I was recently in London and some two young Portuguese/English girls the same age as me (17-20) who were sisters of my mothers friend and wanted to use my laptop for two hours but due to some issues with them, turned out to be two days.
Those two days worrying about my laptop made me think about just how much information was stored on there and reading a similar thread about computer privacy with customs officers asked not to long ago here, it also brought the question of what could a reasonably intelligent hacker/criminal do?
Lets imagine an unlikely scenario where these unsuspecting fairly posh girls knew quite a bit about computer hacking/software; and during those two days, cloned my hard drive. On my real computer I have personal data (travel documents scanned, social security, personal images, videos, statements from government departments, ) and assuming they knew how to put keyloggers that capture every stroke, financial data of card numbers, account numbers, PINs, IBANs etc, passwords of online auction sites, etc…
If they wanted to be ‘intelligent’ and not arouse any suspicion in me or in the bank when trying to use my account, what could they do?
Also touching on the implications of having all my data. Could they track me down even when I went back to my home country?
I think it’s better the answers focus on the factual aspects of what happens in similar situations rather than move it to IMHO…
What about the scenario of leaving a computer at the shop for repair, upgrade, etc.? Wouldn’t that entail the same risk? Seems like a question that would have been asked on this board.
Just guessing, but I think the only way to be sure is to remove all sensitive information beforehand and reinstall everything afterward. Given the girls’ relation to your family, you probably have nothing to worry about.
The situation you describe is actually even worse (potentially, at least) then them having access to all of your data. Not only could they take anything off of your computer, but they could put anything on, too. Say, a keylogger so they can catch any new passwords you might create in the future, and a browser hijacker so whenever you try to download any anti-malware software, you end up redirected to a site that just gives you more malware.
1 - quarantine the computer when you get it back, and have reputable anti-virus anti-malware security programs installed (downloading off a fresh machine and transferred to yours via disposable thumb drive. Run deep scans, see what comes up. good free stuff is available online as a first pass - read some review websites to see whats the best currently.
2 - **if **it won’t affect you too much, a full clean format and reinstallation of the OS - maybe even from a separate iso. Your IT department can reissue you a license key and iso on the spot, or you can go to the online microsoft store and spend 100 clams.
3 - contact your financial organisations and see what arrangements can be made to protect you. for instance, they could limit daily card withdrawal / spend to a few hundred bucks, or cancel and reissue new financials, or maybe they have other tricks. They can also geoblock transactions, so any card use outside of your nominated areas they can act on immediately to reverse transaction and block the cards.
4 - any chance you’re up for a computer upgrade soon? If your only a few months off, might even be cost effective to get a new one instead of effort and $$$ of the above, not to mention stress. new hardware will solve a lot of your problems. just be wary wary in transferring bulk data from old machine to new - consult an IT guy for this step.
5 - maybe theres a way to casually start a communication with these two girls about info security, and how you interested in learning more to protect yourself, and what you’ve learnt so far. if they are intending some mischief, this will certainly dissuade them!
6 - also wouldn’t hurt to at least change your passwords and pins immediately as a proactive step - a good idea on a annual or so frequency anyway.
7 - if you are a part of a major business (employee or owner) who holds corporate property insurance (and allied risks), there may even be coverage option against ‘Cyber’ events such as these. whilst the loss potential you described would almost certainly fall below your deductible, a monetary benefit would likely not be provided. However they could certainly offer valuable advice as the industry focus is currently highly engaged in these cyber risks. I work in the commercial insurance game - let me know which company you work for I’ll see if you are a client so i can get some assistance from our cyber-risk gurus. I have just turned my PM’s on.
hope that helped,
Cheers
hmm i wrote an addenda to the above, but it dissappeared. anyway repeated as follows.
forgot to mention - don’t plug any portable HDD or USB sticks into your machine that will then be put into other computers. virus/malware transmission path. we had some plum on a mine site corrupt an entire network isolated high voltage protection PLC/SCADA system from this exact step.
to perform the steps i’ve talked about above, a simple google search will give you plenty of user friendly guides. Turning off programs from automatic start-up, disabling programs running in the background using task manager and rebooting into safe mode are all pretty foolproof and yo won’t break anything. Ensure you specify Windows 7 in the search as it is an aging OS (still perfectly good though).
If it is an hardware issue, these items can normally be checked in the BIOS/EFI. This is slightly more involved and errant clicking in here could cause you some issues, so if you are not confident following a guide with this step let us here know, or someone IT knowledgeable at work. My experiences tells me hardware failures normally would result in the “blue screen of death " BSOD” and you have not reported that as an issue, which is positive. Still, must keepan open mind.
You should NEVER have autoplay enabled. If you know enough to use a laptop, you know enough to manually run anything on a pluggable drive. This goes some way toward limiting what can be transferred from other computers. Don’t share your C: drive on your home/work network, limit it to sandboxes like “Shared” folder. Don’t share at all in public.