1. Computing

Help! I Think I've Been Hacked

Incident Response To Recover Your System Quickly

By

Your computer starts to run a little weird. You notice the drive light blinking when you aren’t doing anything and the system seems a little slow. In the middle of writing an important document for work your system suddenly reboots for no reason. At first you may shrug it off, then you notice some weird program in your Startup group. There is a good chance your system has been hacked.

Had you been exposed to a massive dose of gamma radiation you might turn green and ripped with muscles bursting out of your clothes and set off destroying everything in your path until you find the perpetrators and make them pay. Since your average person can’t turn into The Incredible Hulk, we have to settle for getting angry and saying “help! I think I’ve been hacked!!”

Various emotions may overtake you but it is important to act quickly and decisively to stop any ongoing intrusions, determine the extent of the damage caused and secure and protect your system for the future.

Unfortunately, if you did not prepare in advance for such an incident you probably are finding out much later than you should have and you have next to nothing to go on in trying to determine what occurred- how did the intruder get in? When did they intruder get in? What changes have been made to the system?

When you first realize you may have been hacked you need to decide your course of action. Your initial reaction may be to disconnect your computer from the Internet or shut it down entirely to break the connection with the hacker. Depending on the situation this may be the way to go. However, you may find many more clues and gather more evidence by performing certain actions while the system is still live.

If the system in question contains sensitive or classified material that you feel might be in jeopardy or if you believe your computer might be infected with a virus or worm that is actively propagating (sending itself out) from your computer you probably need to go ahead and disconnect from the Internet at the very least.

There are six essential phases that make up incident response:

  • Prepare to detect and respond to incidents
  • Detect incident
  • Gather clues and evidence
  • Clean system and patch vulnerabilities
  • Recover lost data or files
  • Take lessons from incident and apply them to secure for future
  • ©2014 About.com. All rights reserved.