I was just in China for a week long business trip. After returning to my hotel from a day in Beijing, I tried to access my in-room safe but my code wouldn't work. (No, I didn't forget or mis-enter the code). I called hotel management and once the manager came up, he had the safe open in under 20 seconds. I had set things up in the safe so that I would notice if anything had been tampered with. Nothing was missing, but someone had most certainly been through my stuff. Among other items, I had left my laptop and charging cable in the safe and now I am paranoid that a keylogger or other hacking/espionage program has been placed on my computer - especially since now every so often I get a message that says another computer is using my IP address and I am being kicked offline.

How can I determine if there is a "ghost" program on my harddrive that is logging my movements, passwords, etc...?

Just a shot in the dark....but I bet someone on this board is savvy enough with computers.

There's a software package for hacking called "BackTrack" and it's Linux based. You don't have to have your whole computer become a Linux machine, but you (or someone) can download BackTrack to a bootable USB drive.

BackTrack is essentially an extensive collection of hacking tools, but can also be used for evaluating security issues in your own machine.

I'm not savvy enough myself, I'm just a student who took a class on some basics of penetration testing. But if someone had administrative access to your machine they could install a rootkit, which operates at the kernel (very low level) of the operating system. The thing about rootkits is that they operate a lower "level" than firewalls and antivirus software, more or less getting around them. When combined with software like "hacker defender" someone can hide the processes relating to the hack, even from an administrator.

If it's a rootkit, you might use a tool like "Rootkit Revealer" or F-Secure's "Blacklight" which can help you find it.

Keep in mind I don't know enough about comp software, but the short of it is, if you can find someone who knows what I was just talking about then they can prob fix it for you.

Wish I could be more helpful.

- Dan P.

I was just in China for a week long business trip. After returning to my hotel from a day in Beijing, I tried to access my in-room safe but my code wouldn't work. (No, I didn't forget or mis-enter the code). I called hotel management and once the manager came up, he had the safe open in under 20 seconds. I had set things up in the safe so that I would notice if anything had been tampered with. Nothing was missing, but someone had most certainly been through my stuff. Among other items, I had left my laptop and charging cable in the safe and now I am paranoid that a keylogger or other hacking/espionage program has been placed on my computer - especially since now every so often I get a message that says another computer is using my IP address and I am being kicked offline.

How can I determine if there is a "ghost" program on my harddrive that is logging my movements, passwords, etc...?

IMO, you're burnt. Get all new stuff.

I was just in China for a week long business trip. After returning to my hotel from a day in Beijing, I tried to access my in-room safe but my code wouldn't work. (No, I didn't forget or mis-enter the code). I called hotel management and once the manager came up, he had the safe open in under 20 seconds. I had set things up in the safe so that I would notice if anything had been tampered with. Nothing was missing, but someone had most certainly been through my stuff. Among other items, I had left my laptop and charging cable in the safe and now I am paranoid that a keylogger or other hacking/espionage program has been placed on my computer - especially since now every so often I get a message that says another computer is using my IP address and I am being kicked offline.

How can I determine if there is a "ghost" program on my harddrive that is logging my movements, passwords, etc...?

Are you military in any form?

Are you military in any form?

I know - it was stupid and naive - and I knew better. Baaaad decision, MtnGoat. :) (Sorry couldn't resist).

I'll take my licks. But I'm also looking for assistance. I think Dusty's right - may need to scrap and start over.

Just a shot in the dark....but I bet someone on this board is savvy enough with computers.

There's a software package for hacking called "BackTrack" and it's Linux based. You don't have to have your whole computer become a Linux machine, but you (or someone) can download BackTrack to a bootable USB drive.

BackTrack is essentially an extensive collection of hacking tools, but can also be used for evaluating security issues in your own machine.

I'm not savvy enough myself, I'm just a student who took a class on some basics of penetration testing. But if someone had administrative access to your machine they could install a rootkit, which operates at the kernel (very low level) of the operating system. The thing about rootkits is that they operate a lower "level" than firewalls and antivirus software, more or less getting around them. When combined with software like "hacker defender" someone can hide the processes relating to the hack, even from an administrator.

If it's a rootkit, you might use a tool like "Rootkit Revealer" or F-Secure's "Blacklight" which can help you find it.

Keep in mind I don't know enough about comp software, but the short of it is, if you can find someone who knows what I was just talking about then they can prob fix it for you.

Wish I could be more helpful.

- Dan P.

Thanks, Dan. I am also no IT expert. I'll give your suggestions a shot prior to wrapping it in det cord.

IMO, you're burnt. Get all new stuff.


What he just said. The more important thing is what was/is on your laptop that might be compromised, be it company materials or any other personal information? At a minimum, its a possibility that they just copied your entire hard drive and are sifting through your data. The opposite end of that is that they have indeed installed software on your system and given that its most likely state sponsored, detecting it with anything commercially available is not going to work. Don't download anything off of the laptop that you have on the hard drive(documents, excel sheets,ppt, etc),hopefully you have back ups of your files somewhere separate that you can load on a brand new computer. Treat the laptop and the files on it as suspect and destroy it, thats the only way to be 100% certain.

I am by no means a computer expert, but will the drive scrubbers that are commercially available wipe the drive of everything, including any suspect ghost programs? Then you basically start over loading drivers and your OS and software.

These scrubbers come in and overwrite the data with 1s and 0s, so it would be, I think, like having a brand new computer. I am just not sure how sophisticated these programs are, and if it would take care of suspect software.

Better change your passwords for all of your accounts ASAP - but don't use that computer to do it.

Richard :munchin

also sounds like you have been set up as a "Bot". Don't connect to the net until you get this thing scrubbed and re-loaded. Consider everything in there compromised. Commercial companies can do this easily for you.

DBAN (http://www.dban.org/) it and reload everything. Hope you backed everything up before your trip to China. This is a good time to get a policy in place for your company concerning overseas trips. I know that when someone from Virginia Tech goes to China they have to go through a pretty through computer eval pre and post trip, and in some cases, they aren't allowed to take certain files, etc. It helps that some of the advisers to the national security IT people are at the university, so they know what to look for.

I would back up all files you need and personally I wouldn't scrub the hard drive, I'd bin it! Hard drives aren't all that expensive to replace.

I was just in China for a week long business trip. After returning to my hotel from a day in Beijing, I tried to access my in-room safe but my code wouldn't work. (No, I didn't forget or mis-enter the code). I called hotel management and once the manager came up, he had the safe open in under 20 seconds. I had set things up in the safe so that I would notice if anything had been tampered with. Nothing was missing, but someone had most certainly been through my stuff. Among other items, I had left my laptop and charging cable in the safe and now I am paranoid that a keylogger or other hacking/espionage program has been placed on my computer - especially since now every so often I get a message that says another computer is using my IP address and I am being kicked offline.

How can I determine if there is a "ghost" program on my harddrive that is logging my movements, passwords, etc...?

Please send me a PM with further details of the event when you have a moment. I can help you, but you now have a great deal of other problems that need to be addressed on a different level. This is a very serious issue, not meant to be discussed openly.

Please send me a PM with further details of the event when you have a moment. I can help you, but you now have a great deal of other problems that need to be addressed on a different level. This is a very serious issue, not meant to be discussed openly.

I agree with 35NCO - and all others saying to get new stuff. Definitely do not access any networks with it and do not log into ANY sites with it. Keyloggers are tough as nails to detect. The ones we use mask their presence within the system's registry and will not show up in task mgr or as a running windows system service (assuming you're running windows and not a variant of linux or some other sys).

A new PC is in order for you and if you need further help, please don't hesitate PM'g me, either. And for the love of God, do not simply back up your hard drive and restore your files to a new machine. A decent programmer will spoof several commonly accessed files and let the logger hide in plain sight.

olhamada,
While I am not an expert, I do know a thing or two ;). QP Dusty and other posters are indeed correct, if you suspect compromise, the best thing is to rebuild or replace the machine. You best move right now would be to replace your machine outright and allow the drive of this one to be forensically examined. DO NOT power the machine on, or connect it to any networks. Once the drive has been copied by an analyst, use a bootable Linux CD/Flash drive(BackTrack was mentioned by a previous poster and is an excellent choice for this) to recover your files. If you do plan on re-using the drive, make sure you use DBAN or the Linux 'dd' utility to overwrite the entire drive as many modern rootkits hook the MBR(Master Boot Record) and will NOT be removed with a simple format. MOO: They were probably more interested as to what was on your machine, than what you plan to do with your machine later on; I suspect they copied your drive.

Modern keyloggers and/or backdoors/remote access tools can be hardware or software, and depending on design, can be almost impossible to detect. Hardware does not fare as well with regards to detection as someone with a decent knowledge of computer hardware and who knows where to look can detect it, software on the other hand comes in many forms and can be almost impossible to detect. Depending on design, if the tool used is based off of the TDL/TDSS rootkit family(as most modern crimeware is), then most A/V packages can detect and possibly remove such malware, custom code on the other hand is very difficult to detect and remove. Depending on how "good" they were/are, they may have left behind some clues in system logs and file system journal/MFT.

IMHO: With regards to information warfare China is absolutely hostile territory for any US traveler, especially those with government ties and/or on government business. Consider some basic defenses when leaving your laptop secured but unattended:
a) Encryption - generally mandated by most private and government policy, this will make it far more difficult for an adversary to install malware and/or copy your data.
b) File integrity monitoring software, i.e. OSSEC HIDS, will alert you to changes in critical system files as well as new files in odd places.
c) Basic fieldcraft - hair/thread in the right place(s) can easily tip you off to compromise
d) Non-persistent operating system environments - I have an acquaintance in the semi-conductor industry who regularly travels to China. He takes a designated laptop, and uses a bootable flash drive with a portable Linux distribution to do his work, the flash drive stays on his person at all times.

My .002, FWIW...

I would back up all files you need and personally I wouldn't scrub the hard drive, I'd bin it! Hard drives aren't all that expensive to replace.

If you bin it you better destroy it physically so that someone can't get any of the files off of it. As it stands, those files are still accessible.

I DBAN and physically destroy all hard drives that are no longer needed.

olhamada,
d) Non-persistent operating system environments - I have an acquaintance in the semi-conductor industry who regularly travels to China. He takes a designated laptop, and uses a bootable flash drive with a portable Linux distribution to do his work, the flash drive stays on his person at all times.

My .002, FWIW...

That is an excellent idea. Simple, yet extremely effective.

That is an excellent idea. Simple, yet extremely effective.

Thanks! I did a similar thing internally at my current employer using Slackware, Live Linux scripts and net PCs(Asus/Foxconn) for thin-client use.

Keep your computer on your person at all times:
http://www.maximumpc.com/article/news/itty_bitty_cotton_candy_usb-sized_pc_available_preorder

I concur with the above posts... if someone has had access to your machine it is totally compromised. Just see the other posts on this forum regarding chinese hardware that has been co-opted for computer espionage, like thermostats. They in all likelihood someone has a complete copy of your hard drive and have left behind nifty surprises on you computer for future monitoring or transfer of malware onto your company's internal network.

Destroy your machine. Don't try to recover anything.

The juice isn't worth the squeeze on this one.

Guys, all incredibly great and useful info. I can't express my appreciation for your time and excellent advice deeply enough. I will be responding to several of you by PM.

Thankfully, all files were backed up prior to my trip - both physical and cloud - and only personal information was on my laptop - no corporate and no DoD. Passwords have all been changed from a different computer and laptop is in process of being either checked out or replaced (haven't decided yet). I am assuming that it has been compromised.

This is an excellent case study for anyone traveling out of country - especially to China. They're really sneaky - and aggressive.

While in China, I took a tour of Huawei in Shenzhen. Incredible. Scary.

They are the largest cellular telecommunications and technology company in Asia. They make most of the cell phones we use here in the US but rebrand them (other then Apple). They are planning on selling in the US market under their own brand soon.

The technology they have (most of which was obtained through espionage from the US I'm sure), was amazing. Some of the stuff they had - digital cameras that could "see" from about 5 Km away and zoom in for instant facial recognition utilizing their expansive database. Audio mics with video surveillance that could pick up individual conversations in a crowed room. Many very impressive applications in medical communications and robotics, electronic medical records and remote imaging, tablets that put the iPad to shame, integrated cell phones and internet accessible digital TVs with full seamless connectivity.

I didn't take any electronics in with me except my phone which was powered down the entire time. Those in my group that did keep their phones active, said their phones did not work the entire time we were on the premises and their phones could not/would not take photos.

Very impressive tour and demonstrations. And I know we only saw what they wanted us to see. I'm sure there was much that was left unmentioned. I left there thinking, "we are in big trouble".

While we're on the topic, :D

The Chinese absolutely LOVE Obama. They equate him to their beloved Chairman Mao. These t-shirts were all over China. Translation - "Obama Mao".

https://twitter.com/#!/OmarHamada/status/200750926565347328/photo/1

We were told by several business men, "China is becoming more Capitalistic and Communism is decreasing. The US on the other hand is becoming more Communist. Tax the rich and spread the wealth? We no longer allow it."

Wow.

Very impressive tour and demonstrations. And I know we only saw what they wanted us to see. I'm sure there was much that was left unmentioned. I left there thinking, "we are in big trouble".


I've heard similar comments from friends of mine (technology field) that have spent time over there. I've never been, but always wanted to see it for myself. Apart from your laptop fiasco, sounds like a good and interesting time! :cool:

So if they have all this stuff, why aren't they competing with it in the global marketplace right now?

I wasn't sure if that was an open question or not, but from what I've seen (at least from America's POV) is that the FCC heavily regulates new technologies. At a basic consumer/commercial level, we usually lag behind Europe and then Asia. I didn't realize that until I spent a little time over seas on various contracts with other tech companies. At times, I felt like I was stuck in 1984 while everyone else was a couple decades ahead of me.

My .000002 cents

So if they have all this stuff, why aren't they competing with it in the global marketplace right now?

They are. Just not in the US....yet. From what I understand, most of their products sold in the West are rebranded, but they are beginning to market under their own brand.

So I was doing some research on Huawei as you peaked my interest, and it turns out that one thing hamstringing them from expanding into the U.S. as they'd like to is that the U.S. government is suspicious of them as being a proxy for the Chinese government. Huawei builds lots of telecommunications equipment and infrastructure, and has around $40 billion in loans from the Chinese government. It is also believed to have direct ties to the government and the PLA. The company was recently denied from building a new communicaiton network in the U.S. that would be used by fire, police, EMS, etc...for concerns over the equipment being designed to allow the Chinese unauthorized access to U.S. networks. Huawei has also been prevented from buying or acquiring ownership stakes in certain U.S. companies.

India also is facing some of the same concerns.

Ah, supply chain security. It makes sense, if you supply the communications gear gear, you can essentially *own* whomever you are selling it to. Israel is another such example.[1][2]

[1] http://www.wired.com/threatlevel/2012/04/shady-companies-nsa/all/1
[2] http://cryptome.org/verispy.htm

So I was doing some research on Huawei as you peaked my interest, and it turns out that one thing hamstringing them from expanding into the U.S. as they'd like to is that the U.S. government is suspicious of them as being a proxy for the Chinese government. Huawei builds lots of telecommunications equipment and infrastructure, and has around $40 billion in loans from the Chinese government. It is also believed to have direct ties to the government and the PLA. The company was recently denied from building a new communicaiton network in the U.S. that would be used by fire, police, EMS, etc...for concerns over the equipment being designed to allow the Chinese unauthorized access to U.S. networks. Huawei has also been prevented from buying or acquiring ownership stakes in certain U.S. companies.

India also is facing some of the same concerns.

Huawei has been locked out of national broadband infrastructure in Australia.

In NZ and the Philippines concerns are being raised about national network security with the possibility of Huawei playing a role in broadband infrastructure buildout.

In some ways it reminds me of the Polish Cypher Bureau cracking early Enigma and the US cracking Purple. All done well before WWII and in the case of Enigma 1932.

So if they have all this stuff, why aren't they competing with it in the global marketplace right now?

Technology and business are not the same thing.

Other nations (like the Germans and Japanese) often develop technology faster than the USA.
Americans are very adept at using that technology to make profit.

The business of America is business.

So I was doing some research on Huawei as you peaked my interest, and it turns out that one thing hamstringing them from expanding into the U.S. as they'd like to is that the U.S. government is suspicious of them as being a proxy for the Chinese government. Huawei builds lots of telecommunications equipment and infrastructure, and has around $40 billion in loans from the Chinese government. It is also believed to have direct ties to the government and the PLA. The company was recently denied from building a new communicaiton network in the U.S. that would be used by fire, police, EMS, etc...for concerns over the equipment being designed to allow the Chinese unauthorized access to U.S. networks. Huawei has also been prevented from buying or acquiring ownership stakes in certain U.S. companies.

India also is facing some of the same concerns.

I wholeheartedly agree. I have no doubt whatsoever, that Huawei is a proxy for the Chinese government.

An interesting thing I learned is that though we allow relatively open access to foreign owned business here in the US including ownership of land and properties, many other countries don't reciprocate. In China, for example, if you wanted to start a business, you'd have to have a Chinese majority partner who owned at least 51% of the business. Many Western brands are now in the Chinese market and have allowed such arrangements in order to do business there. There are many other countries that have similar requirements. Dubai is another.

The Chinese also don't allow foreign entities to own any property. For that matter, they don't allow their own people to own any land. All land is leased from the government. Buildings can be owned by individuals who are Chinese citizens but not by foreign nationals or corporations.

Some more info here on Huawei
http://www.wnd.com/2012/06/china-tech-company-admits-hacking-u-s-telecoms/

WASHINGTON – A major Chinese telecommunications company has been boasting how it was able to hack into U.S. and international telecommunications networks and intercept what it suggested was “malicious” data.

WND has posted some articles of questionable authenticity in the past, but generally, I want to like their site.

Some more info here on Huawei
http://www.wnd.com/2012/06/china-tech-company-admits-hacking-u-s-telecoms/

WASHINGTON – A major Chinese telecommunications company has been boasting how it was able to hack into U.S. and international telecommunications networks and intercept what it suggested was “malicious” data.

WND has posted some articles of questionable authenticity in the past, but generally, I want to like their site.

Thanks for posting that link. I read the article and it confirmed, again, why I hate seeing "Made in China" on electronic equipment.

From the article

They told WND that’s because while Huawei may consider the data “malicious,” the act of intercepting and extracting data means the Chinese company also could steal sensitive information or even alter the function of computer systems where the company’s products are installed.

That's troubling on many levels.

Yeah, we all have the potential to be royally screwed as long as we are using Chinese electronic products.

Yeah, we all have the potential to be royally screwed as long as we are using Chinese electronic products.

We deserve exactly what we get,they assemble our products(APPLE)for less cost,then they end up with the latest technology to put to use on other products they claim to develop..........:( "Stupid is as stupid does"........:rolleyes: We did a simular thing before WW2,selling steel to Japan to help them build their Zero's........:mad:

Big Teddy :munchin