8 Sure Signs That Your Computer Has Been Hacked (Owned) & A Free Email Tester

hacked

I’m not going to go into a long-winded definition of hacking.  We all know what it is and have all experienced malware in some form or to some degree with our computing experiences.

Cutting to the chase then,  below are eight clear signs that your system is compromised, followed by a free online tool that tells you immediately if your email has been compromised.

No. 1: Fake antivirus messages

Fake antivirus warning messages are among the surest signs that your system has been compromised.  (By the time you see this warning, the damage has been done.  Clicking No or Cancel will do nothing to stop the virus.  The malicious software has already corrupted your PC – often through the Java Runtime Environment or an Adobe product,)

What to do: As soon as you notice the fake antivirus warning message, power down your computer. Boot up the computer system in Safe Mode, No Networking, and try to uninstall the newly installed malware (oftentimes it can be uninstalled like a regular program). Either way, follow up by trying to restore your system to a state previous to the exploitation. If successful, test the computer in regular mode and make sure that the fake antivirus warnings are gone. Then follow up with a complete antivirus scan. Oftentimes, the scanner will find other malware remnants left behind.

No. 2: Unwanted browser toolbars

This is probably the second most common sign of system corruption: Your browser has multiple new toolbars.

What to do: Most browsers allow you to review installed and active toolbars. Remove any you didn’t absolutely want to install. When in doubt, remove it. If the bogus toolbar isn’t listed there or you can’t easily remove it, see if your browser has an option to reset the browser back to its default settings. If this doesn’t work, follow the instructions listed above for fake antivirus messages.

No. 3: Redirected Internet searches

You can often spot this type of malware by typing a few related, very common words (for example, “puppy” or “goldfish”) into Internet search engines and checking to see whether the same websites appear in the results — almost always with no actual relevance to your terms.
What to do: Follow the same instructions as above. Usually removing the bogus toolbars and programs is enough to get rid of malicious redirection.

No. 4: Frequent random popups

This popular sign that you’ve been hacked is also one of the more annoying ones. When you’re getting random browser pop-ups from websites that don’t normally generate them, your system has been compromised.  Even legitimate websites, can bypass your browser’s anti-pop-up mechanisms.

What to do: Once again, typically, random pop-ups are generated by one of the three previous malicious mechanisms noted above. You’ll need to get rid of bogus toolbars and other programs if you even hope to get rid of the pop-ups.

No. 5: Your contacts receive fake emails from your email account

This is the one scenario where you might be OK. It’s fairly common for our email contacts to receive malicious emails from us. A decade ago, when email attachment viruses were all the rage, it was very common for malware programs to survey your email address book and send malicious emails to everyone in it.

These days it’s more common for malicious emails to be sent to some of your contacts, but not everyone in your email address book. If it’s just a few contacts and not everyone in your email list, then more than likely your computer hasn’t been compromised (at least with an email address-hunting malware program). These days malware programs and hackers often pull email addresses and contact lists from social media sites, but doing so means obtaining a very incomplete list of your contacts’ email addresses. Although not always the case, the bogus emails they send to your contacts often don’t have your email address as the sender. It may have your name, but not your correct email address. If this is the case, then usually your computer is safe.

What to do: If one or more contacts reports receiving bogus emails claiming to be from you, do your due diligence and run a complete antivirus scan on your computer, followed by looking for unwanted installed programs and toolbars. Often it’s nothing to worry about, but a check-up can’t hurt.

No. 6: Unexpected software installs

Unwanted and unexpected software installs are a big sign that your computer system has likely been hacked.

In the early days of malware, most programs were computer viruses, which work by modifying other legitimate programs. They did this to better hide themselves. For whatever reason, most malware programs these days are Trojans and worms, and they typically install themselves like legitimate programs. This may be because their creators are trying to walk a very thin line when the courts catch up to them. They can attempt to say something like, “But we are a legitimate software company.” Oftentimes the unwanted software is legally installed by other programs, so read your license agreements. Frequently, I’ll read license agreements that plainly state that they will be installing one or more other programs. Sometimes you can opt out of these other installed programs; other times you can’t.

What to do: There are many free programs that show you all your installed programs and let you selectively disable them. One favorite is Autoruns. It doesn’t show you every program installed but will tell you the ones that automatically start themselves when your PC is restarted. Most malware programs can be found here. The hard part is determining what is and what isn’t legitimate. When in doubt, disable the unrecognized program, reboot the PC, and re-enable the program only if some needed functionality is no longer working.

No. 7: Your mouse moves between programs and makes correct selections

If your mouse pointer moves itself while making selections that work, you’ve definitely been hacked. Mouse pointers often move randomly, usually due to hardware problems. But if the movements involve making the correct choices to run particular programs, malicious humans are somewhere involved.

Not as common as some of the other attacks, many hackers will break into a computer, wait for it to be idle for a long time (like after midnight), then try to steal your money. Hackers will break into bank accounts and transfer money, trade your stocks, and do all sorts of rogue actions, all designed to lighten your cash load.

What to do: If your computer “comes alive” one night, take a minute before turning it off to determine what the intruders are interested in. Don’t let them rob you, but it will be useful to see what things they are looking at and trying to compromise. If you have a cellphone handy, take a few pictures to document their tasks. When it makes sense, power off the computer. Unhook it from the network (or disable the wireless router) and call in the professionals. This is the one time that you’re going to need expert help.

Using another known good computer, immediately change all your other logon names and passwords. Check your bank account transaction histories, stock accounts, and so on. Consider paying for a credit-monitoring service. If you’ve been a victim of this attack, you have to take it seriously. Complete restore of the computer is the only option you should choose for recovery. But if you’ve lost any money, make sure to let the forensics team make a copy first. If you’ve suffered a loss, call law enforcement and file a case. You’ll need this information to best recover your real money losses, if any.

No. 8: Your antimalware software, Task Manager, or Registry Editor is disabled and can’t be restarted

This is a huge sign of malicious compromise. If you notice that your antimalware software is disabled and you didn’t do it, you’re probably exploited — especially if you try to start Task Manager or Registry Editor and they won’t start, start and disappear, or start in a reduced state. This is very common for malware to do.

What to do: You should really perform a complete restore because there is no telling what has happened. But if you want to try something less drastic first, research the many methods on how to restore the lost functionality (any Internet search engine will return lots of results), then restart your computer in Safe Mode and start the hard work. I say “hard work” because usually it isn’t easy or quick.

HAS YOUR EMAIL BEEN HACKED?

A major concern we all have is whether our email accounts have been hacked/owned and that we might experience data leaks if that is the case.  I use this one very reliable digital tool to test for any emails breaches:

PWNEDLIST.COM

(Most legit email testers or anti-hacking sites substitute the “O” in “owned” with a “p” to lessen the confusion between the letter and the numeral zero.)

General rule of thumb regarding online security: If it feels weird, it is.

BNI Operatives: Situationally aware.

As always, stay safe.

Digital Evidence Degrading or Inaccessible? Slow Computer? Spring PC Tune-Up.

slow pc

Few things in one’s workday are as frustrating as trying to open up a hard-stored document/graphic – that is, an item reposited on the hard drive or a removable storage device such as a thumb drive or external hard drive – and getting nowhere.  Either you receive an open document command fail message or the spinning wheel of document retrieval whirls forever.  This situation becomes even more aggravating when the item is a necessary piece of evidence (email, e-documents, incriminating photos or videos…) that you needed yesterday.

Most often, storage degradation or inability to retrieve stored items results from poor PC maintenance.  (The other main causes of a slow-running pc are: inadvertent computer ingestion of morning joe, internal dust bunnies or a pre- ehistoric model PC/laptop.)

In this week’s Bulletin, we will provide you with eight clean-up tips on boosting your PC’s performance in an effort to lessen the likelihood of negative retrieval events.

1) Uninstall unused programs

New PCs come with a boatload of programs you will never use, or even know exist.

To remove unwanted programs, open the Control Panel’s Programs feature and uninstall those you do not need.

If you are unsure about which programs to uninstall and those which are critical to system operation, try a third-party called such as PC Decrapifier – it’s free for non-commercial use – which, despite its funky name,  should tell you which programs you don’t need.

2) Delete temporary files

Temporary files pile up on your computer through everyday tasks and can remain on your hard drive, slowing the computer down. Get rid of these files:

a – Open “My Computer”, and select your local drive (usually C:\). Select the “Windows” folder and then open the folder titled “Temp”.

b – Open your browser’s History option and delete temp files and finally,

c – Empty the Recycle Bin.

All of these tasks can easily be scheduled to occur automatically through the same access options listed above.

3) Install a solid state drive

Hard drives are the biggest cause of slow speeds and especially slow startup speeds on your PC.

Installing a solid state drive, which have extremely fast read times, can speed up your startup considerably.

What is a solid state drive, you might intelligently ask?  From Wikipedia (not a source for actual news or validated history but we see no reason why they would mislead on us on a simple hardware definition):

A solid-state drive (SSD) (also known as a solid-state disk though it contains no actual disk, nor a drive motor to spin a disk) is adata storage device that uses integrated circuit assemblies as memory to store data persistently.

SSDs have no moving (mechanical) components. This distinguishes them from traditional electro-mechanicalmagnetic disks such as hard disk drives (HDDs) or floppy disks, which contain spinning disks and movable read/write heads.  Compared with electromechanical disks, SSDs are typically more resistant to physical shock, run silently, have lower access time, and less latency.

Got it? Okay.

4) More hard drive storage

Even if you diligently clean out all your temporarily files, bottom line, if your hard drive becomes 85 per cent full, it’s going to affect your computer’s speed.

If you regularly film videos or use your PC for recording television or video monitoring purposes, you will want as big a hard drive as you can get, up to 1TB in size.

5) Prevent unnecessary start-ups

The number of programs launched at Start Up will primarily affect how long it takes for your laptop or PC to startup, but often these programs continue to run and use up your computer’s memory.

From the Start Up menu, deselect the programs you do not need or want to operate as your computer is starting up or even as it is in use.

6) More RAM

RAM, which stands for Random Access Memory, is the temporary storage memory used by your computer and is in use when tasks are being executed by different programs.  Logically, therefore, the more programs you use, the more RAM you need, and the slower your computer will be if you don’t have enough.

A clear indicator of not having enough RAM is if your computer slows down every time you try to process large files, or it freezes will carrying out several different actions at once.

You can either add more RAM with an extra memory stick or two or getting completely new memory if all the slots are taken. There is –  theoretically – no upper limit on the amount of RAM that you can have with a 64-bit operating system.

If you don’t know which type RAM to buy for your computer, (or if you do and are ready to order), we highly recommend Crucial.com which offers two ways to upgrade your system’s RAM: and Advisor tool in which you enter your computer’s relevant data or Crucial’s Scanner option: a downloadable system analyst which returns manufacturer RAM suggestions. (Crucial can also provide you with these same options regarding hard drive and solid state drives.)

You can also find out how many RAM your computer is using in the Task Manager’s Performance tab (hit Ctrl-Shift-Esc and then More Details to bring this up).

7) Run a disk defragment

Disk defragment basically reconfigures how your hard drive stores information for optimum efficiency.

Go to “My Computer”, right-click on the hard drive (usually C) and select “Properties”. Under the “Tools” tab there should be an option to “Defragment Now”.

8) Run disk clean up

Windows also includes a built-in disk de-cluttering tool called “Disk Cleanup”.

It searches through the system for unnecessary large files such as temporary Internet files, program installers, and so on.

Access Disk Cleanup by clicking “Start > All Programs > Accessories > System Tools > Disk Cleanup”.

*******************

If after doing all, most or some of the above, you find no discernible improvement in your computer’s speed, talk to us about debugging.

BNI Operatives: Situationally aware; info savvy.

As always, stay safe.

Electronic Crime Scene Investigations; Evidence Collection. II/II

In Part I of our two-part Electronic Crime Scene Investigations series, we covered recognizing and securing an electronic crime scene.  In this post, we delve into the actual investigation itself.

First and foremost, now that you have identified and isolated all persons with access from the crime scene, please ensure that they provide your investigator with a release similar to the below.  (Please check with your local law enforcement on particular jurisdictional guidelines.)

CONSENT TO SEARCH ELECTRONIC MEDIA AND CLOUD STORAGE
I, __________________, hereby authorize __________________, who has identified himself / herself as an investigator lawfully engaged by _____________________, and any other person(s), including but not limited to a computer forensic examiner, he / she may designate to assist him / her, to remove, take possession of and / or conduct a complete search of the following: computer systems, electronic data storage devices, computer data storage diskettes, DVDs, or any other electronic equipment capable of storing, retrieving, processing and / or accessing data and any and all cloud storage accounts that may contain any company information, files and references.
The aforementioned equipment and storage will be subject to data duplication / imaging and a forensic analysis for any data pertinent to the incident / criminal investigation.
I give this consent to search freely and voluntarily without fear, threat, coercion or promises of any kind and with full knowledge of my constitutional right to refuse to give my consent for the removal and / or search of the aforementioned equipment /data, which I hereby waive. I am also aware that if I wish to exercise this right of refusal at any time during the seizure and or search of the equipment / data, it will be respected.

This consent to search is given by me this ________ day of, __________________
20__________, at ____________ am / pm.

Location items taken from: ____________________________________________
Consenter Signature: ________________________________________________
Witness Signature: _________________________________________________
Witness Signature: _________________________________________________

Evidence Collection
Handling digital evidence correctly is essential to preserving the integrity of the physical device as well as the information or data it contains. Turning off the power to a computer or other electronic device may cause the information or data stored on it to be damaged or lost.
If you are not trained in handling digital evidence —
• Do not attempt to explore the contents of a computer or other electronic device or to
recover information from it.
• Do not alter the state of a computer or other electronic device.
• Do not press any keys or click the mouse.
• If the computer or device is off, leave it off.
• Do not move a computer or other electronic device that is powered on.
• Do not accept offers of help or technical assistance from unauthorized persons.
• DO request technical assistance from personnel with advanced equipment and training in digital evidence collection.  See http://www.ecpi-us.org/Technicalresources.html for a list of available resources.

Assess the Situation

Before caputring digital evidence, make sure you have the legal authority to do so. Improper access to information or data stored on electronic devices may violate provisions of various local, sate and federal laws.

After securing the scene and identifying the computer’s power status, follow the steps listed below for the situation most like your own. (If the final suggestion in each situation is “Proceed to If Computer Is On” or “Proceed to If Computer Is Off.”, those two sections are posted on the bottom on this article.)

Situation 1: Monitor is on. Program, application, work product, picture, e-mail or Internet site is displayed.

1. Photograph screen and record information displayed.
2. Proceed to “If the Computer Is ON”

Situation 2: Monitor is on. Screen saver or picture is visible.
1. Move mouse slightly without depressing buttons or rotating wheel if present.
2. Note any onscreen activity that causes a change in the display.
3. Photograph screen and record information displayed.
4. Proceed to “If the Computer Is ON”

Situation 3: Monitor is on. Display is blank.
1. Move mouse slightly without depressing buttons or rotating wheel if present.
2. Display changes to login screen, work product, or other visible display.
3. Note change in display.
4. Photograph screen and record information displayed.
5. Proceed to “If the Computer Is ON”

Situation 4a: Monitor is off. Display is blank.
1. If monitor’s power switch is in off position, turn monitor on.
2. Display changes to a login screen, work product or other visible display.
3. Note change in the display.
4. Photograph screen and record information displayed.
5. Proceed to “If the Computer Is ON”

Situation 4b: Monitor is off. Display is blank.
1. If monitor’s power switch is in off position, turn monitor on.
2. Display does not change. Screen remains blank.
3. Note that the display does not change.
4. Photograph blank screen.
5. Proceed to “If the Computer Is OFF”.

Situation 5: Monitor is on. Display is blank.
1. Move mouse slightly without depressing any buttons or rotating the wheel if present.
2. If display does not change, confirm that power is supplied to the monitor.
3. If display remains blank, check computer case for active lights and listen for fans spinning or other indications computer is on.
4. If computer case gives no indication that it is powered on, proceed to “If the Computer Is OFF”.

================================

If the Computer Is OFF
For desktop, tower and minicomputers follow these steps:
1. Document, photograph, and sketch all wires, cables, and devices connected to the computer.
2. Uniquely label and photograph the power supply cord and all cables, wires or USB drives attached to the computer and the connection each of these occupies on the computer.
3. Remove and secure the power supply cord from the back of the computer and from the wall outlet, power strip or battery backup device.
4. Disconnect and secure all cables, wires and USB drives from the computer and document the device or equipment connected at the opposite end.
5. Place tape over the floppy disk slot if present. Ensure that the CD or DVD drive trays are retracted into place and tape across the drive tray to prevent it from opening.
6. Place tape over the power switch.
7. Record the make, model, serial numbers and any user-applied markings or identifiers.
8. Record or log computer and all cords, cables, wires, devices and components according to agency procedures.
9. Carefully package all evidence collected to prevent damage or alteration during transportation and storage.

For laptop computers follow these steps:
1. Document, photograph and sketch all wires, cables and devices connected to the laptop.
2. Uniquely label and photograph all wires, cables and devices connected to the laptop and the connection each occupies.
3. Remove and secure the power supply and all batteries from the laptop computer.
4. Disconnect and secure all cables, wires, and USB drives from the laptop and document the equipment or device connected at the opposite end.
5. Place tape over the floppy disk slot if present. Ensure that the CD or DVD drive trays are retracted into place and tape across the drive tray to prevent it from opening.
6. Place tape over the power switch.
7. Record the make, model, serial numbers and any user-applied markings or identifiers.
8. Record or log the laptop computer and all cords, cables, wires, devices and components according to agency procedures.
9. Carefully package all evidence collected to prevent damage or alteration during transportation and storage.

If the Computer Is ON
Removing the power supply is generally the safest option. If evidence of a crime is visible on the computer display, however, request assistance from personnel with experience in volatile data capture and preservation.

Immediate disconnection of power is recommended when —
• Information or activity on screen indicates that information or data is being deleted or overwritten.
• A destructive process appears to be in progress on the computer’s data storage device(s).
• The system is powered on in a typical Microsoft Windows® environment. Pulling the power supply cord from the back of the computer will preserve information about the last user account logged in, login time, most recently used documents, most
recently used commands, and other valuable information.

Immediate disconnection of power is NOT recommended when —
• Information or data of apparent evidentiary value is in plain view onscreen. Seek assistance from personnel with advanced training in digital evidence collection.
• Indications exist that any of the following are active or in use: Chat room(s), text documents, remote data storage, Instant Messaging (IM), child pornography, contraband, financial documents, data encryption and obvious illegal activities.
• The device is a mobile or smart phone. Leave mobile and smart phones in the power state in which they were found.

Improper shutdown of mainframe computers, servers or a group of networked computers may result in the loss of data, loss of evidence and potential civil liability. Secure the scene and request assistance from personnel with advanced training in digital evidence collection of large or complex computer systems.

(We suggest you print Parts I and II of this series into a manual format.)

BNI Operatives: Street smart; info savvy.

As always, stay safe.

Electronic Crime Scene Investigations; Assessing & Documenting the Situation. I/II

When a computer crime is suspected in the workplace, action must be taken immediately. We’ll take you through a step by step computer crime scene investigation; the same protocol that we security and information specialists conduct.

When securing and evaluating the scene:
• Do not alter the state of an electronic device. If a computer or an electronic device is off, leave it off.
• Remove all unauthorized persons from the area where evidence is to be collected.
• Identify, seize and secure all electronic devices, including personal ones used at work. (Have the employee sign a release or note the type of device and serial number – including the hard drive serial number, if s/he refuses).
• Recognize potential digital evidence in telephones, digital video recorders, other office appliances and motor vehicles.

If the computer is on or the power state cannot be determined:
• Look and listen for indications that the computer is on — e.g., fans running, drives spinning and lit light-emitting diodes (LEDs).
• If you cannot determine the power state of the computer, observe the monitor to determine if it is on, off or in sleep mode.
• Check display screen for signs of data destruction.  Look out for words such as “delete,” “format,” “remove,” “copy,” “move,” “cut” or “wipe.”
• Look for indications that the computer is being accessed remotely and/or signs of ongoing com-
munications with other computers or users — e.g., Instant Messaging (IM) windows or chat rooms.
• Take note of all cameras and determine whether they are active.

Preliminary Interviews
•Separate and identify all persons of interest and record the location they occupied when you entered the scene. Obtain the following information from interviewee(s):
• Purpose of computers and devices.
• All users of the computers and devices.
• Type of Internet access and Internet service provider.
• Computer and Internet user information — e.g., login names, user account names and passwords, and Instant Message screen names.
• E-mail and Web mail (Web-based e-mail) accounts and Web pages.
• Account information for online social networking Web sites — e.g.,  Facebook, LinkedIn
• All security provisions, data access restrictions, destructive devices or software in use.
• Any automated applications in use.
• Any other relevant information.

Documenting the Scene
Your documentation should include:
• The type, location, position, condition and power status of the device.
• A record of all activity and processes visible on the display screen(s).
• A record of all physical connections to and from the computers and other devices.
• A record of any network and wireless components capable of linking devices to each other and the Internet.
• The type, condition and power status of the device’s Internet and network access.
• Video, photos, notes and sketches to assist in recreating/conveying the details of the scene.
(Some computer systems and electronic devices — and the information they contain — may be protected under applicable laws, agency policies or other factors, that may prohibit collection of these devices or components.  That’s when you call in a pro.  However, do include the location, condition and power state of these devices in your documentation.)

Movement of a running computer or electronic device may cause changes or damage to the computer or device or the digital evidence it contains. Computers and electronic devices should not be moved until it is determined by a professional that it is safe to do so. 

In Part II/II we will get into the meat of Evidence Collection.  The instructions we will impart will not be generalizations but rather, actual, working directions.

Our Operatives: A step ahead.

As always, stay safe.