|NOTE: For the second time in two months, Windows users are susceptible to a global malware attack. To protect yourself against this one, called Petya, I recommend reviewing my articles “What You Need to Know to Protect Yourself from Ransomware” and “When You Should Disable Server Message Block v1.”|
Signs You’ve Been Hacked
It’s either easy or hard to determine if you’ve been hacked. In the case of ransomware, it’s extremely easy to know when you’ve been hacked: You get a request for money.
However, the goal of most of the best hackers is to leave you blissfully ignorant of any wrongdoing. This way, your machine and your network access remains a resource for them to exploit. For example, the NSA tools that were recently released to the public were designed to allow for silent access to a system. The exploits released back in April have been patched by Microsoft, but they point out the goal of these nation-state attackers is to be stealthy and covert.
So then if the goal of these tools are to be silent, how can you then know when you have been attacked? This is often the hardest of all – often you only know if you have a firewall software that is set to alert you to something unusual connecting to your system. At the office I am using a Sophos firewall that I can block access from other foreign countries. But at home it’s harder to find solutions that give me the same information. One that I’ve been testing lately is Glassware that gives a visual view into the connections my computer is making and identifies what country the connections are coming from. While “chatty” — it initially alerts you to traffic as it learns the normal connections your system does — Glasswatr does expose a lot of detail about what is going on in your computer system to expose if something or someone nefarious is accessing your system.
Forensic examiners also use log files and examine newly introduced code into a system. Often attackers will utilitize file names and services that are similar to actual windows files and services in order to hide their tracks. Often it’s a case of understanding what files and logs are normal and which ones are not and then determining what the malicious code was intent on doing. It’s not an easy process for sure to examine a system.