I think I’m hacked? What next (one might ask).

These are the thoughts of a security guy compiled into what I hope will be a non boring edition. If people care they can find all the advice in the universe – passwords, software etc. Once that fails on you its a different space.

Once you think you are already hacked and you find this you are looking for ideas rather than same old el-standero advice. Which may be good advice but hardly much help. If you are in this concerning place you might need a more light hearted and less technical post to read – yet with some creative solutions at the end.

Reverse engineering being hacked:

First – take stock by turning your computer off and formulating a plan. I’m assuming you feel that you have been compromised and things were getting worse.

What is the worst that can happen

1. You might get wiped completely
2. Ransomware – your drive gets encrypted so its like the data is gone unless you pay the extortion
3. Your OS is so infected that you can’t really use it to clean itself because the tools are too resilient and just keep replacing themselves or damaging the system so you can’t remove them.

How long is it going to take to get back to where I was?

The good

Do you have backups that are relatively current? Maybe you can backtrack to before you feel you got hacked – but even that may seem as though some files or changes might be lost.

The bad

You aren’t sure what backups you have, or if they work, where they are. You really just want to turn the computer back on right now and soldier on with that anti-virus, anti-malware which has already failed you. Yes, in the past I was often able to remove an infection with a different product … but these days it gets more difficult.

Ratting is related to RAT or Remote Access Tool – like a remote support tool except for the purposes of stopping you from fixing and stealing your secrets or doing bad things. Some of these tools really won’t let you get rid of them until you find every part and delete it – likely you’ll go for maintenance or safe mode. Even there it may not be possible to find where its hiding.

The Ugly

Its time to face the ugly – its time to reinstall your system. You can go to the stop, get a new hard disk or SSD. Maybe you don’t have “recovery ware” – that lets you install the system the way it was delivered. Laptops often ask you to make some kind of USB or DVD image.

Reinstalling your system is the only way to be sure and it is what security professionals call for. This is where you end up finding yourself in “boring land” of guides like “how to perform a clean install of your computer”

They are very positive for people who have collected everything and have backups already. If you have no backup – well the best way to make a backup is to pull your disk and clone it. If that is too hard, and that’s fine – i accept that you are probably reading this saying “oh shit, oh shit” if you’ve been hacked and the truth is dawning on you.

However, it takes mere hours to reinstall to a new drive and start to copy things over if you get the right tools. So just go to a store and find someone that has a clue. Ask them for some way of cloning a disk, can they sell you a disk/ssd? Maybe they will even put an OS (windows, ubuntu, mac) onto the disk for you so you can try to boot it? You never know how resourceful a computer store person might be – they might already have all the “pre-install” stuff ready.

If you own the memory devices you’re easily protected!

Both for manual backups before it’s too late or initiating recover activities after noticing you were hacked fast useful storage media must be on hand. You can move swiftly right away if you have very fast USB drives 150mb per second, are very cheap even at large sizes. Get several because you can’t have too many but you can certainly have too few.

Go offline (disconnect your internet) and start copying important files off while you prepare other steps. One might be a recovery image you get from the manufacturer, another might be your OS installer (bootable USB) that you make from a guide. These days your USB flash drives or SD memory cards are even accessibly pre-boot. Its certainly likely to quicker and less failure prone than that old external hard disk that you probably overloaded with music and video media.

If you just got hacked rebooting may make it worse?

Before you just reboot as if you had an app/system failure consider that being infected tends to install malware that will further install itself at reboot. If you have an Ubuntu bootable USB or a recovery media, a disk cloning utility – then you can boot into a different system so your malware is not activated. Then copy things to another location to be used for recovery of your files and settings later.

When I got infected by something very potent – using p2p apps to bypass firewalls the trap was waiting for the next reboot. It rewrote the windows registry permissions to the point that I didn’t have permission to reverse it. I had backups so I decided to fight the good fight with the stuff – like I usually would and would kill it off. I had tools to kill everything running in memory besides a few important bits.

The priority should always be to copy files over to storage, make backups if you are in “the bad” (unsure if you have backed up) or “the ugly” (you lose, time to reinstall fresh) scenarios. So I can’t advise you to do to start fighting and seeking and destroying malware by hand until you have copied everything. If you did you certainly want to be “offline” and being offline you might find you can’t do anything. So you should have a clean system to download and set up bootable media and tools. Try not to use your infected system – the downloads might become infected with virus/malware that prevents you from even starting them up.

If you reboot after things were looking grim it might trigger the next, worse phase, especially if you are online (on the internet). What you should do is find some other computer – maybe you can afford to just buy one, or borrow a laptop from family or friends so you can use it to clone your disk, make USB to reinstall or fix your OS.

Travel and Home Router Tricks

If you travel, take even just one trip but plan to use the internet. If you need your laptop or phone you might find a tiny investment of say $25 to $70 USD pays over and over. Getting connected directly with your device can be temperamental and dangerously insecure. The hotel residents or staff may just record all your traffic and search it for passwords, pictures you viewed, websites you visited and more. Its not just for travel though – at home you you need this kind of serious firewall this is a minimum level to protect you even from your own ISP equipment and it’s vulnerabilities. Its not the whole solution but a crucial foundation of the puzzle.

Hotels and other public places can either have sketchy weak internet access that drives you nuts. A good little tool like this might plug in to the wall and give you your own wifi. Or it could bridge you to their wifi in the spot that “works” freeing you to sit where it is comfortable to read or work.

I can’t emphasise enough you need to be protected from other “guests” who might use this chance to attack and infect, take control of your computer of phone. Hacking is very prevalent. The last thing you want on your holiday is either spending all day just trying to find somewhere to check emails and make flight confirmations or new hotel bookings. Beyond that having your email hacked while you are away from home could lead to your bank accounts being frozen or robbed. What is so special about the products I share – they use open source, tested software. I’ve tested them and use them myself and I’ve got a history of securing companies and clients workspaces. Many of them paying thousands to protect their ability to stay online even during constant attacks from all over the world that look to break in to any place they can.

So get started with any of these products – the GL.inet GL-MT300N-V2 mini travel router. I have one very smilar. If you want something more potent from the start. This GL.iNet GL-AR750 Travel router has one more port of wired ethernet and both 2.4ghz and 5ghz wifi. Note that 5ghz is likely to max out the speed you can receive downloads if your hotel has a premium quality connection. Finally the fastest newest model is this GL.iNet GL-AR750S-Ext Gigabit Travel AC Router has full gigabit wired connectivity. So if you want to have a small network with family or friends safely behind your own firewall … this one would be a great lightweight tool.

They all power from USB – like any phone charger. Some of the models come with their own 5v USB power. You can even just plug them into your laptop USB to power them up, and that means you are only adding a tiny lightweight box to your luggage. A box that as you get to know it will likely solve a problems.

To make a long security rant short – this uses a community maintained operating system. Most companies make products and don’t keep them updated or from the very start they have flaws that are found making them a target to make you more likely rather than less to be hacked. Giving hackers a back door instead of locking them out. These devices are using the kind of system a hacker is likely to use to protect themselves. They can be as easy as pie to set up.

Tricks? – Well, it would be obvious to plug a router into your network at the wall and you get your own wifi. That’s great, but what if you go to somewhere with only wifi? Well if you want to get a bit deeper into the web pages that this device provides to help you connect everything – you can use this to get wifi and share it to you via the cable. So they come with a small thin ethernet cable. Its usually possible, especially with the bigger ones (AR750 and AR750s) to get internet with wifi and share it with the other wifi – because there are 2 wifi units (radios) in this little box.

So you can do wifi to cable access, cable to wifi access and wifi to wifi access. Yes also cable to cable access. You create a protected LAN for yourself. If there is not access you can “tether” your phone USB or use a 3G/4G usb modem to provide access to your hotel room. You can even take this down to starbucks or anywhere you go to work with your computer to protect yourself from the rest of the visitors.

Not secure enough for you? You can, with some effort, get a VPN account and use this device to connect through to another network, encrypting your communications completely. So even insecure websites are not visable to anyone watching you – like the hotel guests or staff.

It is possible to do VPN, firewall with your travel computer itself or with your phone … but its typical that something will lead you to turn it off or forget to set it up. This device is really all about dedicated security and or just making it easier and better. I’ll write some further stories – in fact I’ll explain more about security and how this protects you in ways most people don’t even know are needed yet. I even use these at home because my internet providers router/wifi is not secure enough for my purposes. I consider that already unsafe even in my own home. The company that provides it definitely have backdoors so they can watch and maybe attack you from there offices. That means that staff who once worked there probably know how to hack everyone that has that equipment. If they get through then I’m still behind a firewall.