Author Topic: Hacked, how do I read these logs?  (Read 7076 times)

jhferry

  • Newbie
  • *
  • Posts: 1
Hacked, how do I read these logs?
« on: May 24, 2016, 07:33:59 PM »
Got home to see my friends profile logged into my TV.  We dont know how, my PC is not in his computers list but we have shared screens before.  He found an authorized session from a device that was not his. I have the TeamViewer11_Logfile and the Connections_incoming.txt.  I'm not sure how to read them.  Im not sure I should post them in case there are IDs in there and such. 

matt

  • Hero Member
  • *****
  • Posts: 904
Re: Hacked, how do I read these logs?
« Reply #1 on: May 25, 2016, 03:47:37 PM »
Contact official teamviewer support (this is user run forum - either their facebook page or lodge a support ticket), and potentially the police in your area.

You sure that you weren't in your friends computers and contacts list, and that you weren't the most recent connection from his computer.

There is more and more of this each week. I had assumed that the hackers were guessing user name and contacts list info (perhaps the same detail as other dummy 'honey trap' type websites), and then they were connecting to known computers and contacts. You seem to contradict that, and that is a whole new level of scary...

AZEXPLORER

  • Newbie
  • *
  • Posts: 8
Re: Hacked, how do I read these logs?
« Reply #2 on: June 01, 2016, 09:32:51 AM »
Matt, no one is guessing anything. There is some sort of serious breach that really needs to be taken seriously by TV. On May 28th I was attached to by someone and they went to my Amazon and PayPal (fortunately they did not breach either of those).  I watched them do this. It was only a matter of a minute or two then they abruptly disconnected.  I have uninstalled TV and am contacting everyone and having them uninstall it, too.  This should not be dismissed as "user error or complacency". It is a mistake to dismiss all these reports. Even a two year old can see this trend.

Kadeschs

  • Newbie
  • *
  • Posts: 15
Re: Hacked, how do I read these logs?
« Reply #3 on: June 02, 2016, 10:33:25 AM »
Where do I find the logs?

AZEXPLORER

  • Newbie
  • *
  • Posts: 8
Re: Hacked, how do I read these logs?
« Reply #4 on: June 02, 2016, 01:13:47 PM »
Where do I find the logs?

Hi Kadeschs,

For me, the logs were in this folder: C:\Program Files (x86)\TeamViewer

I have already uninstalled my TeamViewer, so I can't tell you exactly how to access them from within TeamViewer, but let me try....

Launch TeamViewer.

At the top of the screen, you should see three menu items.

  • Connections
  • Extras
  • Help

If I recall it is in the second menu named "Extras". Scroll down a couple of items on the menu and you will see something that says "View Logs" or something like that.

I recommend that you go to the actual folder and copy and paste those logs to some other location for safe keeping.

You will be able to see who connected to you in the logs. Don't let them get overwritten.

It is hard to read the logs though. I had to spend a LOT of time trying to figure them out and I am still not sure what I was looking for. I finally found some suspicious IP addresses and suspicious numeric TeamViewer ID's that were named in a familiar name. So, don't trust it just because it looks like a familiar name. Check the numeric ID's against all of the numeric partner contact ID's that you know to be your real contacts. That is how I found the ones that connected to me. It took a long time to do that.

Look at the time stamps and think back to where you were and what you were doing during that time frame.  That is how you can tell when they hit you, and I think you can tell when they connected and then disconnected, so you can figure out the duration that they were connected to you. That will give you an idea of how bad the damage is going to be. If they were connected to you for a long time, they probably did a lot of bad stuff, and stole a lot of stuff.

I wish TeamViewer would step up and tell us how to read the logs and how to identify who connected to us so they can start trying to shut down those accounts or something. However, they would first need to admit that there is a security breach, and I do not see them doing that any time soon based on them repeatedly publishing copy/pasted canned denials on their Facebook page.
« Last Edit: June 02, 2016, 01:24:50 PM by AZEXPLORER »

TeamViewer

  • Jr. Member
  • **
  • Posts: 85
    • TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet
Re: Hacked, how do I read these logs?
« Reply #5 on: June 03, 2016, 07:09:59 AM »
Hi all,

As you may already know, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers.
Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts. We are appalled by the behavior of these cyber criminals.

It is important to underscore that TeamViewer account authentication uses the Secure Remote Password protocol, and therefore does not store any password-equivalent data. Protecting your personal data is at the very core of everything we do. Please find more information on this matter in our official statement: https://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/

To further analyse your logfiles please contact our support under https://www.teamviewer.com/en/support/contact/submit-a-ticket/. They would also assist you in locating them on your device.

Best regards,
Fabian – TeamViewer