A COMPUTER FORENSICS COMPANY

---

Am I being Hacked???

It's a valid question, especially in today's environment. I'm reminded of the quote from Benjamin Franklin "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." In the world of computers we might easily change the words “temporary safety” to “convenience.”

The problem is this: we want instantaneous results for every button that we push so that if there is a way we could push one button and get whatever we were looking for and/or needed from our computers instantaneously that would be the button that would get clicked on, all of the time.

In order for our computers to avail themselves to such convenience, our computers would have to “know” us very well. Computer software companies are attempting to cause our computers to “know” us to these deep levels through the various tracking methods that are embedded within the operating system software on the computers that we use, as well as embedding tracking inside of almost every application that we use.

Let’s just look at a very, very small list from Microsoft:

Data Description for Device, Connectivity, and Configuration data type

• Operating system - version name, edition

• Installation type, subscription status, and genuine operating system status

• Processor architecture, speed, number of cores, manufacturer, and model

• OEM details --manufacturer, model, and serial number

• Device identifier and Xbox serial number

• Firmware/BIOS operating system -- type, manufacturer, model, and version

• Memory -- total memory, video memory, speed, and how much memory is available after the device has reserved memory

• Storage -- total capacity and disk type

• Battery -- charge capacity and InstantOn support

• Hardware chassis type, color, and form factor

• Is this a virtual machine?

This is rather intrusive information. This information is collected by Microsoft about your computer and your operating system for the purposes of diagnosis in the event that your computer stopped working correctly. But they are collecting the type of operating system you are running on your computer. They're also collecting what kind of installation it was. Did the installation come from a CD, DVD, over the network, from USB device etc. They're also collecting information about your Hardware on your computer. They're collecting the serial number off of your computer. This is intrusive. Is it necessary? It depends on how fast you want your computer fixed if something goes wrong with it. Because this is the type of information that is necessary for the Customer Service

Technician on the other end of the phone to know in order to correctly diagnose what's going on with your computer if it's not working correctly. So instead of the Customer Service Technician asking you for this information it's automatically sent. So we see here a perfect example of convenience vs. privacy or security. This is just a small example of the date that is collected by Microsoft. Tip of the iceberg actually.

So if this level of data collection is occurring on a regular basis about your usage of your computer, the type of computer your, using operating system etc., what's the difference between this and actual hacking? What more information would a hacker be able to glean from your computer then what is already being collected by Microsoft? How can you tell the difference?

How can you tell the difference? That really is the question. I'm not a fan of the data collection. However I understand its usefulness.

A good question to ask is the following: What Changed and Why or How? Operating system changes and or settings should always remain the same after you turn your computer off or after you save the changes unless something is wrong. For example you see a pretty background screen and you put it on your desktop. Great. You close your computer, you come back and you have a different background. How did that happen? Well the answer is simple. Did you save your changes before the computer was closed or shutdown? If the answer to that is yes, then the real question is how did it change?

Operating systems now are fairly sophisticated and stable. So that once the changes are made on your computer those changes should stay there until you change it again. System settings changing without your express intervention such as desktop backgrounds, username access, and user names are a good indication that something is going on with your computer that needs to be looked at. Changes to files such as documents, pictures, videos etc., are also another good indication that something is going on with your computer.

Hackers are very good at gaining access to people's computers but they're very poor at cleaning up after themselves after they've been on your computer. So if you notice system changes to your computer after you have closed it down and shut it down, this would be an indication that there might be a compromise on your computer.

So what's to be done? Well the very first thing would be the obvious virus scan on your whole computer. And then verify that you have all your windows updates, up to date. And then give it a couple of days. Why? To see if the activity that you have been observing has ended. Many times performing necessary maintenance resolves most problems. If you're still having a problem you may wish to call your local computer repair shop, as they are most likely to be the most familiar with your computer. After that if the problem has not gone away and it is actually escalated, contact us at D.Eno Forensics, P.L.L.C.. We will be able to help you. 1-855-558-3366