How can I tell if a keylogger got added to my PC while I was in Beijing?

Dennis · 11-01-2008, 03:10 AM

In article <09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com>, Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:
>Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
>If the hacker has physical access to the computer, all bets are off. He
>can boot from a CD or pendrive and install whatever the heck he likes on
>the laptop.

Pop the hard drive out, lock it up, hide it, take it with you. It's very
simple.

Dennis
=================

Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
http://www.usenet.com

LR · 11-01-2008, 04:34 AM

Dustin Cook wrote:

> heh, physical access doesn't trump encryption.
>
>
>
>
http://citp.princeton.edu/memory/

<http://www.channelregister.co.uk/2008/02/27/bitlocker_hack_prevention/>
"Question is, will anyone use them?"

Mark McIntyre · 11-01-2008, 07:09 AM

Dustin Cook wrote:
> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in
> news:aXqOk.72593$yq3.34533@en-nntp-07.am2.easynews.com:
>
>> Juan I. Cahis wrote:
>>> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:
>>>
>>>> If the hacker has physical access to the computer, all bets are off.
>>>> He can boot from a CD or pendrive and install whatever the heck he
>>>> likes on the laptop.
>>> Unless you have set the BIOS password, which any respectable SysAdmin
>>> of any respectable business corporation doing international business
>>> should always have set.
>> Like I said, physical access trumps all. How long do you think it
>> would take to zap the cmos battery or remove the HDD, boot it in a
>> spare laptop and then replace the (now infected) HDD?
>
> heh, physical access doesn't trump encryption.

Course it does. You can image the HDD, you can install hardware that
intercepts the decrypted stream en route between disk and memory, you
can put in a modded CMOS or BIOS that includes a builtin keylogger or
data logger thats part of the firmware etc etc etc.

If you have access to the box for long enough, its yours.

David H. Lipman · 11-01-2008, 08:10 AM

From: "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net>

| Course it does. You can image the HDD, you can install hardware that
| intercepts the decrypted stream en route between disk and memory, you
| can put in a modded CMOS or BIOS that includes a builtin keylogger or
| data logger thats part of the firmware etc etc etc.

| If you have access to the box for long enough, its yours.

Now your making things up...
"put in a modded CMOS or BIOS that includes a builtin keylogger "

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

FromTheRafters · 11-01-2008, 06:24 PM

"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
news:_FXOk.81640$ym1.68821@en-nntp-09.am2.easynews.com...
> Dustin Cook wrote:
>> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in
>> news:aXqOk.72593$yq3.34533@en-nntp-07.am2.easynews.com:
>>> Juan I. Cahis wrote:
>>>> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:
>>>>
>>>>> If the hacker has physical access to the computer, all bets are off.
>>>>> He can boot from a CD or pendrive and install whatever the heck he
>>>>> likes on the laptop.
>>>> Unless you have set the BIOS password, which any respectable SysAdmin
>>>> of any respectable business corporation doing international business
>>>> should always have set.
>>> Like I said, physical access trumps all. How long do you think it
>>> would take to zap the cmos battery or remove the HDD, boot it in a
>>> spare laptop and then replace the (now infected) HDD?
>>
>> heh, physical access doesn't trump encryption.
>
> Course it does. You can image the HDD, you can install hardware that
> intercepts the decrypted stream en route between disk and memory, you can
> put in a modded CMOS or BIOS that includes a builtin keylogger or data
> logger thats part of the firmware etc etc etc.
>
> If you have access to the box for long enough, its yours.

Replies in this thread seem to back and forth between two of the hackers'
motivations. One where he is after the data at rest, and one where he goes
after subverting the system (and maybe gets the data after decryption). The
subject line asks about a keylogger that may have been added during the
time the laptop was left unattended in a hotel room - and how to detect it.

I assume of course a so-called "rootkit" was involved. Any hacker worthy
of the title would want to use stealthing techniques. So the question
becomes
how can I tell if my computer has been rootkitted?

What is interesting is the shift from outright theft of a laptop to the
perhaps
more lucrative compromise of the laptop. Steal someone's personal data
and open a credit card account - then buy a truckload of laptops. Modern
banking makes it all possible - and they charge you for "protection" against
such happenings.

....what a racket!

Jeff Liebermann · 11-01-2008, 06:34 PM

On Sat, 1 Nov 2008 19:24:04 -0400, "FromTheRafters"
<erratic@nomail.afraid.org> wrote:

>I assume of course a so-called "rootkit" was involved. Any hacker worthy
>of the title would want to use stealthing techniques. So the question
>becomes
>how can I tell if my computer has been rootkitted?

Windoze:
RootkitRevealer v1.71
<http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx>

Linux:
ChkRootKit
<http://www.chkrootkit.org>

It's amazing what you can find with Google.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

David H. Lipman · 11-01-2008, 06:42 PM

From: "Jeff Liebermann" <jeffl@cruzio.com>

| On Sat, 1 Nov 2008 19:24:04 -0400, "FromTheRafters"
| <erratic@nomail.afraid.org> wrote:

>>I assume of course a so-called "rootkit" was involved. Any hacker worthy
>>of the title would want to use stealthing techniques. So the question
>>becomes
>>how can I tell if my computer has been rootkitted?

| Windoze:
| RootkitRevealer v1.71
| <http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx>

Fpr Windows Gmer is *better* !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman · 11-01-2008, 06:45 PM

From: "FromTheRafters" <erratic@nomail.afraid.org>

| Replies in this thread seem to back and forth between two of the hackers'
| motivations. One where he is after the data at rest, and one where he goes
| after subverting the system (and maybe gets the data after decryption). The
| subject line asks about a keylogger that may have been added during the
| time the laptop was left unattended in a hotel room - and how to detect it.

| I assume of course a so-called "rootkit" was involved. Any hacker worthy
| of the title would want to use stealthing techniques. So the question
| becomes
| how can I tell if my computer has been rootkitted?

| What is interesting is the shift from outright theft of a laptop to the
| perhaps
| more lucrative compromise of the laptop. Steal someone's personal data
| and open a credit card account - then buy a truckload of laptops. Modern
| banking makes it all possible - and they charge you for "protection" against
| such happenings.

| ...what a racket!

Since we are talking about China, we would be dealing with the PLA. The Chinese
government has a "relationship" with the Chinese hacher community. The purpose of which
woul be espiniage. Either industrial or military. They would NOT steal the notebook.
There intent woul be a stealthy install of malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Mark McIntyre · 11-01-2008, 06:54 PM

David H. Lipman wrote:
> From: "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net>
>
>
> | Course it does. You can image the HDD, you can install hardware that
> | intercepts the decrypted stream en route between disk and memory, you
> | can put in a modded CMOS or BIOS that includes a builtin keylogger or
> | data logger thats part of the firmware etc etc etc.
>
> | If you have access to the box for long enough, its yours.
>
> Now your making things up...

Ya reckon?

> "put in a modded CMOS or BIOS that includes a builtin keylogger "

PC BIOSes are on EEPROMS. Booting the pc from a CD and running a custom
BIOS upgrade is far from beyond the bounds of possibility.

People hack the BIOS for CD and DVD drives all the time to add features
and remove region settings. A quick google search shows that numerous
people have hacked their PC bios to enable features that the mobo
provider decided weren't for use.

FromTheRafters · 11-01-2008, 07:42 PM

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:mbidnV_lk8S7d5HUnZ2dnUVZ_rDinZ2d@giganews.com ...
> From: "FromTheRafters" <erratic@nomail.afraid.org>
>
>
> | Replies in this thread seem to back and forth between two of the
> hackers'
> | motivations. One where he is after the data at rest, and one where he
> goes
> | after subverting the system (and maybe gets the data after decryption).
> The
> | subject line asks about a keylogger that may have been added during the
> | time the laptop was left unattended in a hotel room - and how to detect
> it.
>
> | I assume of course a so-called "rootkit" was involved. Any hacker worthy
> | of the title would want to use stealthing techniques. So the question
> | becomes
> | how can I tell if my computer has been rootkitted?
>
> | What is interesting is the shift from outright theft of a laptop to the
> | perhaps
> | more lucrative compromise of the laptop. Steal someone's personal data
> | and open a credit card account - then buy a truckload of laptops. Modern
> | banking makes it all possible - and they charge you for "protection"
> against
> | such happenings.
>
> | ...what a racket!
>
> Since we are talking about China, we would be dealing with the PLA. The
> Chinese
> government has a "relationship" with the Chinese hacher community. The
> purpose of which
> woul be espiniage. Either industrial or military. They would NOT steal
> the notebook.
> There intent woul be a stealthy install of malware.

Yes, it would be naive to think such things don't happen.

It's funny how "paranoid" one seems once he knows such things do happen.

I could tell you stories ... but I value my freedom.

)

Thread: How can I tell if a keylogger got added to my PC while I was in Beijing?

Thread Tools

Display

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

Re: How can I tell if a keylogger got added to my PC while I was in Beijing?

Re: How can I tell if a keylogger got added to my PC while I was in Beijing?

Re: How can I tell if a keylogger got added to my PC while I was in Beijing?

Re: How can I tell if a keylogger got added to my PC while I was in Beijing?

Re: How can I tell if a keylogger got added to my PC while I was in Beijing?

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

Re: How can I tell if a keylogger got added to my PC while I was in Beijing?

Thread Information

Users Browsing this Thread

Posting Permissions