybe it was the firewall kicking in on the router/home hub and stopping our access so we couldn't be hacked - is this possible in theory?
My BIG question is though, with all this in mind, does anyone know if, once the CCTV box has been breached, home data on laptops, Macs, iPhones etc is compromised or could my theory about the firewall be correct?

 

Edit - No need to post in 2 different forums, duplicate post in 'DIY installers' has been deleted, thanks.

Edited November 21, 2016 by datadiffusion
Duplicated topic

[datadiffusion]

21 minutes ago, Fairweathergardener said:

Some background, you may have seen some of my previous posts about problems with my old cctv box interfering with my Internet and also Live View on web interface not behaving.

 

I assume you have copied and pasted this from another forum, as you only have one valid post on this site?

 

21 minutes ago, Fairweathergardener said:

My installer put this in nearly 3 years ago and at the time he only told me to change my admin password which I did. I left the factory password alone as that's what I was advised to do. It was the usual Dahua 888888. So I think that's where and why it was hacked so easily.

 

Is your installer a security professional? Well, I would  not as this is clearly part of the issue here. These boxes are easily compromised anyway, but, this just made it even easier.

I assume you had port forwarding etc... or was the entire device in a DMZ?

 

As for everything else, yes, it is possible you have been thoroughly compromised, although in reality these devices are used for bot net / distributed processing tasks (Buttcoin / DDOS) rather than keyloggers etc... especially since it would probably be clear you're a home user with little worth stealing to a hacker.

 

I would change all your passwords as a minimum; the firewall will be of no use protecting you once the hackers have root access on your device.

Edited November 21, 2016 by datadiffusion

[norman]

" Buttcoin" ? I missed that memo.

[datadiffusion]

http://www.buttcoinfoundation.org/

 

Sadly no longer updated but the only site to speak the truth about this mystical make-believe fairy money

[Fairweathergardener]

Thanks guys. Yes, I had port forwarding on . Latterly it had been changed to DMZ I think, upon the advice of my installer as BT messed up my port forwarding (reset my router) and were about to do it a few more times as I had an issue with my Hub.  What are the implications of both of these points please?

[Fairweathergardener]

49 minutes ago, datadiffusion said:

 

I would change all your passwords as a minimum; the firewall will be of no use protecting you once the hackers have root access on your device.

Do you mean passwords on my CCTV box, and which device are you referring to please (the CCTV box, the router or my pc's?)

[sixwheeledbeast]

Yes it is possible your device has been compromised and that it has been used to pivot attack other devices within your network.

With a pivot attack the routers firewall is rendered useless.

You should at least change all of your passwords for online accounts and disconnect the DVR from the network for the time being.

 

DMZ is a way of placing a device outside of the firewall, this may have lead to the device being found to be compromised in the first place.

[Fairweathergardener]

4 hours ago, sixwheeledbeast said:

 

 

DMZ is a way of placing a device outside of the firewall, this may have lead to the device being found to be compromised in the first place.

 

Thanks. So if I understand this correctly, the DMZ was protecting me and was what put the error message on the box which was how I realise people today that I had an extra user by way of "system" ? Do you mean that or do you mean that it was what CAUSED it to be compromised in the first place?,

[james.wilson]

not wanting to presume you have a marketing thing going on, btw I got your mail without the sae you promised.

Its a very very bad idea to put any bit of gear in the dmz of most routers.

[james.wilson]

I'm still assuming this is an anti hik post cos their stuff is too cheap? correct me where I'm wrong?

hiyah Chris