“Errare Humanum Est” – To err is human.
We take no pleasure in pointing out that there have been PC security breaches that have had considerable impact on people’s lives. Sensitive data can fall into the wrong hands and we fully appreciate that this happens. We point it out here to emphasize that one, it does happen; and two, it can happen to the best of us. Well… to those of us that have placed considerable effort, time, and resources on having high levels of security in place.
Despite best efforts and intentions – it can happen. So let’s first review some recent hacks and then move on to detecting the signs that your PC may have been compromised.
Ashley Madison
Let’s start off with the details of the Ashley Madison attack which are now more available to the public – along with all the compromised data. The aftermath of this unprecendented privacy attack had even reached our own team at CompuClever.
What Was Taken? Employee emails – 300 GB of emails – as well as tens of thousands of user pictures and messages. The data stolen includes: names, addresses, email accounts, and details about sexual preferences. The sexual preference data was made public in the files that were released.
How? It’s called a SQL-injection hack. This attack takes advantage of a software application running on the site which causes the site’s databases to fork over the data.
What Was The Motive? “…because they [the attackers] were morally outraged at the behavior its web sites [Ashley Madison’s sites] condoned”[1]
Security: What Did They Do Right? They didn’t store full credit card information in the database and they were able to protect customer passwords.
What Did They Do Wrong? This would include the following…
- Not effectively protecting credit card transactions and personal information.
- Recording IP addresses of their accountholders. This opens the door in determining that, for example, hundreds of US government employees, some with positions in the White House, Congress and law enforcement agencies, were using government web connections to access their Ashley Madison accounts. The list includes an attorney in the Justice Dept and a government hacker working for the Department of Homeland Security!
CIA Director – John Brennan
We were surprised to hear of a recent hack to the email account of the CIA Director John Brennan. It may not have been as well publicized, but it does come as being equally shocking. Let’s use the same format to look more closely at the details.
How? There was a claim made by a hacker who describes having broken into John Brennan’s AOL account. The hacker says he first did a reverse lookup of Brennan’s mobile phone number to discover that he was a Verizon customer. Then one of the hackers posed as a Verizon technician and called the company asking for details about Brennan’s account. Verizon gave up information including: account number, four-digit PIN, the backup mobile number on the account, Brennan’s AOL email address, and the last four digits on his bank card. The hacking team then contacted AOL stating their account had been locked out and they lured AOL into resetting the password. Brennan’s AOL account was repeatedly reset despite Brennan’s efforts to regain control of it. The hackers also breached the Comcast account of Homeland Security Secretary, Jeh Johnson.
What Was Taken? The hackers described gaining access to sensitive government documents stored as attachments in Brennan’s personal account after he had forwarded them from his work email. The documents include a sensitive 47 page SF86 form that Brennan had filled out to obtain his top-secret government security clearance.
There have been in fact two letters published by WikiLeaks by former senator chairman Christopher Bond listing the types of torture that should be forbidden for US personnel. For now, six pilfered files have been made public including the SF86 form.
What Was The Motive? The hacker states he’s less than 20 years old and was working with two other people on the breach. He had contacted Brennan by VoIP (online chat call), and when asked what it was they wanted, he replied: ““We just want Palestine to be free and for you to stop killing innocent people.”
Security: What Did They Do Right? Given the information here, the struggle to gain control of the AOL account took three attempts and in the end Brennan had to delete his AOL account. At that point the attackers had enjoyed three days of access.
What Did They Do Wrong? Transferring sensitive data from work emails (with likely adequate security) to AOL emails.
Signs of a PC Attack
If you are suspicious that your PC has been acting “funny” or there are certain indicators which lead you to suspect it may have been tampered with – it could be it is displaying signs of a real malicious attack. There are certain common traits that our CompuClever support team is very familiar with and that we have found in our research on this topic. Here is our list.
1. Friends receive fake emails from you
If you open up your email “Spam” folder you are likely to see a lot of emails sent by friends and they likely have no idea the emails are being sent. Likewise, your PC could be sending emails automatically to people in your address book.
Solution: This was the first method of passing on viruses in the early days of computing. These days it is more likely that only some emails are sent to a subset of your email addresses. It could be that the emails and contact information was stolen from social media sites and has nothing to do with your computer. To be on the safe side it is best to run an AV scan and check for unwanted items installed on your PC.
2. Unwanted browser toolbars
This is a common sign of malware exploitation. You are likely experiencing several toolbars on your web browser that were not there previously. Unless you recognize the vendor or know how it got there – you need to take action.
Solution: Remove unwanted toolbars and, if required, reset your browser to the original settings.
3. Frequent random popups
This is both common and annoying! What you experience is browser popups from websites. There are websites that can be hijacked or are illegitimate and they can override the mechanisms in place to prevent popups.
Solution: Get rid of any toolbars that are recently added (see item #2 above) and recently installed items that are unfamiliar to you (as above in item #1). For more information, read our previous coverage about foistware and how to remove them.
4. Fake AV (antivirus) messages
This is similar to the previous item. The chances are if you are seeing warning messages, you are likely infected. In all likelihood malware has taken advantage of an unpatched application such as Java software or an Adobe program. The scam includes a fake scan of your system identifying lots of viruses that are not really there. If you follow the directions you can be taken to a well-designed site which accepts your financial payment information. This scam also results in their gaining full control of your system.
Solution: Save any information and close any applications that you can and then power down your PC. You can disconnect from any wireless source by turning off your Wi-Fi router (or open in Safe mode if you are familiar with this), and then remove any items that have recently been installed (as above in item #1). Connect to the Internet again if it feels safe to do so and then run a full AV scan.
5. Booby trap website
This is where you click a link (such as the ones that come up after a web search), and the link takes you to a site you were not expecting. In some cases a message pops up on your screen and displays a warning that you have a virus. Next, a voice comes on your speakers saying you need to call the phone number provided right away or your system will be infected. You are unable to turn off these warnings even when closing the browser.
Solution: Turn down your speakers or mute them. Press the following keys in sequence: Ctrl + Shift + Esc. Your Task Manager will appear and you can select the items in the list and click the button “End Task”. If you can’t find the item on that list open the “Processes” tab and examine the CPU column. Select items that are showing CPU activity and do not appear to be part of the system functions, and then select “End Process”.
6. Online passwords change
If you experience an online password or passwords having changed it could be that you have been hacked or the site has been hacked. We covered this scenario in the CIA Director hack. The term for this is a phishing scam. Confidential information was obtained through illegitimate means. The hacker then changes the logon information (such as the password), and then can proceed to steal finances or make transactions. In some cases the hacker can pretend to be you using your information in an attempt to gain finances from friends or acquaintances.
Solution: Notify the online service to report the compromised account. If friends or acquaintances are involved, notify all your contacts and warn them to not fall victim to the scam. If you used the same login information on other sites or financial institutions, change the credentials right away.
7. Unexpected software installs
We have in past articles referred to PUPs – Potentially Unwanted Programs and how they appear on your PC without apparent provocation. You may have read also how we strongly recommend that you read software licenses and un-select any items that may appear during installation of a legitimate application. In many cases these items appear after you have installed a program you want but the installation was a bundled software package.
Solution: As stated in item #1 above, locate the item or items and uninstall.
8. Your mouse moves by itself
Yikes! You have been hacked. Sometime a mouse can jump on the screen to a different section but if it appears it is making selections as though being operated from an invisible user – you have been hacked. This often can be seen when your system is idle for a long period of time and hackers will attempt to access your finances or perform various malicious actions for financial gain or to further cripple your system.
Solution: If you can take a video of the event this will help when attempting to recover any losses. If they are accessing your financial accounts power off your system or turn off the WiFi router. You’ll need to use an unaffected PC and change all your account credentials / passwords to any financial transaction sites. Next, report the attack and contact professionals. You may need to completely restore your PC (see item #9).
9. Certain functions are disabled and can’t be restarted
Another common sign that is a clear indication that your system is compromised is having certain functions disabled – especially your AV application or Windows Task Manager. If you do not know how these were disabled and suspect they were tampered with you need to take action immediately.
Solution: You will need to restore your system to a previous working condition. Start by examining your system using the methods described above. Next…
10. Your bank account is missing money
Hackers will steal large sums of money if they have your financial credentials. Typically this involves transferring funds to a foreign exchange or bank. This could mean that you have been the victim of a phishing scam or that your PC has been sabotaged.
Solution: In most cases financial institutions will replace stolen funds and will work to stop the transaction before the damage is done. There have been some cases where the courts rule in favor of the bank if negligence is proven on the part of the customer. Contact your financial institution immediately and perform an AV scan of your system. In terms of prevention, make sure your financial institution sends you alerts in the event of suspicious activities or if certain transactions thresholds are exceeded. We strongly recommend that you acquire a qualified antivirus solution that provides you with adequate protection for online banking.
11. Online purchases are made by a hacker
This involves having the perpetrator hijack an online account, making a purchase, and shipping the purchased item(s) to a select destination. This can involve ordering many items of merchandise at one time when you still have sufficient funds to cover the purchases.
Solution: You need to change your logon credentials and determine how they were compromised in the first place. The previous solutions above can be considered. Fortunately, credit card companies deal with fraudulent transactions much better than in previous years. We recommend reporting the crime as pointed out above in item #8 and scanning your system for evidence of infection.
Antivirus Solutions
Let’s face it, being 100% on top of potential malware attacks all the time is not achievable. Having the right tools in place takes most of the burden off. AV security tools are a necessary part of our PC reality. This year we are pleased to have entered this arena with what we know to be a top contender – CompuClever AntiVirus PLUS. It is capable of monitoring the behaviour of PC processes in real-time and it detects suspicious activities.
Many AV applications need to face the ongoing challenge of dealing with new malware exploits – especially those that are less than 24 hours old. In order to do this, heuristics are utilized.
In Summary
We have covered a great deal of PC attack scenarios. It is our hope that you do not experience any of these. If you do see the warning signs, we encourage you to take the necessary actions as described here. Keep in mind that there are agencies and professionals that can assist you when the chips are down. For our CompuClever customers we have a well qualified team of support technicians that are available. Visit our Support Center at: https://www.compuclever.com/support/
If you have some ideas of topics you would like us to cover or have other feedback to offer, email us at: newsletter@compuclever.com