What to expect when you’re… surfing Pt. 2

No one is safe on the Internet. This is a common expression, which not by accident happens to be true.

Hackers come in two sorts––the ones that like to disrupt things for creating a better world and the ones that like to mess with things to create personal harm. It’s the latter hacker that you need to guard against (the first type just requires you to keep an open mind). If you’re worried that your computer or electronic device may have been hacked, take your gut-felt concerns seriously and act quickly. Hackers can get into devices in surprising ways but what you need to understand is how this might manifest itself to you when looking at your screen. Here are some possible indicators that you might have been hacked, along with suggestions for quick action.

But Before that – Check our Managed Firewall if you want to be fully protected anytime!

Consider whether anything out of the usual is happening on your computer.

You know your computer and how it runs better than anyone else. If it was working okay before but suddenly starts behaving oddly, it might be a sign of age or a broken part but the following issues could be just as likely to be signs of a hacking:

• You have standard programs and files that won’t open or work.
• Files that you didn’t delete appear to have disappeared, have been placed in the bin or have been deleted.
• You cannot access programs using your usual password. You find that your passwords have been changed within your computer.
• There is one or more programs on your computer that you didn’t put there.
• When you’re not using the computer, it is connecting itself to the internet frequently.
• File contents have been changed and you didn’t do the changes.
• Your printer may behave strangely. It may not print no matter what you do or it will print different pages that you did not command it to.

Go online. Here too you can find possible signs of having been hacked:

• One or more sites refuse you access because of password failure. Try various of your usual sites; if the password access continues to be barred, this may be due to having been hacked. Did you respond to a phishing email by any chance (a fake email asking you to change security details/update passwords)?
• Your internet searches are being redirected.
• Extra browser screens may appear. They may switch on and off without you doing anything. They may be a shade darker or the same color but you’ll be able to see them.
• If you’ve bought a domain name, you may not be able to obtain it once you’ve paid for it.

Look for other standard hacker malware, overrides, etc. Here are some other things that might occur when hacked:

• Fake virus messages. Either you have virus software or you don’t; if you don’t, such messages will automatically alert you. If you do, then provided you know what your program’s messages should look like, then you’ll also be alerted to the messages being fakes. Do not click on it; it’s a scam to get you to release credit card details in a panic to get rid of viruses on your computer. Be aware that the hacker is already controlling your computer
• Additional toolbars appear in your browser. They may carry messages about “helping” you. There should only be one toolbar. Be suspicious if they multiply.
• Random and frequent pop-ups appear on your computer. You’ll need to get rid of the program that is doing this.
• Your anti-malware, virus software doesn’t work, appears disconnected. Your Task Manager or Registry Editor may also be out of action.
• People in your email address list get fake emails from you.
• Money is missing from your bank account or you get bills to pay for online purchases you haven’t made.

If you simply won’t have any control over anything you do, prioritize the probability that you are at the receiving end of being hacked. In particular, if your mouse cursor is moving around the screen and performing real actions that have actual results, a human is at the other end manipulating this. If you’ve ever had to allow access to work I.T. to fix your computer remotely, you’ll know what this looks like when it’s done for benign purposes. If it’s not authorized, then you’ve been hacked.

• Check your personal information. Google yourself. Are there returns of personal information online that you haven’t personally released? This may not show up immediately but keeping an eye on this possibility may be important if personal information is released.

What to do.

Disconnect from the internet immediately. The best thing to do while continuing to investigate is to disconnect from the internet and online connectivity. That way, if a hacker is still in your computer, you’ve just removed the source of connection.

• Pull the router plug out of the socket to be absolutely certain there is no connection!
• Print this page off or PDF it before powering down so that you can continue to follow the instructions offline. Or, read it on a separate device that isn’t hacked.

Start up the computer in safe mode. Keep it disconnected completely and use your computer’s safe mode to reopen it (check the computer’s operating manual if you’re not sure what to do).

Check if there aren’t any “new programs” (eg. Anti-virus, Anti-spyware, etc.) OR if programs and files won’t work or open. If you find anything, uninstall it as best you can. If you don’t know how, get a computer-savvy helper or call mobile computing help to come and do it for you.

Do a sweep of your computer with an anti-virus/spyware scanner you trust (for example, Avast Home Edition, AVG Free edition, Avira AntiVir, etc.). Again, get someone knowledgeable to help you if you’re unsure what to do.

If that turns up with nothing, back up important files. Then do a complete system restore and update the computer.

Contact your bank and any store accounts you have to alert them to a possible problem. Ask them for advice about what to do next to protect your funds.

Alert friends that they may have received compromised emails from you. Warn them to delete the emails and to not follow any links if they have opened them.

Evernote became the latest member of the “we’ve been hacked” club. And the thing is, what was once a pretty exclusive club now lets just about everyone in these days. I’m a member too. And as I discovered when I was hacked last year, my experience was distressingly commonplace. And yet while being hacked may be increasingly familiar, it isn’t getting any less stressful or confusing. It’s hard to know what to do, or where to begin, immediately afterward.

Whether you were hacked, phished, had malware installed or just don’t know what the heck happened but there’s somebody all up in your e-mail, here are a few good first steps to take following an incident. This is by no means comprehensive, but it’s a good start.

Ask Yourself Why

While you are fixing things, it’s a good time to take a step back, and ask yourself a more basic question: What was the reason for the breach? If it was your bank account, the answer may be obvious. In other cases, such as e-mail, it can be for a host of reasons – from using it to send spam, to requesting money from your contacts, to getting password resets on other services. An attacker may even be trying to gain access to your business. Knowing why you were targeted can also sometimes help you understand how you were breached.

Reset Your Passwords

Immediately change the password on the affected service, and any others that use the same or similar password. And, really, don’t reuse passwords. You should be changing your passwords periodically anyway as a part of routine maintenance. But if you’ve just been hacked, it’s now more urgent. This is especially true if you reuse passwords, or use schemes that result in similar passwords (like 123Facebook, 123Linkedin, 123Google).

“Password reuse is one of the great evils and its very hard to prevent,” says PayPal’s principal scientist for consumer security Markus Jakobsson. Sites can set up password requirements – for example a character length or that a password include symbols and numbers – but they cannot force people into not reusing the same or similar passwords. “It’s very common for people to use similar or the same password but it’s very rare for people to realize that it creates a liability for them to do it and that they need to change their password after they’ve been hacked.”

Update and Scan

There’s a possibility that the attacker got in via your machine. Almost all malware is installed by victims themselves, if unknowingly. And if something nasty is on your computer, you need to get it off before you start a recovery process. Make sure you are running the most recent version of your operating system. Download a solid anti-virus product and run a scan for malware and viruses that may have been the source of the attack. This is the most basic thing you can do, so do it now. And moreover, use a brand-name commercial program that you pay for.

“Malware antivirus software isn’t perfect – they have a hit ratio of 50 to 75 percent and can miss almost as much as they find, but it’s better than nothing,” explains Jakobsson. And why should you pay for it? “Most people who search for ‘free antivirus’ end up installing malware.”

Take Back Your Account

Most of the major online services have tools in place to help you get your account back after it has been taken over by someone else. Here’s how to do that on Apple, Facebook, Google, Microsoft, Twitter and Yahoo. Typically, you’re going to need to be able to answer some questions about your account. Facebook has a novel method that relies on friend verification. Are you using a service not listed here? Typically you can find your way back in by searching for its name plus “account recovery.”

Check for Backdoors

Smart hackers won’t just get into your account, they’ll also set up tools to make sure they can get back in once you’ve gotten them out. Once you have your accounts back, you should immediately make sure there isn’t a back door somewhere designed to let an attacker back in. Check your e-mail rules and filters to make sure nothing is getting forwarded to another account without your knowledge. See if the answers to your security questions were changed, or if those questions themselves have changed.

Follow the Money

If there is an element of commerce involved in the affected account, thoroughly review any activity on that account. Verify that no new shipping addresses have been set up on your account, no new payment methods have been added, or new accounts linked. This is especially true of sites that let you make one-click purchases, or issue payment cards.

“Attackers do things for a reason,” says Jakobsson. “If we are talking about attacking your Bank of America account or PayPal the reason is obvious: They want your money. What criminals will often want to do is hook up a debit card to your account. If they add an address and then request a financial instrument, that is a way for them to monetize.”

Perform a Security Audit on All Your Affected Accounts

Often, one account is simply used as a gateway to another. Your Dropbox account may only be a means to get at something stored there. Your e-mail might only be a path to your online banking. Not only do you need to secure the account you know was hacked, but you need to check all the others it touches as well. Reset your passwords on those services, and treat them as if they have been compromised.

De-Authorize All Those Apps

This is one of those non-obvious but important steps. One of the first things you should probably do if you’ve had an account compromise is de-authorize all the associated apps that use that account for login or for its social graph. For example, Google, Twitter, Facebook, Dropbox and many others support OAuth, which enables third party apps to use account APIs without having to give them the account login information. But if a hacker has used it to authorize another device or service, and remains logged in there, simply changing your password won’t get them out. There could be a rogue client out there that you remain unaware of even after regaining access to your account. The best bet is to pull the plug on everything you’ve given access to. Here they are on Google, Facebook and Twitter. It may be a pain to go back through and re-authorize them, but it’s less so than leaving a malicious individual lurking in your account. And in any case, doing so periodically is just good hygene.

Lock Down Your Credit

It’s bad enough you had your email hacked, but you really don’t want your identity stolen as a result. Services like LifeLock will do this for you for a fee, but you can also do it yourself by contacting the three major credit reporting agencies directly. Depending on the state you live in, locking down your credit might be free, provided you’ve filed a police report.

Speak Out

Say that your Facebook account gets hacked, there’s a good chance you won’t lose any money, but your friends might. The mugged-in-London scam works by hijacking your identity to contact friends to request money. It’s also true, though less commonly so, on AIM and Google Talk and other services. There may also be data that you need to let others’ know has been accessed–from financial matters to sensitive personal information.

But there’s another reason to do this too, and it’s the same reason for this very article, which is to raise awareness. The best tactic of all is to do everything in your power to not be hacked: to run up to date software, use good password hygiene, and make backups of everything in your system.