PC Review

Forums

Windows XP Security

Laptop hacked into by security officials during pre-flight check

Reply

Laptop hacked into by security officials during pre-flight check

Rate Thread

22-05-2007, 11:17 PM	#1
=?Utf-8?B?TXMuIEJsb25kIDIwMDc=?= Guest Posts: n/a	Laptop hacked into by security officials during pre-flight check Recently y laptop was taken away from me for "security" examination at JFK Airport at the security check for a flight to a destination in the Middle East (known for its stringent security procedures). Given my employment, the interest in the contents of laptop by these particular security agents was not entirely surprising. The logbooks give strong reason for me to believe that security agents hacked into my (Windows password protected) laptop. I also suspect that my laptop was connected to the internet given that the Adobe Acrobat Updater had started and the last "offline content" webpage was the login webpage to my internet email account whilst I had not recently visited that page. I had absolutely nothing to hide but feel nevertheless that, absent any probable cause, this represents a gross invasion of privacy unjustified by any law enforcement rationale. How do I confirm that my laptop was hacked into and that it was connected to the internet? The logbooks have a series of entries which I find difficult to understand. Can anybody explain "translate" this particular logbook entry (copied below) into regular non-IT English? (I've translated some of this into English from another European language so some of this may not be standard IT-speak.) Event Type: Control of succesful events Origin of event: Security Category of event: Use of authorizations Event-ID: 576 Date: [deleted for privacy considerations] Time: [deleted for privacy considerations] User: NT AUTHORITY\Netwerkservice Computer: [deleted for privacy considerations] Description: Special authorizations granted to a new logon user: User name: Netwerkservice Domein: NT AUTHORITY Logon-ID: (0x0,0x3E4) Priviledges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege Is this evidence that my laptop was hacked into? Many thanks.

23-05-2007, 12:10 AM	#2
David H. Lipman Guest Posts: n/a	Re: Laptop hacked into by security officials during pre-flight check From: "Ms. Blond 2007" <Ms. Blond 2007@discussions.microsoft.com> \| Recently y laptop was taken away from me for "security" examination at JFK \| Airport at the security check for a flight to a destination in the Middle \| East (known for its stringent security procedures). Given my employment, the \| interest in the contents of laptop by these particular security agents was \| not entirely surprising. \| \| The logbooks give strong reason for me to believe that security agents \| hacked into my (Windows password protected) laptop. I also suspect that my \| laptop was connected to the internet given that the Adobe Acrobat Updater had \| started and the last "offline content" webpage was the login webpage to my \| internet email account whilst I had not recently visited that page. I had \| absolutely nothing to hide but feel nevertheless that, absent any probable \| cause, this represents a gross invasion of privacy unjustified by any law \| enforcement rationale. \| \| How do I confirm that my laptop was hacked into and that it was connected to \| the internet? The logbooks have a series of entries which I find difficult \| to understand. \| Can anybody explain "translate" this particular logbook entry (copied below) \| into regular non-IT English? (I've translated some of this into English from \| another European language so some of this may not be standard IT-speak.) \| \| Event Type: Control of succesful events \| Origin of event: Security \| Category of event: Use of authorizations \| Event-ID: 576 \| Date: [deleted for privacy considerations] \| Time: [deleted for privacy considerations] \| User: NT AUTHORITY\Netwerkservice \| Computer: [deleted for privacy considerations] \| Description: \| Special authorizations granted to a new logon user: \| User name: Netwerkservice \| Domein: NT AUTHORITY \| Logon-ID: (0x0,0x3E4) \| Priviledges: SeAuditPrivilege \| SeAssignPrimaryTokenPrivilege \| SeChangeNotifyPrivilege \| \| Is this evidence that my laptop was hacked into? \| \| Many thanks. No ! -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm

23-05-2007, 05:12 AM	#3
Shenan Stanley Guest Posts: n/a	Re: Laptop hacked into by security officials during pre-flight check Ms. Blond 2007 wrote: > Recently y laptop was taken away from me for "security" examination > at JFK Airport at the security check for a flight to a destination > in the Middle East (known for its stringent security procedures). > Given my employment, the interest in the contents of laptop by > these particular security agents was not entirely surprising. > > The logbooks give strong reason for me to believe that security > agents hacked into my (Windows password protected) laptop. I also > suspect that my laptop was connected to the internet given that the > Adobe Acrobat Updater had started and the last "offline content" > webpage was the login webpage to my internet email account whilst I > had not recently visited that page. I had absolutely nothing to > hide but feel nevertheless that, absent any probable cause, this > represents a gross invasion of privacy unjustified by any law > enforcement rationale. > > How do I confirm that my laptop was hacked into and that it was > connected to the internet? The logbooks have a series of entries > which I find difficult to understand. > Can anybody explain "translate" this particular logbook entry > (copied below) into regular non-IT English? (I've translated some > of this into English from another European language so some of this > may not be standard IT-speak.) > > Event Type: Control of succesful events > Origin of event: Security > Category of event: Use of authorizations > Event-ID: 576 > Date: [deleted for privacy considerations] > Time: [deleted for privacy considerations] > User: NT AUTHORITY\Netwerkservice > Computer: [deleted for privacy considerations] > Description: > Special authorizations granted to a new logon user: > User name: Netwerkservice > Domein: NT AUTHORITY > Logon-ID: (0x0,0x3E4) > Priviledges: SeAuditPrivilege > SeAssignPrimaryTokenPrivilege > SeChangeNotifyPrivilege > > Is this evidence that my laptop was hacked into? > > Many thanks. No. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html

23-05-2007, 01:46 PM	#4
=?Utf-8?B?c2NvdF93?= Guest Posts: n/a	RE: Laptop hacked into by security officials during pre-flight check Unfortunately I imagine that you have been using the laptop since the incident. As such you have oblitherated most of what might be evidence. Computer forensics depends on having access to an unmolested system sooner rather than later after the incident. If the nature of your business is of such a critical nature that you are concerned about your system being accessed, you should be using one of the many full disk encryption products on the market. These are programs that run and prevent access to the system pre-bios so that the system cannot even get booted from a floppy/CD/USB drive. If you are not, and your data is that sensitive, shame on you. "Ms. Blond 2007" wrote: > Recently y laptop was taken away from me for "security" examination at JFK > Airport at the security check for a flight to a destination in the Middle > East (known for its stringent security procedures). Given my employment, the > interest in the contents of laptop by these particular security agents was > not entirely surprising. > > The logbooks give strong reason for me to believe that security agents > hacked into my (Windows password protected) laptop. I also suspect that my > laptop was connected to the internet given that the Adobe Acrobat Updater had > started and the last "offline content" webpage was the login webpage to my > internet email account whilst I had not recently visited that page. I had > absolutely nothing to hide but feel nevertheless that, absent any probable > cause, this represents a gross invasion of privacy unjustified by any law > enforcement rationale. > > How do I confirm that my laptop was hacked into and that it was connected to > the internet? The logbooks have a series of entries which I find difficult > to understand. > Can anybody explain "translate" this particular logbook entry (copied below) > into regular non-IT English? (I've translated some of this into English from > another European language so some of this may not be standard IT-speak.) > > Event Type: Control of succesful events > Origin of event: Security > Category of event: Use of authorizations > Event-ID: 576 > Date: [deleted for privacy considerations] > Time: [deleted for privacy considerations] > User: NT AUTHORITY\Netwerkservice > Computer: [deleted for privacy considerations] > Description: > Special authorizations granted to a new logon user: > User name: Netwerkservice > Domein: NT AUTHORITY > Logon-ID: (0x0,0x3E4) > Priviledges: SeAuditPrivilege > SeAssignPrimaryTokenPrivilege > SeChangeNotifyPrivilege > > Is this evidence that my laptop was hacked into? > > Many thanks.

Reply

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

Please enter the search terms in the box below to search the entire site.