Sign in with
Sign up | Sign in
Your question
Closed

Thief

Last response: in Windows 7
Share
October 26, 2010 1:59:13 PM

Hello,
my pc (windows 7, 64 bit) has been hacked by a professional thief by connecting my pc to his laptop and....?????... no idea what he did.
how and where can I see how he got into my system (log files etc ??). can I verify that he hacked the pc - I know the exact time when it happend....
thanks

More about : thief

October 26, 2010 3:20:00 PM

karl_21 said:
Hello,
my pc (windows 7, 64 bit) has been hacked by a professional thief by connecting my pc to his laptop


How did this happen? The thief was physically at your computer? How did he connect your PC to his? Network cable?



Score
0
October 27, 2010 5:37:04 AM

ricno said:
How did this happen? The thief was physically at your computer? How did he connect your PC to his? Network cable?




yes - I had my webcam on (motion detection), the monitor was off, so he did not see that a picture is taken. he was in front of my pc and connectedt his laptop to my pc - but how (network ? usb ? ) etc I don´t know. that´s what I want to find out.......
no idea what software to hack he used or any kind of backdoor? just not my field....
karl
Score
0
Related resources
a b D Laptop
a b $ Windows 7
October 27, 2010 6:19:02 AM

Could have been either one. If he never went behind your computer then it was probably a USB connection as thats the only one found on most computers. Not sure of what tools are available, was the PC locked with a password he doesn't know? Might be time to reload windows and take some extra security steps. (disable guest account, turn off remote registry and remote access. Log on as a non admin, etc.)
Score
0
October 27, 2010 6:19:26 AM

karl_21 said:
yes - I had my webcam on (motion detection), the monitor was off,


Was the webcam on the computer that was attacked? It was powered on during this? The simplest way to access information on a computer with physical access is to boot from a CD, which then allows the attacker to take any information.

This was in your home or at the office? Was other things stolen or just your computer attacked?
Score
0
October 27, 2010 6:48:09 AM

it was at home, nothing else was stolen...... of only interest was the pc and the data.

the pc was on (otherwise the motion detection would not work), but monitor was off and pc was secured with my administrator password.
in the event log it only shows that the pc was rebootet and a usb was connected - so, probably he connected his laptop to my pc via usb and booted from his laptop, right ? but that´s our guess, no way to verify that (booted from cd or so ?), hmmm

thanks so far
karl
Score
0
October 27, 2010 6:57:01 AM

karl_21 said:
it was at home, nothing else was stolen...... of only interest was the pc and the data.


First I would say that this is a matter for the police. Second, are you having information on your computer that is of real value to anyone else, like running your own business or keeping sensitive company files at home?

If this thief actually broke into your home just to access your computer it must be something of real value, and you should act as if ALL of your data now is in the hands of someone else.

Also, if this thief entered with the sole purpose of accessing this information he was most likely equiped with a bootable CD that bypasses your ordinary operating system security. In such a situation I do not think a thief has the time to start "hacking" your computer, as in looking for weakness in missing patches or guessing passwords.

If he has physical access the "best" way would be to boot to something else, than transfer the data though USB to his laptop. If this was the way it was done then there will be no trace at your computer, other than it restarted.

Can you see the time between the shutdown and the restart in the Event Log?
Score
0
October 27, 2010 7:26:49 AM

for me, the event log is somehow confusing:
I get (in the right order)

winlogon
bonjour service (4x)
winlogon
desktop window manager
IJPLMSVC
bonjour service
windows error reporting

in another field of the event log:

USER32
Winlogon
service control manager (2x)
WinddowsUpdateClient
EventLog
service control manager (4x)
UserPnp
service control manager (3x)
DHCPv6-Client
service control manager (3x)
Dhcp-Client
service control manager (3x)


everything is documented by the time this was done.
when I came home (together with the police, pc was shut down) and he said he did nothing to my pc, only had his laptop there.....









Score
0
October 27, 2010 7:32:43 AM

karl_21 said:

everything is documented by the time this was done.
when I came home (together with the police, pc was shut down) and he said he did nothing to my pc, only had his laptop there.....


The thief was caught by the police?

And your PC was shuted down when this happened? I still think that the thief entered your home, inserted the CD, connected the USB cable and then restarted. After this there will be no trace on your computer, but any information could have been transfered.

Has the police looked at his laptop to see if any information is from your computer?
Score
0
October 27, 2010 8:17:32 AM

he said he did not touch my pc, that´s why I have to proove it and from the event log I know he did it........


but they are not CSI miami........reality is different :-(

thanks for your help
Score
0
October 27, 2010 8:22:16 AM

karl_21 said:
he said he did not touch my pc, that´s why I have to proove it and from the event log I know he did it........


If you have a picture from the webcam with him at a certain time and also can see in the eventlog that the computer was shutdown at the same time, then parhaps that could be proof.

However, I do not even have a guess what these digital evidences is worth in a legal way.

Please update the thread and tell us how it went.
Score
0
a b D Laptop
a b $ Windows 7
October 27, 2010 3:04:52 PM

The camera recorded a file. That file will have a date / time created stamp
Score
0
a b $ Windows 7
October 28, 2010 2:12:07 AM

^+1.
Quote:
bonjour service (4x)

Is it this? http://en.wikipedia.org/wiki/Bonjour_%28software%29
If so, do you have iTunes,etc installed? If you do, then this is most likely caused by iTunes.

All the stuff you listed in Event log are normal. Really isn't much you can do.

Quote:
I still think that the thief entered your home, inserted the CD, connected the USB cable and then restarted. After this there will be no trace on your computer, but any information could have been transfered.

Agreed. At least that's what any tech savy person would have done. Linux Live CDs are some powerful tools you know, esp. BT.
Score
0
November 29, 2010 11:51:50 AM

karl_21 said:
he said he did not touch my pc, that´s why I have to proove it and from the event log I know he did it........


Did you get any solution through the police? What happened to the burglar?
Score
0
January 3, 2011 12:14:22 AM

I really hope justice was served :D 
Score
0
a b 8 Security
a b D Laptop
a c 401 $ Windows 7
January 3, 2011 1:25:52 AM

convict that loser
Score
0
a b $ Windows 7
January 3, 2011 11:36:42 PM

This topic has been closed by Mousemonkey
Score
0
!