Thief

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
K

karl_21

Distinguished
Oct 26, 2010
5
0
18,510
Hello,
my pc (windows 7, 64 bit) has been hacked by a professional thief by connecting my pc to his laptop and....?????... no idea what he did.
how and where can I see how he got into my system (log files etc ??). can I verify that he hacked the pc - I know the exact time when it happend....
thanks
 
Sort by date Sort by votes


How did this happen? The thief was physically at your computer? How did he connect your PC to his? Network cable?



 
Upvote 0 Downvote




yes - I had my webcam on (motion detection), the monitor was off, so he did not see that a picture is taken. he was in front of my pc and connectedt his laptop to my pc - but how (network ? usb ? ) etc I don´t know. that´s what I want to find out.......
no idea what software to hack he used or any kind of backdoor? just not my field....
karl
 
Upvote 0 Downvote
Could have been either one. If he never went behind your computer then it was probably a USB connection as thats the only one found on most computers. Not sure of what tools are available, was the PC locked with a password he doesn't know? Might be time to reload windows and take some extra security steps. (disable guest account, turn off remote registry and remote access. Log on as a non admin, etc.)
 
Upvote 0 Downvote


Was the webcam on the computer that was attacked? It was powered on during this? The simplest way to access information on a computer with physical access is to boot from a CD, which then allows the attacker to take any information.

This was in your home or at the office? Was other things stolen or just your computer attacked?
 
Upvote 0 Downvote
it was at home, nothing else was stolen...... of only interest was the pc and the data.

the pc was on (otherwise the motion detection would not work), but monitor was off and pc was secured with my administrator password.
in the event log it only shows that the pc was rebootet and a usb was connected - so, probably he connected his laptop to my pc via usb and booted from his laptop, right ? but that´s our guess, no way to verify that (booted from cd or so ?), hmmm

thanks so far
karl
 
Upvote 0 Downvote


First I would say that this is a matter for the police. Second, are you having information on your computer that is of real value to anyone else, like running your own business or keeping sensitive company files at home?

If this thief actually broke into your home just to access your computer it must be something of real value, and you should act as if ALL of your data now is in the hands of someone else.

Also, if this thief entered with the sole purpose of accessing this information he was most likely equiped with a bootable CD that bypasses your ordinary operating system security. In such a situation I do not think a thief has the time to start "hacking" your computer, as in looking for weakness in missing patches or guessing passwords.

If he has physical access the "best" way would be to boot to something else, than transfer the data though USB to his laptop. If this was the way it was done then there will be no trace at your computer, other than it restarted.

Can you see the time between the shutdown and the restart in the Event Log?
 
Upvote 0 Downvote
for me, the event log is somehow confusing:
I get (in the right order)

winlogon
bonjour service (4x)
winlogon
desktop window manager
IJPLMSVC
bonjour service
windows error reporting

in another field of the event log:

USER32
Winlogon
service control manager (2x)
WinddowsUpdateClient
EventLog
service control manager (4x)
UserPnp
service control manager (3x)
DHCPv6-Client
service control manager (3x)
Dhcp-Client
service control manager (3x)


everything is documented by the time this was done.
when I came home (together with the police, pc was shut down) and he said he did nothing to my pc, only had his laptop there.....









 
Upvote 0 Downvote


The thief was caught by the police?

And your PC was shuted down when this happened? I still think that the thief entered your home, inserted the CD, connected the USB cable and then restarted. After this there will be no trace on your computer, but any information could have been transfered.

Has the police looked at his laptop to see if any information is from your computer?
 
Upvote 0 Downvote
he said he did not touch my pc, that´s why I have to proove it and from the event log I know he did it........


but they are not CSI miami........reality is different :-(

thanks for your help
 
Upvote 0 Downvote


If you have a picture from the webcam with him at a certain time and also can see in the eventlog that the computer was shutdown at the same time, then parhaps that could be proof.

However, I do not even have a guess what these digital evidences is worth in a legal way.

Please update the thread and tell us how it went.
 
Upvote 0 Downvote
^+1.
bonjour service (4x)
Click to expand...
Is it this? http://en.wikipedia.org/wiki/Bonjour_%28software%29
If so, do you have iTunes,etc installed? If you do, then this is most likely caused by iTunes.

All the stuff you listed in Event log are normal. Really isn't much you can do.

I still think that the thief entered your home, inserted the CD, connected the USB cable and then restarted. After this there will be no trace on your computer, but any information could have been transfered.
Click to expand...
Agreed. At least that's what any tech savy person would have done. Linux Live CDs are some powerful tools you know, esp. BT.
 
Upvote 0 Downvote


Did you get any solution through the police? What happened to the burglar?
 
Upvote 0 Downvote
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom