How can I tell if a keylogger got added to my PC while I was in Beijing?
How can I tell if a keylogger got added to my PC while I was in Beijing?. Discuss How can I tell if a keylogger got added to my PC while I was in Beijing?, on Wireless Forums.
How can I tell if a keylogger got added to my PC while I was in Beijing?
I was in Beijing, and I used my Windows PC there with a freeware firewall
and freeware anti virus and freeware malware scanners.
Recently a friend said nearly all American travelers were to be warned by
the State Department that their laptops, if left in the hotel, were almost
certainly compromised.
How could I tell if a keylogger or other spyware was inserted onto my
laptop by the Chinese?
Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?
Donna Ohl wrote:
> I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
>
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
>
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
You mean physically, by hands-on access to your machine?
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
>
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
>
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
>
Worse case scenario, you wont. There are programs inpervious to detection,
you could always format and re-install your laptop if you are that worried
about it. Next time be a little more aware of 'free' stuff ...... theres no
such thing as free !
Donna Ohl wrote:
> I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
>
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
>
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
Usually, depending on which ones you have, these are adequate
safeguards. A couple of anti-spyware applications could also be
added to round things out.
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
Physical access to the machine trumps all!
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
Scan for everything under the sun from a *clean* environment.
Booting from a known clean boot cd should thwart *most*
malware from interfering with the scanning.
Follow the advice of PA Bear as well. If I am not mistaken, the
HijackThis program has to be run from the tainted environment
in order to get at the registry data it needs to scan.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
I guess zeroes are good enough for stopping a process from
accessing the data, by this leaves you open to forensic probes.
"FromTheRafters" <erratic@nomail.afraid.org> wrote in message
news:O%23RknFJOJHA.1396@TK2MSFTNGP05.phx.gbl...
> "Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
> news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>>I was in Beijing, and I used my Windows PC there with a freeware firewall
>> and freeware anti virus and freeware malware scanners.
>
> Usually, depending on which ones you have, these are adequate
> safeguards. A couple of anti-spyware applications could also be
> added to round things out.
>
>> Recently a friend said nearly all American travelers were to be warned by
>> the State Department that their laptops, if left in the hotel, were
>> almost
>> certainly compromised.
>
> Physical access to the machine trumps all!
>
>> How could I tell if a keylogger or other spyware was inserted onto my
>> laptop by the Chinese?
>
> Scan for everything under the sun from a *clean* environment.
> Booting from a known clean boot cd should thwart *most*
> malware from interfering with the scanning.
>
> Follow the advice of PA Bear as well. If I am not mistaken, the
> HijackThis program has to be run from the tainted environment
> in order to get at the registry data it needs to scan.
>
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Trespasser" <andie_online@hotmail.com> wrote in message
news:S62dnaLCn4x9bJjUnZ2dnUVZ8jSdnZ2d@bt.com...
> Worse case scenario, you wont. There are programs inpervious to
> detection, you could always format and re-install your laptop if you are
> that worried about it. Next time be a little more aware of 'free' stuff
> ...... theres no such thing as free !
>
There is nothing impervious to detection if you use the right tools and are
willing to invest the time needed to find them. Personally, I would just do
a secure wipe and practice better safeguards in the future.
"FromTheRafters" <erratic@nomail.afraid.org> wrote in message
news:uHA7lPJOJHA.2100@TK2MSFTNGP05.phx.gbl...
>I guess zeroes are good enough for stopping a process from
> accessing the data, by this leaves you open to forensic probes.
>
> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message
> news:O%23RknFJOJHA.1396@TK2MSFTNGP05.phx.gbl...
>> "Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
>> news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>>>I was in Beijing, and I used my Windows PC there with a freeware firewall
>>> and freeware anti virus and freeware malware scanners.
>>
>> Usually, depending on which ones you have, these are adequate
>> safeguards. A couple of anti-spyware applications could also be
>> added to round things out.
>>
>>> Recently a friend said nearly all American travelers were to be warned
>>> by
>>> the State Department that their laptops, if left in the hotel, were
>>> almost
>>> certainly compromised.
>>
>> Physical access to the machine trumps all!
>>
>>> How could I tell if a keylogger or other spyware was inserted onto my
>>> laptop by the Chinese?
>>
>> Scan for everything under the sun from a *clean* environment.
>> Booting from a known clean boot cd should thwart *most*
>> malware from interfering with the scanning.
>>
>> Follow the advice of PA Bear as well. If I am not mistaken, the
>> HijackThis program has to be run from the tainted environment
>> in order to get at the registry data it needs to scan.
>>
>
>
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
I've heard these rumors before, too, and I'm not convinced they're true.
I've traveled to China several times, it isn't the monolithic evil empire
that bulletins like this would seem to indicate. Any laptop left anyplace
unattended has risk; drive encryption like BitLocker is really the only way
to mitigate such attacks (other than keeping the laptop with you at all
times).
"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
> I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
>
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
>
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
| I've heard these rumors before, too, and I'm not convinced they're true.
| I've traveled to China several times, it isn't the monolithic evil empire
| that bulletins like this would seem to indicate. Any laptop left anyplace
| unattended has risk; drive encryption like BitLocker is really the only way
| to mitigate such attacks (other than keeping the laptop with you at all
| times).
This is *not* a rumour!
A warning was issued about Blackberries as well.
You said "I'm not convinced they're true".
Then you are naive.
You obviously have not read any Chinese threat assesments.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in
news:E3C4B9CE-9821-4AB1-A7B4-F523991E1416@microsoft.com:
> I've heard these rumors before, too, and I'm not convinced they're
> true. I've traveled to China several times, it isn't the monolithic
> evil empire that bulletins like this would seem to indicate. Any
> laptop left anyplace unattended has risk; drive encryption like
> BitLocker is really the only way to mitigate such attacks (other than
> keeping the laptop with you at all times).
>
Depending on where you go in China, if you leave a laptop behind, yes,
someone might come along and install something and not take your laptop.
Why would they do this? Having remote access is more valuable, let you
decrypt the data for them. :)
If you suspect your computer has been compromised, I wouldn't even bother
scanning it unless your a pro; and are willing and know how to go low level
on your own. If you don't have the skills, secure wipe the drive, and
reload the system from known clean backups. In the future, keep all
important data safe and encrypted. Using a proprierty encryption system for
the entire HD isn't a bad idea in this case. That way, no password, no
access, no dropping/installing anything.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
Dear Dustin & friends:
Dustin Cook <bughunter.dustin@gmail.com> wrote:
>"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in
>news:E3C4B9CE-9821-4AB1-A7B4-F523991E1416@microsoft.com:
>
>> I've heard these rumors before, too, and I'm not convinced they're
>> true. I've traveled to China several times, it isn't the monolithic
>> evil empire that bulletins like this would seem to indicate. Any
>> laptop left anyplace unattended has risk; drive encryption like
>> BitLocker is really the only way to mitigate such attacks (other than
>> keeping the laptop with you at all times).
>>
>
>Depending on where you go in China, if you leave a laptop behind, yes,
>someone might come along and install something and not take your laptop.
>Why would they do this? Having remote access is more valuable, let you
>decrypt the data for them. :)
>
>If you suspect your computer has been compromised, I wouldn't even bother
>scanning it unless your a pro; and are willing and know how to go low level
>on your own. If you don't have the skills, secure wipe the drive, and
>reload the system from known clean backups. In the future, keep all
>important data safe and encrypted. Using a proprierty encryption system for
>the entire HD isn't a bad idea in this case. That way, no password, no
>access, no dropping/installing anything.
To encrypt the hard disk is a very good security measure if the laptop
is stolen, but it is useless to avoid a keylogger install.
To be able to install a keylogger, the user should be logged in with
Administrator features, and I supposed that the user didn't leave the
computer unattended *and* powered on *and* logged in, did you?
Thanks
Juan I. Cahis
Santiago de Chile (South America)
Note: Please forgive me for my bad English, I am trying to improve it!
Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?
Juan I. Cahis wrote:
>
> To be able to install a keylogger, the user should be logged in with
> Administrator features, and I supposed that the user didn't leave the
> computer unattended *and* powered on *and* logged in, did you?
If the hacker has physical access to the computer, all bets are off. He
can boot from a CD or pendrive and install whatever the heck he likes on
the laptop.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:
>Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
>If the hacker has physical access to the computer, all bets are off. He
>can boot from a CD or pendrive and install whatever the heck he likes on
>the laptop.
Unless you have set the BIOS password, which any respectable SysAdmin
of any respectable business corporation doing international business
should always have set.
Thanks
Juan I. Cahis
Santiago de Chile (South America)
Note: Please forgive me for my bad English, I am trying to improve it!
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
> Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
> If the hacker has physical access to the computer, all bets are off. He
> can boot from a CD or pendrive and install whatever the heck he likes on
> the laptop.
If the laptop fully supports bitlocker and bitlocker is used, physical
access won't help you gain access to the contents of the hard drive.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
On Thu, 30 Oct 2008 11:29:51 -0300, Juan I. Cahis wrote:
> Unless you have set the BIOS password, which any respectable SysAdmin
> of any respectable business corporation doing international business
> should always have set.
BIOS passwords are trivial to bypass. Any sys admin, respectable or not,
who relies on those for security should be fired.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in news:09jOk.252876
$5p1.56150@en-nntp-06.dc1.easynews.com:
> Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
> If the hacker has physical access to the computer, all bets are off. He
> can boot from a CD or pendrive and install whatever the heck he likes on
> the laptop.
>
Not if the HD is entirely encrypted he can't. It would do him no good
whatsoever to boot from cd, no data to read. No drive to load anything
onto.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in
news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl:
> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
>> Juan I. Cahis wrote:
>>>
>>> To be able to install a keylogger, the user should be logged in with
>>> Administrator features, and I supposed that the user didn't leave
>>> the computer unattended *and* powered on *and* logged in, did you?
>>
>> If the hacker has physical access to the computer, all bets are off.
>> He can boot from a CD or pendrive and install whatever the heck he
>> likes on the laptop.
>
>
> If the laptop fully supports bitlocker and bitlocker is used, physical
> access won't help you gain access to the contents of the hard drive.
>
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
From: "Dustin Cook" <bughunter.dustin@gmail.com>
| "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in
| news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl:
>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
>> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
>>> Juan I. Cahis wrote:
>>>> To be able to install a keylogger, the user should be logged in with
>>>> Administrator features, and I supposed that the user didn't leave
>>>> the computer unattended *and* powered on *and* logged in, did you?
>>> If the hacker has physical access to the computer, all bets are off.
>>> He can boot from a CD or pendrive and install whatever the heck he
>>> likes on the laptop.
>> If the laptop fully supports bitlocker and bitlocker is used, physical
>> access won't help you gain access to the contents of the hard drive.
| Indeed. :)
All this has to what is called "Data at Rest" (DAR) and encryption techiniques to be
compliant with DAR protection requirements.
Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?
Juan I. Cahis wrote:
> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:
>
>> If the hacker has physical access to the computer, all bets are off. He
>> can boot from a CD or pendrive and install whatever the heck he likes on
>> the laptop.
>
> Unless you have set the BIOS password, which any respectable SysAdmin
> of any respectable business corporation doing international business
> should always have set.
Like I said, physical access trumps all. How long do you think it would
take to zap the cmos battery or remove the HDD, boot it in a spare
laptop and then replace the (now infected) HDD?
Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?
Kerry Brown wrote:
>
> If the laptop fully supports bitlocker and bitlocker is used, physical
> access won't help you gain access to the contents of the hard drive.
While I understand your point, you're still wrong. If you have physical
access you can clone the drive and spend as long as you want cracking
encryption.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl...
> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
>> Juan I. Cahis wrote:
>>>
>>> To be able to install a keylogger, the user should be logged in with
>>> Administrator features, and I supposed that the user didn't leave the
>>> computer unattended *and* powered on *and* logged in, did you?
>>
>> If the hacker has physical access to the computer, all bets are off. He
>> can boot from a CD or pendrive and install whatever the heck he likes on
>> the laptop.
>
>
> If the laptop fully supports bitlocker and bitlocker is used, physical
> access won't help you gain access to the contents of the hard drive.
With physical access to a machine, what prevents you from adding
option rom and re-initializing the TPM? I assume by "fully supports"
you were referring to boot axis validation through the TPM.
Otherwise, as the thread is about keylogging (and possible rootkit)
the contents can be had. The TPM feature puts up quite a roadblock
though.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
news:5ZqOk.72594$yq3.53462@en-nntp-07.am2.easynews.com...
> Kerry Brown wrote:
>>
>> If the laptop fully supports bitlocker and bitlocker is used, physical
>> access won't help you gain access to the contents of the hard drive.
>
> While I understand your point, you're still wrong. If you have physical
> access you can clone the drive and spend as long as you want cracking
> encryption.
Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?
Kerry Brown wrote:
> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
> news:5ZqOk.72594$yq3.53462@en-nntp-07.am2.easynews.com...
>> Kerry Brown wrote:
>>>
>>> If the laptop fully supports bitlocker and bitlocker is used,
>>> physical access won't help you gain access to the contents of the
>>> hard drive.
>>
>> While I understand your point, you're still wrong. If you have
>> physical access you can clone the drive and spend as long as you want
>> cracking encryption.
>
> Theoretically yes.
No, IRL.
> In the real world - good luck.
And its not like the chinese govt have access to supercomputers.
Remember, this thread is all about paranoia.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
news:AXBOk.217580$1p1.93637@en-nntp-08.dc1.easynews.com...
> Kerry Brown wrote:
>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
>> news:5ZqOk.72594$yq3.53462@en-nntp-07.am2.easynews.com...
>>> Kerry Brown wrote:
>>>>
>>>> If the laptop fully supports bitlocker and bitlocker is used, physical
>>>> access won't help you gain access to the contents of the hard drive.
>>>
>>> While I understand your point, you're still wrong. If you have physical
>>> access you can clone the drive and spend as long as you want cracking
>>> encryption.
>>
>> Theoretically yes.
>
> No, IRL.
>
> > In the real world - good luck.
>
> And its not like the chinese govt have access to supercomputers.
> Remember, this thread is all about paranoia.
Ahh - if you're talking about the Chinese government they would just use the
secret imbedded Manchurian chip they install on all electronics manufactured
in China to access the data.
Anything's possible but AFAIK even a supercomputer wouldn't be able to brute
force AES in any sort of useful time frame.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
"FromTheRafters" <erratic@nomail.afraid.org> wrote in message
news:e0mcBFvOJHA.1144@TK2MSFTNGP05.phx.gbl...
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl...
>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
>> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
>>> Juan I. Cahis wrote:
>>>>
>>>> To be able to install a keylogger, the user should be logged in with
>>>> Administrator features, and I supposed that the user didn't leave the
>>>> computer unattended *and* powered on *and* logged in, did you?
>>>
>>> If the hacker has physical access to the computer, all bets are off. He
>>> can boot from a CD or pendrive and install whatever the heck he likes on
>>> the laptop.
>>
>>
>> If the laptop fully supports bitlocker and bitlocker is used, physical
>> access won't help you gain access to the contents of the hard drive.
>
> With physical access to a machine, what prevents you from adding
> option rom and re-initializing the TPM? I assume by "fully supports"
> you were referring to boot axis validation through the TPM.
>
> Otherwise, as the thread is about keylogging (and possible rootkit)
> the contents can be had. The TPM feature puts up quite a roadblock
> though.
>
> http://www.ngssoftware.com/research/...CI_Rootkit.pdf
>
Interesting reading but as I read it the techniques used would be very
specific to a limited number of systems (i.e. no generic attack) and blocked
by the use of a TPM. The attacker would have to have some pre-existing
knowledge of the target (or be very lucky) and the target couldn't be using
a TPM. For anyone that would be a target of this kind of sophisticated
attack I doubt they would leave a laptop with critical data on it unattended
or even that they would be carrying a laptop with this kind of data on it.
Anyone targeted this way would probably be as sophisticated as the attacker.
Paranoia abounds, but in real life it's rarely justified. In the context of
the original question - we don't have enough data. If bitlocker or some
other form of disk encryption wasn't in use and the OP is worried the
solution is to wipe the hard drive and restore from a backup taken before
travelling to China.
Re: How can I tell if a keylogger got added to my PC while I was in Beijing?
Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in
news:aXqOk.72593$yq3.34533@en-nntp-07.am2.easynews.com:
> Juan I. Cahis wrote:
>> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:
> >
>>> If the hacker has physical access to the computer, all bets are off.
>>> He can boot from a CD or pendrive and install whatever the heck he
>>> likes on the laptop.
>>
>> Unless you have set the BIOS password, which any respectable SysAdmin
>> of any respectable business corporation doing international business
>> should always have set.
>
> Like I said, physical access trumps all. How long do you think it
> would take to zap the cmos battery or remove the HDD, boot it in a
> spare laptop and then replace the (now infected) HDD?
Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?
In article <09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com>, Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:
>Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
>If the hacker has physical access to the computer, all bets are off. He
>can boot from a CD or pendrive and install whatever the heck he likes on
>the laptop.
Pop the hard drive out, lock it up, hide it, take it with you. It's very
simple.
Dennis
=================
Posted Via Usenet.com Premium Usenet Newsgroup Services
---------------------------------------------------------- http://www.usenet.com
How can I tell if a keylogger got added to my PC while I was in Beijing? 
Linear Mode
