Is your computer being monitored?July 23, 2015 No Comments
With the relentless advance of technology into all areas of our lives it should be no surprise to know that we’re also living in the age of surveillance. From governments to corporations our personal information is sliced, diced and endlessly dissected, all for ‘justifiable’ purposes whether it’s fatter profits or for the sake of ‘security.’ However, snooping has also reached down to more mundane levels driven by a mini-industry in domestic spying software pitched at fevered spouses, concerned parents and paranoid bosses. In short, spying on others has become commonplace. But of course, being spied upon isn’t pleasant. If you think you’ve become a victim of someone else’s over reach then here’s a guide on identifying monitoring software on your computer – and getting rid of it.
Are your secretly working for a foreign intelligence agency? Have you developed a fool proof algorithm that has cracked the ups and downs of the stock market? Are you in the cross hairs of a private investigator because you’ve been secretly siphoning client’s bank accounts? Of course you’re not. But if you were, there would be every chance that your computer would be monitored by spy software.
Spying software is usually something associated with cyber espionage and indeed a tool employed by nation states to steal others secrets. But there has also been explosive growth in commercial snooping software creating a mini-industry of sorts fuelled by jealous spouses, worried parents and even bosses who are clearly overstepping the mark.
In fact, today snooping on others has become almost commonplace. If you work in a corporate environment for instance, you should assume that everything you do on your computer can be seen, because it’s a given that your computer and emails are being monitored.
Creepy and intrusive
Of course it feels creepy and intrusive but from the perspective of the IT department its justified for security reasons. By monitoring email for instance, attachments that could contain a virus or spyware can be blocked. However, simply because the technology is available today, it will be used for questionable purposes. Some police departments are also taking to remote spying software though how widespread this is, we don’t know.
But the recent exposure of Hacking Team documents certainly offered some startling insight into how commonplace cyber snooping has become. Hacking Team is an Italian snooping software vendor. It has a reputation for trampling on human rights concerns and selling to organisations and governments that have been blacklisted by human rights groups. In the latest expose Insitu a subsidiary of Boeing, explored the possibility of injecting Hacking Team malware into computers from surveillance drones via Wi-Fi.
This illustrates just how rampant cyber snooping has become, and lets not even mention the National Security Agency (NSA), who are clearly setting a lead. However, at a more mundane, but no less damaging level spy software is increasingly being used for domestic purposes. The most common is the fear and suspicion of a cheating spouse. If you think someone is spying on you there are some simple steps you can take to find out.
One of the most common methods is the use of third-party software. It isusually known as remote control software or virtual network computing (VNC) software and it allows someone to see why you are doing on your computer. However, it needs to be installed on your computer in the first place, which means someone needs to sneakily do the deed on your computer when you’re not around.
Look for spy programs
That said it can be easy to detect if you know what you are looking for. These third party programs are common and some of the most common and popular are VNC, RealVNC, TightVNC, UltraVNC, LogMeIn and GoToMyPC. These programs allow a user to see the desktop, run applications, change settings, and access data as though they were sitting in front of the computer. Typically, they are not billed as spy software, rather as tools for IT administrators to manage a fleet of computers.
If you have suspicions that your computer is being monitored you need to check the start menu see which programs are running. Simply go to ‘All Programs’ and look to see if something like the software mentioned above is installed. If so, then someone is connecting to your computer without you knowing about it. If none of the above programs are running but there are one or two you don’t recognise, do an internet search on the program name to discover whether it is spying software or not.
It might seem a bit sloppy to furtively install this type of software on someone’s computer but many people who install spy software often assume that the ‘victim’ is ignorant about software on their computer and wouldn’t understand what it was even if they stumbled across it.
Usually if one of the above listed programs is installed there will also be an icon for it in the task bar. So you can also check your icons and see what is running. That’s said it’s easy for monitoring software to hide the taskbar icon, so if you don’t see anything unusual there, it doesn’t mean you don’t have monitoring software installed.
Check the ports
These tasks are relatively easy to carry out even for people without technical knowledge. If you’ve checked the installed programs and you’re still reasonably suspicious that someone is monitoring you (and it’s not the TV telling you so) then as a next step you can check the computer’s ports.
If you’re not technically proficient there’s no need to recoil in horror at running the rule over ports, it is reasonably straightforward. Ports are a virtual data connection in which computers share information directly, so if you’ve got spy software on your system, a port should be open to enable the data transfer.
You can check all the open ports by going to Start, Control Panel, and Windows Firewall. Then click on ‘Allow a program or feature through Windows Firewall’ on the left hand side of the box. This will open another box and you’ll see a list of programs with check boxes next to them.
The ones that are checked are ‘open’ and the unchecked or unlisted ones are ‘closed’. Go through the list and see if there is a program you’re not familiar with or one that matches VNC, remote control and so on, suggesting a spying program. If you do discover one, you can simply halt it in its tracks by unchecking the box; putting paid to the snooping misdeeds.
Nail the TCP connections
However, if blocking spies was a simple as checking the ports and which programs are running on your computer the spied upon would be rolling in clover and the spies would be scuttling off gnashing their teeth.
Unfortunately, it can be rather more complicated. Checking the ports is a necessary step and it may help identify and stop snoopware. However, in some cases the spying software may only have an out bound connection to a server, which means that the communication is one-way and data from your computer is being sent elsewhere.
In Windows operating systems all out bound connections are allowed which means nothing is blocked. So if all the spying software does is record data and send it to a server, then it only uses an outbound connection which won’t show up in the ports list mentioned above.
However, you can identify outbound connections by using something called Transmission Control Protocol (TCP). TCP shows you all the connections from your computer to other computers. Identifying these connections is not as technical as it sounds; it just requires a few careful steps.
To make it easy you can download a TCPView program which shows all the TCP connections without you having to fiddle around. When you do this you’ll see a box which lists several columns. On the left side is the process name, which will be the programs running. You’ll see things like Mozilla Firefox (or the browser of your choice), BullGuard and other programs such as Microsoft Office and Skype.
See what’s running
By looking at the ‘State’ column you’ll see processes listed under ‘Established’. In layman’s terms this means there is currently an open connection, for instance Skype or Google Chrome. What you need to do is filter the list to nail down and identify processes you don’t recognize.
If you’re running BullGuard for instance you’ll expect to see it but if there is something you don’t understand you need to figure out what it is. This is made easy by simply doing an internet search for the process name. The search results will tell you whether the process is spying software or not.
You can also check the Sent Packets and Sent Bytes columns which are also in the TCP view. These help you instantly identify which process is sending the most data from your computer. If someone is monitoring your computer, they have to be sending the data somewhere and you should see it here too.
Move to another country?
These are the basic techniques to establish whether you are being spied on via monitoring software that has been stealthily installed on your computer. These steps should certainly help you discover this ‘low-level’ cyber spying and help you identify jealous partners or fevered bosses.
But of course cyber spying can go much deeper. For instance, apparently the NSA has learnt how to hide spying software within hard drives made by Western Digital, Seagate and Toshiba. This is deep, literally and figuratively, and gives the potential for the NSA to just about snoop on most computers in the world.
With this level of cyber snooping it’s typically beyond the ability of most people to identify. Hopefully your concerns are more mundane. But if you have carried out the steps above and you still have real and valid suspicions then perhaps you ought to seek help from your local expert computer shop or move to another country and never use a computer again?Featured Articles