How can I tell if a keylogger got added to my PC while I was in Beijing?

[David H. Lipman]

From: "Steve Riley [MSFT]" <steve.riley@microsoft.com>

| I've heard these rumors before, too, and I'm not convinced they're true.
| I've traveled to China several times, it isn't the monolithic evil empire
| that bulletins like this would seem to indicate. Any laptop left anyplace
| unattended has risk; drive encryption like BitLocker is really the only way
| to mitigate such attacks (other than keeping the laptop with you at all
| times).

This is *not* a rumour!

A warning was issued about Blackberries as well.

You said "I'm not convinced they're true".
Then you are naive.

You obviously have not read any Chinese threat assesments.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Dustin Cook]

"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in
news:E3C4B9CE-9821-4AB1-A7B4-F523991E1416@microsoft.com:

> I've heard these rumors before, too, and I'm not convinced they're
> true. I've traveled to China several times, it isn't the monolithic
> evil empire that bulletins like this would seem to indicate. Any
> laptop left anyplace unattended has risk; drive encryption like
> BitLocker is really the only way to mitigate such attacks (other than
> keeping the laptop with you at all times).
>

Depending on where you go in China, if you leave a laptop behind, yes,
someone might come along and install something and not take your laptop.
Why would they do this? Having remote access is more valuable, let you
decrypt the data for them.

If you suspect your computer has been compromised, I wouldn't even bother
scanning it unless your a pro; and are willing and know how to go low level
on your own. If you don't have the skills, secure wipe the drive, and
reload the system from known clean backups. In the future, keep all
important data safe and encrypted. Using a proprierty encryption system for
the entire HD isn't a bad idea in this case. That way, no password, no
access, no dropping/installing anything.


--
Regards,
Dustin Cook, Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org

[Juan I. Cahis]

Dear Dustin & friends:

Dustin Cook <bughunter.dustin@gmail.com> wrote:

>"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in
>news:E3C4B9CE-9821-4AB1-A7B4-F523991E1416@microsoft.com:
>
>> I've heard these rumors before, too, and I'm not convinced they're
>> true. I've traveled to China several times, it isn't the monolithic
>> evil empire that bulletins like this would seem to indicate. Any
>> laptop left anyplace unattended has risk; drive encryption like
>> BitLocker is really the only way to mitigate such attacks (other than
>> keeping the laptop with you at all times).
>>
>
>Depending on where you go in China, if you leave a laptop behind, yes,
>someone might come along and install something and not take your laptop.
>Why would they do this? Having remote access is more valuable, let you
>decrypt the data for them.
>
>If you suspect your computer has been compromised, I wouldn't even bother
>scanning it unless your a pro; and are willing and know how to go low level
>on your own. If you don't have the skills, secure wipe the drive, and
>reload the system from known clean backups. In the future, keep all
>important data safe and encrypted. Using a proprierty encryption system for
>the entire HD isn't a bad idea in this case. That way, no password, no
>access, no dropping/installing anything.

To encrypt the hard disk is a very good security measure if the laptop
is stolen, but it is useless to avoid a keylogger install.

To be able to install a keylogger, the user should be logged in with
Administrator features, and I supposed that the user didn't leave the
computer unattended *and* powered on *and* logged in, did you?


Thanks
Juan I. Cahis
Santiago de Chile (South America)
Note: Please forgive me for my bad English, I am trying to improve it!

[Mark McIntyre]

Juan I. Cahis wrote:
>
> To be able to install a keylogger, the user should be logged in with
> Administrator features, and I supposed that the user didn't leave the
> computer unattended *and* powered on *and* logged in, did you?

If the hacker has physical access to the computer, all bets are off. He
can boot from a CD or pendrive and install whatever the heck he likes on
the laptop.

[Juan I. Cahis]

Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:

>Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
>If the hacker has physical access to the computer, all bets are off. He
>can boot from a CD or pendrive and install whatever the heck he likes on
>the laptop.

Unless you have set the BIOS password, which any respectable SysAdmin
of any respectable business corporation doing international business
should always have set.


Thanks
Juan I. Cahis
Santiago de Chile (South America)
Note: Please forgive me for my bad English, I am trying to improve it!

[Kerry Brown]

"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
> Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
> If the hacker has physical access to the computer, all bets are off. He
> can boot from a CD or pendrive and install whatever the heck he likes on
> the laptop.


If the laptop fully supports bitlocker and bitlocker is used, physical
access won't help you gain access to the contents of the hard drive.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/

[Paul Adare]

On Thu, 30 Oct 2008 11:29:51 -0300, Juan I. Cahis wrote:

> Unless you have set the BIOS password, which any respectable SysAdmin
> of any respectable business corporation doing international business
> should always have set.

BIOS passwords are trivial to bypass. Any sys admin, respectable or not,
who relies on those for security should be fired.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca

[Dustin Cook]

Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in news:09jOk.252876
$5p1.56150@en-nntp-06.dc1.easynews.com:

> Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
> If the hacker has physical access to the computer, all bets are off. He
> can boot from a CD or pendrive and install whatever the heck he likes on
> the laptop.
>

Not if the HD is entirely encrypted he can't. It would do him no good
whatsoever to boot from cd, no data to read. No drive to load anything
onto.


--
Regards,
Dustin Cook, Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org

[Dustin Cook]

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in
news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl:

> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
>> Juan I. Cahis wrote:
>>>
>>> To be able to install a keylogger, the user should be logged in with
>>> Administrator features, and I supposed that the user didn't leave
>>> the computer unattended *and* powered on *and* logged in, did you?
>>
>> If the hacker has physical access to the computer, all bets are off.
>> He can boot from a CD or pendrive and install whatever the heck he
>> likes on the laptop.
>
>
> If the laptop fully supports bitlocker and bitlocker is used, physical
> access won't help you gain access to the contents of the hard drive.
>

Indeed.


--
Regards,
Dustin Cook, Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org

[David H. Lipman]

From: "Dustin Cook" <bughunter.dustin@gmail.com>

| "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in
| news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl:

>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
>> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
>>> Juan I. Cahis wrote:

>>>> To be able to install a keylogger, the user should be logged in with
>>>> Administrator features, and I supposed that the user didn't leave
>>>> the computer unattended *and* powered on *and* logged in, did you?

>>> If the hacker has physical access to the computer, all bets are off.
>>> He can boot from a CD or pendrive and install whatever the heck he
>>> likes on the laptop.


>> If the laptop fully supports bitlocker and bitlocker is used, physical
>> access won't help you gain access to the contents of the hard drive.


| Indeed.


All this has to what is called "Data at Rest" (DAR) and encryption techiniques to be
compliant with DAR protection requirements.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp