How to Know if You’ve Been Hacked
It seems like every day now that we see a new headline on a cyber security breach. These headlines usually involve millions of records being stolen from some large financial institution or retailer. What doesn’t reach the headlines are the many individual breaches that happen millions of times a day, all over the world.
The answer to that question is not simple. Hacker software has become so sophisticated that it is often hard to detect once it has become embedded in your system. Although antivirus/anti-malware software can often be effective in keeping your system from being infected, in many cases, once it has become infected, the software can’t detect or remove the infection.
The reason for this is that the best malware embeds itself in your system files and looks and acts like part of your key Windows system files. Often, it will replace a system file with itself,keeping the same file name and functionality, but adding its own functionality. In this way, it looks and acts similarly to the necessary system file that your operating system needs to function properly, only the additional functionality gives a remote hacker access to your system and system resources at their will.
Why Hackers Want the Use of Your Computer
Although we are familiar with the idea that hackers might be seeking our credit card numbers,bank accounts, and identity, some hackers are simply seeking the use of your computer. By infecting thousands, even millions,of computers around the world, they can create what is called a “botnet.”
A botnet is a logical collection of internet connected devices such computers, smartphones or IoT devices whose security has been breached and control ceded to a third party. Each such compromised device, known as a “bot”, is created when a device is penetrated by software from a malware (malicious software) distribution. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network protocols such as IRC and Hypertext Transfer Protocol (HTTP)
Let’s take a look at how we can detect if such a security breach has taken place on YOUR system.
Step 1: Run Antivirus Software
There are many pieces of good antivirus software on the market. The problem is that even the ver
y best will not detect over 5 to 10% of all known malware. Then, there is the unknown malware that comes out every day. Hackers are always developing new software, usually variants of existing malware, but different enough to evade the signature detection of these software developers. In these cases
, your AV software is use.
Note: I still recommend that you buy a reputable brand of AV software and keep it
up to date.
Step 2: Check Task Manager
The first thing to check when you suspect that you have been hacked is your Windows Task Manager. You can access it by hitting Ctrl+Alt+Del on your keyboard and selecting Task Manager at the bottom of the menu that pops up, or just type
Task Manager in the run line of your Start menu.
When you open the Task Manager and click on the “Processes” tab, you should get a window similar to the one below. Note at the bottom the CPU usage. In this infected machine,the system is sitting idle and CPU usage is spiking near 93%-68%! Obviously, something is going on in this system.
Below, you will see the same Task Manager on an uninfected system. With the system idle, CPU
usage is under 10%
Step 3: Check System Integrity Checker in Windows
Very often, malware will embed itself into the system files which would explain why the AV soft
ware couldn’t detect or remove it. Microsoft builds a system integrity checker into Windows called sfc.exe that should be able to test the integrity of these system files. From Microsoft’s documentation,
it describes this utility saying:
“System File Checker is a utility in Windows that allows users to scan for
corruptions in Windows system files and restore corrupted files.”
The idea here is that this tool or utility checks to see whether any changes have been made to
the system files and attempts to repair them. Let’s try it out. Open a command prompt by right-clicking and choose Run as Administrator.
Then type the following command (make sure to press Enter afterward).
Step 4: Check Network Connections with Netstat
If the malware on our system is to do us any harm, it needs to communicate to the command and control center run by the hacker. Someone, somewhere, must control it remotely to get it to do what they want and then extract want they want.
Microsoft builds a utility into Windows called netstat. Netstat is designed to identify all connections to your system. Let’s try using it to see whether any unusual connections exist
Once again, open a command prompt and use the following command.
Since a piece of malware embedded into the system files can manipulate what the operating system is actually telling us and thereby hide its presence, this may explain why nothing unusual showed up in netstat. This is one more indication of how recalcitrant some of this malicious malware can be.
Detecting whether your computer is infected with malware is not necessarily a simple task. Of course, for most, simply relying on antivirus software is the best and simplest technique. Given that this softw-are is imperfect, some of the techniques outlined here may be effective in determining whether you have really been hacked or not.