That smells like TCP hijack, that attack might be used to sniff out more passwords, but get your local Technician to have a look at it, this sounds not good at all.