Main Page 
PC Review
Forums
Newsgroups
Windows XP
Windows XP Security
Laptop hacked into by security officials during pre-flight check
Forums
Newsgroups
Windows XP
Windows XP Security
Laptop hacked into by security officials during pre-flight check
 |
Laptop hacked into by security officials during pre-flight check |
|
|
Thread Tools | Rate Thread |
22-05-2007, 11:17 PM
|
#1 |
|
Guest
Posts: n/a
|
Laptop hacked into by security officials during pre-flight check
Recently y laptop was taken away from me for "security" examination at JFK
Airport at the security check for a flight to a destination in the Middle East (known for its stringent security procedures). Given my employment, the interest in the contents of laptop by these particular security agents was not entirely surprising. The logbooks give strong reason for me to believe that security agents hacked into my (Windows password protected) laptop. I also suspect that my laptop was connected to the internet given that the Adobe Acrobat Updater had started and the last "offline content" webpage was the login webpage to my internet email account whilst I had not recently visited that page. I had absolutely nothing to hide but feel nevertheless that, absent any probable cause, this represents a gross invasion of privacy unjustified by any law enforcement rationale. How do I confirm that my laptop was hacked into and that it was connected to the internet? The logbooks have a series of entries which I find difficult to understand. Can anybody explain "translate" this particular logbook entry (copied below) into regular non-IT English? (I've translated some of this into English from another European language so some of this may not be standard IT-speak.) Event Type: Control of succesful events Origin of event: Security Category of event: Use of authorizations Event-ID: 576 Date: [deleted for privacy considerations] Time: [deleted for privacy considerations] User: NT AUTHORITY\Netwerkservice Computer: [deleted for privacy considerations] Description: Special authorizations granted to a new logon user: User name: Netwerkservice Domein: NT AUTHORITY Logon-ID: (0x0,0x3E4) Priviledges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege Is this evidence that my laptop was hacked into? Many thanks. |
|
|
23-05-2007, 12:10 AM
|
#2 |
|
Guest
Posts: n/a
|
Re: Laptop hacked into by security officials during pre-flight check
From: "Ms. Blond 2007" <Ms. Blond 2007@discussions.microsoft.com>
| Recently y laptop was taken away from me for "security" examination at JFK | Airport at the security check for a flight to a destination in the Middle | East (known for its stringent security procedures). Given my employment, the | interest in the contents of laptop by these particular security agents was | not entirely surprising. | | The logbooks give strong reason for me to believe that security agents | hacked into my (Windows password protected) laptop. I also suspect that my | laptop was connected to the internet given that the Adobe Acrobat Updater had | started and the last "offline content" webpage was the login webpage to my | internet email account whilst I had not recently visited that page. I had | absolutely nothing to hide but feel nevertheless that, absent any probable | cause, this represents a gross invasion of privacy unjustified by any law | enforcement rationale. | | How do I confirm that my laptop was hacked into and that it was connected to | the internet? The logbooks have a series of entries which I find difficult | to understand. | Can anybody explain "translate" this particular logbook entry (copied below) | into regular non-IT English? (I've translated some of this into English from | another European language so some of this may not be standard IT-speak.) | | Event Type: Control of succesful events | Origin of event: Security | Category of event: Use of authorizations | Event-ID: 576 | Date: [deleted for privacy considerations] | Time: [deleted for privacy considerations] | User: NT AUTHORITY\Netwerkservice | Computer: [deleted for privacy considerations] | Description: | Special authorizations granted to a new logon user: | User name: Netwerkservice | Domein: NT AUTHORITY | Logon-ID: (0x0,0x3E4) | Priviledges: SeAuditPrivilege | SeAssignPrimaryTokenPrivilege | SeChangeNotifyPrivilege | | Is this evidence that my laptop was hacked into? | | Many thanks. No ! -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
|
|
|
23-05-2007, 05:12 AM
|
#3 |
|
Guest
Posts: n/a
|
Re: Laptop hacked into by security officials during pre-flight check
Ms. Blond 2007 wrote:
> Recently y laptop was taken away from me for "security" examination > at JFK Airport at the security check for a flight to a destination > in the Middle East (known for its stringent security procedures). > Given my employment, the interest in the contents of laptop by > these particular security agents was not entirely surprising. > > The logbooks give strong reason for me to believe that security > agents hacked into my (Windows password protected) laptop. I also > suspect that my laptop was connected to the internet given that the > Adobe Acrobat Updater had started and the last "offline content" > webpage was the login webpage to my internet email account whilst I > had not recently visited that page. I had absolutely nothing to > hide but feel nevertheless that, absent any probable cause, this > represents a gross invasion of privacy unjustified by any law > enforcement rationale. > > How do I confirm that my laptop was hacked into and that it was > connected to the internet? The logbooks have a series of entries > which I find difficult to understand. > Can anybody explain "translate" this particular logbook entry > (copied below) into regular non-IT English? (I've translated some > of this into English from another European language so some of this > may not be standard IT-speak.) > > Event Type: Control of succesful events > Origin of event: Security > Category of event: Use of authorizations > Event-ID: 576 > Date: [deleted for privacy considerations] > Time: [deleted for privacy considerations] > User: NT AUTHORITY\Netwerkservice > Computer: [deleted for privacy considerations] > Description: > Special authorizations granted to a new logon user: > User name: Netwerkservice > Domein: NT AUTHORITY > Logon-ID: (0x0,0x3E4) > Priviledges: SeAuditPrivilege > SeAssignPrimaryTokenPrivilege > SeChangeNotifyPrivilege > > Is this evidence that my laptop was hacked into? > > Many thanks. No. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
|
|
|
23-05-2007, 01:46 PM
|
#4 |
|
Guest
Posts: n/a
|
RE: Laptop hacked into by security officials during pre-flight check
Unfortunately I imagine that you have been using the laptop since the
incident. As such you have oblitherated most of what might be evidence. Computer forensics depends on having access to an unmolested system sooner rather than later after the incident. If the nature of your business is of such a critical nature that you are concerned about your system being accessed, you should be using one of the many full disk encryption products on the market. These are programs that run and prevent access to the system pre-bios so that the system cannot even get booted from a floppy/CD/USB drive. If you are not, and your data is that sensitive, shame on you. "Ms. Blond 2007" wrote: > Recently y laptop was taken away from me for "security" examination at JFK > Airport at the security check for a flight to a destination in the Middle > East (known for its stringent security procedures). Given my employment, the > interest in the contents of laptop by these particular security agents was > not entirely surprising. > > The logbooks give strong reason for me to believe that security agents > hacked into my (Windows password protected) laptop. I also suspect that my > laptop was connected to the internet given that the Adobe Acrobat Updater had > started and the last "offline content" webpage was the login webpage to my > internet email account whilst I had not recently visited that page. I had > absolutely nothing to hide but feel nevertheless that, absent any probable > cause, this represents a gross invasion of privacy unjustified by any law > enforcement rationale. > > How do I confirm that my laptop was hacked into and that it was connected to > the internet? The logbooks have a series of entries which I find difficult > to understand. > Can anybody explain "translate" this particular logbook entry (copied below) > into regular non-IT English? (I've translated some of this into English from > another European language so some of this may not be standard IT-speak.) > > Event Type: Control of succesful events > Origin of event: Security > Category of event: Use of authorizations > Event-ID: 576 > Date: [deleted for privacy considerations] > Time: [deleted for privacy considerations] > User: NT AUTHORITY\Netwerkservice > Computer: [deleted for privacy considerations] > Description: > Special authorizations granted to a new logon user: > User name: Netwerkservice > Domein: NT AUTHORITY > Logon-ID: (0x0,0x3E4) > Priviledges: SeAuditPrivilege > SeAssignPrimaryTokenPrivilege > SeChangeNotifyPrivilege > > Is this evidence that my laptop was hacked into? > > Many thanks. |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
