What To Do If You Think Your Computer Has Been Hacked Into
Have you ever had your computer hacked, or wondered if some off mouse movement was down to an online intruder?
The threat remains a potent one, but with adequate security software installed on your computer you should find that your data remains intact and private.
However, if you think there is a greater-than-normal chance of intrusion or if you want to be aware of the threats and how to deal with them, use what follows as a starting point for understanding how to deal with a hacked computer.
Spotting a Hack
It is easy to be paranoid about these matters, but knowing how to recognise a hack attack can be tricky.
Vain hackers who are full of their own self-importance might leave you a note – perhaps a bit of desktop graffiti or a malware “timebomb” – but those are rare. Most hacks are courtesy of Trojan software and related automated tools, so uncovering an intrusion – particularly an online one – can prove difficult.
If you suspect a hack, first of all consider why you think this might have happened. Do you have sensitive information stored on your computer? Are you known as someone who might have access to private data? Next, check the files in your directory browser, taking care to note their “Last Modified” times and dates. Do not open the files, however, as doing so might result in the activation of malware.
Instead, run your anti-virus and anti-malware software, and then make backups of the vital files and folders before opening them.
Checking Your Firewall
Of course, the first thing to do if you suspect a hack attack on your PC is to check your firewall software.
These utilities always update activities to the log, so it is a case of opening the firewall console and working out where the log is stored. If there has been an attempt to hack your computer in the past then this will be recorded.
Don’t take the lack of a successful intrusion record as evidence of no hack attack, however – it might also mean that the perpetrator is skilled in keeping their fingerprints off your ports.
However in 99.9% of cases a good quality firewall will keep your computer secure. See our list of recommended firewalls for more information.
No Firewall? What to do…
If for some reason you don’t already have firewall software installed on your computer (why on earth not?!) then there are other things you can check.
Many users connect to the Internet via a router, either at work or in the home, and if you have permission to access this you will be able to view the traffic in and out of your computer. Checking the logs on the router will enable you to determine whether or not your computer has been hacked and if any data has been copied, although beware: this will take a while to track down, so you will need to have a good idea of when the attack occurred.
If a Trojan is running on your system and opened remote access to your computer then you should be able to tell pretty quickly. Slow performance and network activity when you’re not using a web browser, email client, downloading software or an IM client will all point to an intrusion, as will the more obvious loss of control (this is rare however, as hackers would probably use a separate session). If network activity is odd then switching off your router or disconnecting your Ethernet cable is the best solution as the hacker has probably disabled your ability to disconnect within the operating system.
After disconnection, restart your computer, staying offline, and run your anti-virus and anti-malware software. You should also use a secondary computer to download an update to your firewall software and install this on the first device.
Unfortunately so many of us are concerned about online hacking that we ignore the much more obvious method of gaining entry to a computer system – in person.
There are various ways of doing this, from using a USB stick with a live operating system installed on it to simply guessing a password (and this is if the user even has a password set on their computer and knows how to lock the screen) and either method can be used to quickly gain access to the data stored on a hard disk drive.
Computer passwords should always be used for the operating system and you should also consider setting a password to boot your computer past the BIOS, thereby preventing the use of a USB live OS.
Similarly, external storage devices should be securely stored in locked cupboards, along with any clue that they even exist. Disc sleeves, cases and USB cables should be tidied away.
With so much to consider, taking steps to protect your data is the best answer. There is no way to protect the data stored on your computer 100%, so taking additional steps is wise. In addition to up-to-date firewall and anti-virus/anti-malware software, consider a registry protection tool and take advantage of any hard disk encryption tools that are available to you. Recent versions of Mac OS X and Windows have this facility built in.
Ultimately, awareness is your most important weapon. Hackers can’t steal data from your computer when it is switched off, for instance, while storing valuable data on removable drives and media that can be locked away or kept on your person will protect you from the effects of hacking.
If you understand the risks, you can take appropriate action.