Have I Been Hacked?
After working in digital forensics for more than eight years, it is common to receive a call from a potential client that thinks they have been “hacked.”
After a few minutes of conversation, my finely tuned “paranoid client” meter quickly becomes active. If it reaches my predetermined threshold, I try to systematically walk through the technical aspects required for this to be realistic and provide an honest assessment of whether I feel it occurred. When I don’t feel like it is feasible, my hope is that they do not waste their money and I don’t have an unsatisfied client.
However with the somewhat recent NSA hacking revelations that have been disclosed, I have had to re-calibrate my paranoia meter just a bit. The truth is that there now numerous vectors in which someone can hack you to obtain your personal data or spy on you: computers, mobile devices, and cloud platforms. To ensure relevance, I will not be discussing the NSA or major hacking groups such as anonymous, nation states, or the Russian mafia.
For computers, the crowd favorite method of spying that we encounter is the installation of commercial malware. This software can gather a wealth of valuable information. One of my first cases as a computer forensics expert involved commercial spyware and the usage was actually ruled to be Federal Wiretapping. One of the more common products that we encounter for computers is Veriato, formerly Spectorsoft. As described on their website, this software provides that ability to capture and report on:
- Chat/Instant Messaging
- Websites Visited
- Applications/Programs Used
- Online Searches
- Keystrokes Typed
- User Activity/Inactivity
- File Transfers
- Document Tracking
- Network Activity
Spectorsoft is available for both Microsoft Windows and Apple OSX. Please understand that this software executes in “stealth” mode and, due to this being a commercial product, any anti-virus protection installed will not alert on this software. Someone can get all of this and more for $99.95. While there are other products on the market, the majority of them are very similar to Spectorsoft.
As we discussed in a previous blogpost, mobile devices are overtaking computers as the technology of choice. Without a doubt, mobile devices are the No. 1 method of communication. In addition, 30 percent of users access Facebook exclusively from their mobile device. One of my favorite mobile device statistics is that 72 percent of people are never more than 5 feet from their phone. With this level of usage, spying on the computer is no longer the only objective. Most are finding that mobile devices also contain VERY valuable information. A simple Google search for either “mobile device monitoring” or “mobile device spyware” produces numerous results with varying levels of capabilities. The possible features consist of:
- Monitoring text messages
- Monitoring phone calls
- Monitoring email
- Monitoring app installs
- Monitoring photos/videos
- Monitoring Internet activity
- Monitoring locations
- Monitoring of social media usage
- Monitoring address book
- Monitoring of notes
- Monitoring of tasks
- Monitoring of calendar
While there are numerous options available, I am not aware of one application that can collect all of this information on all devices. For example, the Apple iPhone is VERY difficult to monitor in stealth for many reasons. It is more common for commercial spyware to be able to monitor the Android and Blackberry platforms.
Most all of us are using “the cloud” in some form or fashion (think Gmail, Facebook, Dropbox, iCloud, etc.). Cloud data is also becoming a target for personal and sensitive information. Once you place your data into a cloud platform, it potentially makes your data more accessible. Someone no longer needs to have physical access to your phone or computer; they simply need your username and password to get into your email, files, and social media accounts.
In some instances your iPhone backups can even be accessed with the correct username and password. If you choose to use a simple password, others can potentially determine your password and access this data. If you are a celebrity, people may even hack your iCloud account and publish “sensitive” pictures for the world to see (link is safe for work). Therefore, please choose a strong password and change is periodically (Yes, I know this is a pain). A good option for password management is LastPass.
It is possible to be hacked from different vectors such as computers, mobile devices, and cloud platforms. However, it isn’t a simple thing to do. The overwhelming majority of the time, physical access is needed to install spyware on computers and mobile devices. To determine if computers or mobile devices have spyware on them, a detailed forensic analysis by a qualified professional is often needed to gather the essential details. For cloud “hacking” a different approach is needed but catching the culprit is possible.