This morning, when I went downstairs to my computer to catch up on email before going to work, I saw that my web browser was on an eBay page. The only problem? I haven’t used eBay in over a month! Long story short, I spent 2 hours tracing what happened, and here’s the gist of it:
Somebody broke into my computer using the VNC service that I was running. It was password protected, but not secure. Once they controlled my desktop, they went to my web browser, created a Gmail account in Chinese, and then created an eBay account for that Gmail account. Then, they bid on car and motorcycle auctions, and eventually disconnected. Yikes! I checked my system logs and it looks like I’ve had VNC connections that weren’t mine in the past. Most of them come from Shanghai, though there is one from Plano, Texas and one from Taiwan.
It looks like the hackers didn’t know Mac OS or Unix very well, and weren’t really very smart, because I don’t think they got away with any really useful information (like credit card numbers). Or maybe they’re so good they erased their tracks.
Anyhow, I shut down my VNC server and closed the VNC port forwarding on my router, to prevent this from happening again. I’ll probably have to change a bunch of my internet passwords now, and if I want to use VNC again I’m going to have to set up a much more secure way than using the built-in password protection.