What To Do If You've Been Hacked?



We get this question several times a week, so it's not just you. And no, it doesn't mean you're crazy - even if your friends think so, and even if law enforcement won't take your case. People's computers and phones get hacked, every day.

Why won't the police do anything about it - isn't it a crime?

In general law enforcement will take on a case that involves endangerment of children, loss of more than about $500 in property (this changes from jurisdiction to jurisdiction and can include intellectual property), a believable threat to Homeland Security, or a clear threat to the safety of your person - like a death threat, for instance.

They may take on cyberstalking if it is part of violation of parole or a court order. Otherwise, they'll be needing you to furnish more evidence, such as that provided by a private investigator or computer forensic expert, before they'll take on a case. The police are just too busy with a limited budget.

Before you decide what you need to do about it though, you need to decide what you want to do about it: Do you just want it to stop, or do you want to catch the person who's doing it? Or both?

It's not really possible to be online and be 100% protected from hacking, but there are numerous measures you can take to make it not worth most anyone's time. They include:

  • Keep your operating system and antivirus patches updated.
  • Secure your router - especially your wireless router: The manufacturer or your Internet Service Provider can help you with the best settings for your particular equipment.
  • Don't give out your Social Security number or use it as an ID: You usually only have to give it to your employer, your financial institution and government agencies.
  • Disable your Guest account on your computer.
  • Don't make your personal info public on social networks or elsewhere.
  • Don't open email from people you don't know.
  • Don't click on links in email.
  • Don't make online purchases from sites you don't know well.
  • Use a firewall (hardware and/or software).
  • Make sure that your Android is not rooted and that your iPhone is not jailbroken.
  • Don't give any of your passwords to others.
  • Don't use the same password for everything.
  • Make sure that Administrator access on your computer is protected and accessible only to you (use a password).
  • Disable Guest access on your computer.
  • Disable remote logins
  • Require a password to log onto your computer, phone or email.
  • Use effective passwords: A good guide is at the "Perfect Passwords" page at Gibson Research Corporation's website.
If you've already been compromised, you can sometimes roll back your system via System Restore to a time before the compromise - if you know when that was. You may just want to back up your important documents, format your hard disk, reinstall your operating system and get a clean start.

On an iPhone or a BlackBerry, a factory restore will wipe out any old virus, keylogger, or other malware you might have picked up - along with everything else that you put there on purpose. Doing the same for an Android should wipe out any malware as well. Although some Android data may be recoverable by an expert after a factory reset, there should be no active malware.

But, have I been hacked?

Frankly, it's not always easy to tell.

Most apparent phone, email or computer hacking is really the result of nontechnical "human hacking." We make so much information public, it can become possible for a perpetrator to guess logins and passwords, or fool an email service into sending a password reset link for an account that is not theirs. One well-publicized recent example is Matt Honan of Wired Magazine, who famously wrote, "In the space of one hour, my entire digital life was destroyed." But nobody used any special technical skills. They just looked up information, made some clever guesses, and had a lot of chutzpah. Fortunately, most of us are not such attractive targets as a Wired journalist.

The book, "Social Engineering: the Art of Human Hacking," by Christopher Hadnagy, talks a lot about such methods, and how to protect oneself against them.

What are some signs that could indicate that you have been hacked?

  • New programs have been installed on your computer - ones you didn't install (although some software - especially free software - sneaks various programs and "helpful" browser toolbars past you).
  • New documents appear on your computer.
  • Documents disappear from your computer (although it's not hard to accidentally delete or move files around without noticing).
  • Programs pop open that you didn't click on (although there are other, innocent reasons this could happen).
  • You get odd pop-up messages that don't seem to come from a program you are using.
  • Your passwords have changed (and not because you just forgot them).
  • Your security program(s) has been uninstalled or deactivated.
  • The computer is doing things by itself - the mouse moves and clicks on things without any action by you, for instance.
  • You find information about you on the Web that should only be known to you.
  • There's a note displayed on your desktop - your screen - that you didn't put there.
What should I do if I see some of these?

Document everything you see, with dates and times, and take screen shots right away. For screen shots, it's easiest to use your cell phone camera if it's handy, but it can be done right on the computer.

  • In Windows, push the PrtScrn key (to put an image of the whole screen into your clipboard), then open a new document (such as in Paint) and press Ctrl-V (to paste the image into the document), then save it with a meaningful name, like "Screenshot at 1:27PM on Jan 1, 2012."
  • On a Mac, simultaneously press the Command (cloverleaf) key, the Shift key, and the number 3. The screen is saved to your desktop with a date and time as the name.
You can report an incident to the Internet Crime Complaint Center at ic3 dot gov and if it is what the government would consider a dramatic incident, some action may be taken.

If it involves child abuse, including abusive photographs of children, you can report the incident to the National Center for Missing and Exploited Children (missingkids.com).

What do forensics people do for clues to try to catch the perp, or generate enough evidence so that the police will take it and run with it?
  • Freeze the evidence in time with a forensic image.
  • Search the device for keyloggers, rootkits, Trojans, remote control access, bash history.
  • Search out meaningful IP addresses.
  • Search out meaningful email addresses.
  • Check Administrative and Guest User accounts for vulnerabilities.
  • Find deleted files that may be relevant.
  • Inspect Volume Shadow Copies and System Restore Points for relevant evidence.
  • Search the entire device (used and deleted/unallocated space) for text that may have been noticed or may be relevant.
  • Help to identify found IP addresses.
Hacks can happen to anyone, but it's usually not personal. Still, if you've been hacked, forensics experts can help you identify intrusions, but unless you need to catch the person, it's easier and cheaper to wipe your device and start over.