Security Fundamentals

Detecting Attacks

Have I been hacked?

Knowing whether you've been hacked, like our friend in the video, can be difficult.

This is because in most cases, there's nothing obvious happening. Cyber-crime. by its very nature, is sneaky. So, often the time at which the crime is actually carried out and the time it's discovered can be separated by days or even weeks.

Fortunately, there are some signs that can tell you whether your security has been compromised, but you have know what to look for.

The next section will examine what you can do, once you've discovered you've been hacked.

1. Unwanted browser toolbars

Unusual toolbars appearing in your browser is common sign that a system has been hacked. Unwanted software has been installed onto the system that affects the way the browser works. Often, the toolbar bar is named in a way that suggests that it has been added to help to encourage you to leave it alone.

But unless you know where it came from, get rid of it.

Unwanted toolbars
Hijacked Search Engine

2. Redirected internet searches

Frequently combined with the arrival of bogus toolbars, the browser is hijacked and redirects 'search requests' away from your favourite search engine to another or to places where you don't want to go.

In many cases, this is because the hacker is getting paid according to the number of requests made through a particular search engine clicks or clicks on someone else’s website.

Notice how similar the hijacked search page (search.iminent.com) is to Google's own page.

3. Fake virus warnings or security alerts

Less popular than it used to be, as more people become more aware of it, it remains as a good example of the multi-layered attack that hackers can launch.

Suddenly many viral warnings or security alerts appear on the system with a link to a site promising a solution to the infection. The infection of course is fake. Only the malicious software producing the fake message is real. An example of 'scare-ware' the aim of the hacker is to frighten users into buying and downloading unnecessary software containing back-doors into the users system.

When users arrive at a seemingly legitimate professional looking site promising solutions to many viral infections complete with glowing recommendations, the 'phishing site' promises to deliver the software in return for payment, getting credit card and financial information.

Through scare-ware and phishing, the hackers achieve a double whammy, the hackers Holy Grail: getting money and control of the computer. Happy days indeed.

Random Popups

4. Increased number of Random Pop-ups

Pop-ups appearing with increasing regularity on sites where they don't normally appear. A sure sign that you've been infected by 'adware': software created by hackers to bypass the browser's anti-pop-up.

As with other cases, hackers create adware because they could be getting paid on a per click basis.

5. Online Passwords change without warning

If this happens, it's highly likely you've been hacked or the online service has suffered a security breach.

Telling the difference between the two situations can be difficult. If the user responds to a 'phishing' email claiming to be from a service and which requests some action that leads to an attempted login, then the user has been hacked. The hacker receives the logon information from the phishing site; then logs on as the original user to change the password, redirect money or place online orders in the users name. They may even attempt to obtain money from friends of the user while pretending to be the victim.

Not a great quality video, but it shows how easy it is to hack into a Mac, change the password and leave without a trace. Fortunetely the laptop is owned by the user, but what if it was yours?

Bundled Software

6. Unexpected Software installs

Unexpected programs suddenly appear in the programs list. Whereas previous malware attempted hide and work through making illegal changes to legitimate programs, current hacker practice is to install malware in plain sight, pretending to be legitimate useful programs. This is so that the hackers can argue in court, that their programmes are produced by a legitimate software company.

This kind of software is frequently installed as part of a bundle of legitimate programs. So care needs to be taken giving permission to license agreements at the start of software installs.

7. Mouse moves independently

This is one of the most obvious 'give aways' that you've been hacked. It happens during long idle periods, mostly at night, when devices will 'come alive'. The mouse cursor can be observed moving with purpose about the screen making correct choices from series of options.

Incidents of this kind represents a total compromise of your computer systems and accounts. Effectively, someone has total control of your computer.

8. Contact from suppliers concerning non-payment

Whoops! Looks like a hacker has managed to lift credit card and financial information from a device and used it to place online orders, with the goods being delivered to another address.

Hackers can then turn these goods into money, perhaps selling them on through ebay, at discounted 'too good' ignore prices.

Alternatively, the hackers can sell the credit card and count information on to another bad guy, who buys the goods to sell them on.

9. Bank account missing money

A pretty obvious sign, although you don't find out about it until after the event. And the amounts of money taken tend to be large. A hacker who has your financial information knows it's not going to go unnoticed for long, so they going to steal money to the max.

To complicate matters, hackers frequently transfer the money through foreign exchanges or banks. Recovering the money for overseas banks accounts can be difficulty.

Bank Robbery
windows Defender Disabled

10. Vital security software is immobilised

You can be sure your system is compromised if you find important software necessary for maintaining security is shut down. It normally begins with the 'turning off' of any anti-malware programs designed to protect from attack.

A more sophisticated attack will also disable the Task Manager and or the Registry Editor to limit control over the running programs and attempt to correct to remove the programs by editing the registry.

Tasks
Program Listing

Looking at the screen shot there are some unusual items I would choose to find more about. Prospect, Proteus and Prototype 2 because they're aren't from a recognised publishers. Also Prospect at 11.1 GB, is using an unsual amount of storage space. Another is PunkBuster Services. What does that do?

These programs may be okay, but they would be one I would want to check out.

The Search for Cherry Red: Homework

Check out what programs you have on your computer. Are there any you don't recognise or don't know what they do?

DO NOT DELETE any programs without checking first.

  1. Depending on your operating system find your way to your programs list On Windows 10 go to Settings -> System -> Apps & features. On other Windows OS try Start -> Control Panel -> Programs
  2. Look carefully at the list for any program name you don't know or program from a publisher you don't know.
  3. Complete an online search for the program name to discover what it does.
  4. If you don't want it for the purposes of what it does, then uninstall it. It may be a spoof program or be hijacking part of your browser. But take care and check first.

Create a page in your notebook titled Detecting Attacks and:-

  1. Explain why it can be hard to know whether you've been 'hacked'
  2. Provide a list of 5 clues that may indicate you've been hacked.
  3. For each of the clues explain why they might reveal a successful hacking attack.
  4. Identify what software protection is used on the school computers.
  5. Discover what software protection is used on your devices at home (tabletslaptops/desktops)
Have I Been Hacked?
You should be able to:-
  • Give a number of examples of signs that let you know you've been hacked.
  • Describe what users can do after they've discovered they have been hacked.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee