HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Question for computer exp...

Thu Nov 23, 2017, 09:35 PM

 

Question for computer experts

Can your computer be hacked into if it is turned off?

32 replies, 3049 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 32 replies Author Time Post
Reply Question for computer experts (Original post)
wasupaloopa Nov 2017 OP
unblock Nov 2017 #1
Egnever Nov 2017 #2
wasupaloopa Nov 2017 #4
Egnever Nov 2017 #6
wasupaloopa Nov 2017 #9
Eko Nov 2017 #12
wasupaloopa Nov 2017 #18
Egnever Nov 2017 #20
Eko Nov 2017 #21
Egnever Nov 2017 #23
DBoon Nov 2017 #28
mythology Nov 2017 #8
Egnever Nov 2017 #11
Egnever Nov 2017 #10
wasupaloopa Nov 2017 #14
Egnever Nov 2017 #16
wasupaloopa Nov 2017 #17
Egnever Nov 2017 #19
wasupaloopa Nov 2017 #22
wasupaloopa Nov 2017 #24
Denzil_DC Nov 2017 #25
rufus dog Nov 2017 #29
moriah Nov 2017 #13
wasupaloopa Nov 2017 #15
The_jackalope Nov 2017 #3
Leith Nov 2017 #5
Eko Nov 2017 #7
lapfog_1 Nov 2017 #26
PJMcK Nov 2017 #27
wasupaloopa Nov 2017 #31
blogslut Nov 2017 #30
TheBlackAdder Nov 2017 #32

Response to wasupaloopa (Original post)

Thu Nov 23, 2017, 09:36 PM

1. With a saw, sure.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Original post)

Thu Nov 23, 2017, 09:37 PM

2. Define hacked

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Egnever (Reply #2)

Thu Nov 23, 2017, 09:41 PM

4. Micro Soft said someone logged into my

 

account using Chrome from Washington DC an hour ago.

Microsoft had me change my password
I live in CA and never use chrome

I also had to change my Facebook password yesterday weird messages were sent from my Facebook account

This happened a day after I got one of those weird messages and opened it

I am on the road using my cell phone
My computers are at home turned off

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #4)

Thu Nov 23, 2017, 09:44 PM

6. Microsoft will never ever call you

 

That do not care one but if you are hacked.


You have been scammed it sounds like to me and likely are being hacked as we speak since you gave up passwords to someone on the telephone claiming to be Microsoft.

Microsoft will never call you they don't even have your number.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Egnever (Reply #6)

Thu Nov 23, 2017, 09:47 PM

9. They did not call I got emails

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #9)

Thu Nov 23, 2017, 09:50 PM

12. Hopefully

you did not follow a link from that email to reset your passwords, if so got to microsoft.com and reset your passwords immediately.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Eko (Reply #12)

Thu Nov 23, 2017, 09:59 PM

18. Microsoft sent me an activity log and asked if

 

it was me, I answered no

They asked for last four of my phone number
I entered that and got a text with s security code

I had to enter that to reset my passeord

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #18)

Thu Nov 23, 2017, 10:05 PM

20. That sounds pretty close to their typical procedure

 

That said I would still go to the Microsoft site directly and change it again to be safe.

It sounds like a legitimate response from Microsoft but clicking links in emails to reset passwords makes me very nervous.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #18)

Thu Nov 23, 2017, 10:05 PM

21. I had to reset mine once

and that sounds about right.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #18)

Thu Nov 23, 2017, 10:06 PM

23. Oh and ...

 

I would not use the possibly compromised computer to change the passwords either.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Egnever (Reply #6)

Thu Nov 23, 2017, 11:13 PM

28. Microsoft will never call you unless you have already paid them to call you

Whoever called you was lying.

Remember, no for profit corporation ever does anything without being paid first.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #4)

Thu Nov 23, 2017, 09:44 PM

8. If the malware got onto your computer when you opened a message, it wasn't turned off

 

Download, install and run Malwarebytes. I suspect it will find some issues.

Also Microsoft wouldn't call you to tell you somebody logged into your Chrome account. You should change your password again, especially if you gave the person your password.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mythology (Reply #8)


Response to wasupaloopa (Reply #4)

Thu Nov 23, 2017, 09:47 PM

10. On reading your response a second time

 

It sounds like your Microsoft account was hacked.

If that is what you meant by Microsoft saying someone logged in from another area.

Your online accounts can be hacked regardless of the state of your computer.

All of that info is stored on other computers not yours.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Egnever (Reply #10)

Thu Nov 23, 2017, 09:51 PM

14. What could they do hacking into my Microsoft

 

account my computers are off it is my phone I have been using

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #14)

Thu Nov 23, 2017, 09:52 PM

16. Well that depends on what you do with your account

 

And how much in you gave Microsoft in the first place when you created it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Egnever (Reply #16)

Thu Nov 23, 2017, 09:55 PM

17. My Microsoft account is for my email

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #17)

Thu Nov 23, 2017, 10:00 PM

19. Then if it is indeed hacked they have access to all your mail

 

I would highly encourage you to look at all off your online accounts and change passwords and enable two factor authentication where available.

They could also use access to your email account to reset passwords of other online accounts.

As someone else said you should have your computer looked at by a professional or at the very least run a Malwarebytes scan.

Two factor authentication can avoid this happening in the future.


Last bit of advise never change passwords from a link in an email go directly to the site yourself to change the password.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Egnever (Reply #19)

Thu Nov 23, 2017, 10:06 PM

22. I run malwarebytes daily

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Egnever (Reply #19)

Thu Nov 23, 2017, 10:06 PM

24. Thanks

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #24)

Thu Nov 23, 2017, 10:19 PM

25. So it sounds like you may have been phished.

As well as the good advice above, if you use your email account for anything financial - online banking, shopping, PayPal, anything where account details might be available to someone who can look through your emails - you need to safeguard yourself against that being exploited.

If you do use anything like that, you may want to contact your bank; once you have access to a secure email account again, change any passwords that might have been exposed, that sort of thing.

You may need to change your social media passwords, too (including DU!) if you used that email address for registration and didn't delete the emails.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Denzil_DC (Reply #25)

Fri Nov 24, 2017, 01:01 AM

29. Quick check to see if you were phished

 

Look at the email you first received and google the from account, should be @microsoft.com.

After googling you will likely be able to figure out if the sent address is valid. If it is something like microsoft.ru or something else you are not used to seeing then back off.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Reply #4)

Thu Nov 23, 2017, 09:51 PM

13. Just to be clear, did you get an email from your Microsoft account, or..

... a phone call?

Many times they will email you if a new device accesses your Microsoft account, but that doesn't mean they accessed your personal computer. If your FB was hacked and you were using the same password for your Microsoft account, it's not surprising it was the next targeted.

I agree with scanning your computer or getting someone you know who is a sympathetic egghead to do it for you is a good idea, but I think people are jumping the gun on assuming this was a phone-call scam.

Microsoft does send email notifications if unknown devices log into Microsoft accounts, including sometimes your own cell phone.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to moriah (Reply #13)

Thu Nov 23, 2017, 09:52 PM

15. I got emails

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Original post)

Thu Nov 23, 2017, 09:39 PM

3. No.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Original post)

Thu Nov 23, 2017, 09:41 PM

5. First Google Response

http://ask-leo.com/can_my_computer_be_hacked_if_it_is_turned_off.html

In this excerpt from Answercast #12, I walk through an unlikely scenario that could allow a turned-off computer to be hacked and show you how to prevent this from happening.



Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Original post)

Thu Nov 23, 2017, 09:44 PM

7. If it is connected to the internet

and wake up on lan is enabled in bios and os it very possible. Someone would have to have set the computer for this as there are multiple steps. Short answer is yes, long answer is not very probable unless someone has had physical access and set it up for that.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Original post)

Thu Nov 23, 2017, 10:29 PM

26. theoretically, yes


Since all computer hacks generally involve changing a collection of bits on a storage device or some other non-volatile storage, it would be possible to make the "hack" on the storage device either by making direct changes to the storage ( almost impossible ) or by attaching the storage device to another computing system (or some sort) and making the needed changes there. This would require physical access to the computer to be hacked.

In any event, this is a lot of trouble to accomplish so it is not very likely.

OTOH, changing the bits on the storage device using another computing device to make the modifications would be almost undetectable ( again, assuming physical access ).

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Original post)

Thu Nov 23, 2017, 10:37 PM

27. Why are you concerned? (n/t)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to PJMcK (Reply #27)

Fri Nov 24, 2017, 07:38 AM

31. My microsoft account was hacked I had to change the password

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Original post)

Fri Nov 24, 2017, 02:24 AM

30. Sounds like a Phish attempt as stated above.

I got a similar email about a month ago. Said it was from Google but it was sent to the email address I use as a backup for my actual Gmail account. It told me that an attempt had been made to log on to one of "my" Android devices. Thing is, the email message said someone tried to access my device from another state. Also the Google email address they said was mine was not mine - remarkably similar but not the same.

The phishing email gave me a handy, clickable, Google link to change my password, only the link didn't look like any Google link I'd ever seen. I did not click it. Instead I went to Google on my own and changed my password. I went and changed the password to my backup email account too.

Here's the thing about email addresses. If you've had one for any length of time and you've done something relatively innocuous like subscribe to a newsletter or open an online account for a shop or a service, if you've even emailed your congressperson, at some point your email is going to get sold (or shared) as part of a list because email lists are assets.

Oh sure, they all slap up a boilerplate privacy statement, promising they will never sell your email but they lie. If that cool tech shop or pet supply site sells their business or the owner declares bankruptcy, of course they're going to sell their email list because email lists are assets.

I'm not saying that you need to get a new email address. Hell I have one that's going on 20 years old. What I'm saying is definitely get more than one email address but not so many that you can't keep track.

Never click on links in an email. Instead, go directly to the websites you need to deal with. Turn off the preview pane in your email software or online account. Disable auto-display of HTML and Images in your email settings. And don't open an attachment unless you are positive it's from someone you know and even then, think twice before you do it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to wasupaloopa (Original post)

Fri Nov 24, 2017, 08:43 AM

32. If Network attached, an Intel vPro chip and Intel Network card... easily. Others, more difficult.

.

For over 10 years, the government has required the following devices to have access points for the NSA:

Routers, both home and business (ie. Cisco got caught with one last year)
Mainboards (ie. your motherboard)
Operating Systems (like MS products and government-funded versions of Linux)

Obama, expanded the blanket search order just before leaving office that allows up to one million computers to be "hacked" on one warrant. But, the computers aren't really being hacked. There are access points and gate calls that allow direct penetration into a computer within milliseconds. Obama's order expanded what could be done to those computers too. From not just accessing and extracting information, to also allowing the government to remove, delete and add code or files onto the computer(s).

Microsoft and AT&T are chief NSA collaborators. One of the reasons for the big push to Windows 10 is that it enhances data mining and adds Cortana which is difficult to fully disable. Folks with fully-licensed WIN7 computers were badgered to upgrade their operating systems to help meet this need. You had to install 3rd-party blockers to prevent the accidental upgrades to reminders from popping up. Go to EFF and do a quick find on AT&T to see how they harvest data for the NSA.

https://www.eff.org/nsa-spying

https://www.eff.org/deeplinks/2014/05/how-nsa-transforming-law-enforcement

https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive


The vPro chips further expand the access into a computer, by providing enhanced remote signon for desktop support services for company help-desks, or so claimed, yet only a handful of Non-vPro chips are offered. Most home computers are shipped with them installed. You have to actually find the CPU version on a PC/laptop for sale and go to Intel to see if it is a vPro chip, because often it is not readily known from just looking at the box or description.


Intel also has their Intel Management Engine, which a quick trip to tomshardware.com or zdnet.com will show many hits on this. Purism and Google are trying to disable this feature, because it is actually a second processor that runs a MINUX operating system on it that allows full control of a computer without leaving any traces. Purism was able to disassemble some of what this code does, so it is not speculation that Russia, China, other Nation States, organized crime or hackers could do the same.

https://puri.sm/learn/intel-me/

http://www.tomshardware.com/news/intel-me-security-vulnerabilities-patches,35971.html

http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/

With knowledge of iME, ANYONE can access a computer while leaving absolutely NO TRACE they were doing it.

.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread