Detecting hacking and computer espionage
When investigating corporate espionage on computer systems, and looking for hacking or data breaches, we at Force Majeure use advanced scanners to find viruses and trojan horses. However, since automatic scanners can find all threats, we place our emphasis on examining vulnerabilities, back doors and any component which might be indicative of a system vulnerability and a potential for data theft. Therefore, we usually advise against removing the spyware until all or most of the digital evidence have been collected.
Hacking incidents into information systems and networks can be divided into 3 main categories:
Spyware, viruses and malware
Malware is distributed onto thousands of computers and systems for various reasons. For example: mass collection of information from large numbers of users in order to send them targeted advertising; using the computer as a “zombie”, making it take part in various cyber attacks unbeknownst to the legitimate user; password and/or identity theft, etc.
Targeted hacking
The second category of spying software is installed a specifically targeted device, since it belongs to a person or business entity. The end-game here is to collect personal information or to steal business data, in order to reveal trade secrets, collect information as ransomware, steal intellectual property etc.
Hacking into computers, user accounts and servers without spyware
Hacking into a computer or organizational network without installing spyware is possible. Such a break-in is done by using a legitimate-looking application. For example, a remote access application or backup software can be used to achieve this target. While these apps aren’t malware themselves, they can be exploited to perform a spying software. Therefore, a data breach investigation must be thorough. Experts with experience in such investigations must manually “drill down” in order to get to the bottom of the breach.
Force Majeure operates legally and does not provide cyber attacks or malicious hacking services
How to deal with spyware or hacking
Common spyware can usually be handled by scanning the computer using various anti spyware programs, and by installing basic protection products. The best protection is prevention: avoid installing unrecognized software, never connect unsecure removable devices to the computer, avoid clicking suspicious links etc.
A specific spyware, which was tailor-made for a particular business, will usually evade detection by scanning programs. To detect these, a thorough, manual scan by a skilled computer investigator is required – a person that can identify activity which would go undetected by an untrained eye. Such activity indicates that backdoors or applications have been installed on the network. The scan is carried out without the attackers knowing about it, thereby preventing them from remotely deleting the software and destroying the evidence.
Some spyware programs enable the attacker to control the computer and the network. They enable collecting passwords of users, mining the company’s databases, activation of network cameras and viewing what is happening in a room or office, and also logging any character typed on a computer (key loggers).
There are various ways of hacking into a computer. It can be done by installing software or through a miniature physical device which is installed in the computer and enables full real-time access to the data on it and to all of the activity taking place on it.
Do you suspect your computer has been hacked? This is where we come in. Contact us and we’ll take it from there.