Recently I’ve received a panic call from my customer claiming that someone might have hacked into his system and sending out emails without his knowledge.
He was very sure that it is a stolen identity hacking activity and he claims that he knows when it happened, which he believes is during the time when he was in Malaysia for a business meeting and should be during the time when he was using a public computer in a cyber cafe in Kuala Lumpur. He was very certain it is during there and then when it happened.
I asked him how he knows about the “stolen identity” incident and he starts to shed more light into it. In the end, I discovered that his so-called “stolen identity” incident was nothing more than his business associates and friends receiving mails from him recommending them to buy “some enlargement device” or “prolonging pills” and such, basically, he was just another spam victim being masquerated as the originator. That’s all!!
I explained to him that someone from somewhere had managed to get a hold of his email address and using their email system to send out spam mails, but using random email addresses as the original sender, and in this case, his email address, to send out thousand of spam mails. Some of which belongs to his associates and friends.
To be on the safe side, however, I did a thorough check on his system looking for worms, viruses, spywares and any other rootkit malware or such, and his system is cleaned, very clean in fact, as we just did our maintenance for his system just 3 weeks ago!
After much tracing, we begin to suspect that these mails originate from one of his business partner. I made a quick call to the other party and asked them to check for some virus signature and voila, it is their computer that is infected and even during our teleconversation, the computer there was busy sending out more mails and generate lots more traffic.
I advised them to shut that system down and offered to check it for them later, chargeable of course, and yup, managed to clinch another deal the next day and probably will have our maintenance agreement signed too No good gestures goes unrewarded …
As for my panic-stricken customer, I do applaud him for calling us to check his system immediately but was quite puzzled as to why he use a public computer and not his personal laptop when he was in Kuala Lumpur. He claims that he thought of going shopping after his meeting so did not bring his laptop, and to him, it is more of a personal time out until his secretary in Singapore asked him to check something urgently, which he then has no choice but to use the public computer.
Don’t get me wrong, it is perfectly alright to use public computers to do your stuffs or surf the web, but there are some steps you’ll need to take to protect yourselves against any potential problem in the future.
I’ve outlined them below for your reading pleasure and hopefully you’ll remember to do it when you are using any public computer at any cyber cafe in any country, including Malaysia
Pay attention to your surroundings and use common sense
Beware of strangers around you, there might be potential shoulder surfers within your vicinity and always remember that a public computer is open to anyone.
Don’t view any sensitive documents from these computers
Look around and make sure no security camera are looking over your shoulder
Cover your hands when entering any login information, much like when you are using ATM (Auto-Teller Machines)
Don’t do online banking and online shopping
Even when you are using a bank’s triple secure login, it is still not advisable to use a public computer for your banking transactions, no matter what.
When you shop online using a public computer, you’ll inevitably need to key in your credit card details or Paypal login information, which will then expose yourselves to unnecessary financial crimes. Therefore, it is not advisable to shop online using a public computer. If you really need to, you may consider shopping at ShopBug.com, as we offer Cash-On-Delivery (COD) services, which means that you don’t need to key in any financial details and that means that you are somewhat less vulnerable. However, truth be told, if you are out of your home and in a cyber cafe, just get out of there and do some real shopping with your feet rather than a few mouse clicks
Don’t divulge your credit card details
As mentioned above, unless you want to be another statistics in the latest financial crime, don’t ever attempt to give your credit card details in any of these public computers
Don’t save passwords
I think it’s a very common sense to know that you should never save your password in any public computer, and if you are not aware of this also, I’ll really advice you to take part in some computer courses and know more about computing before you made any regrettable mistakes in the future.
As for your own personal computer or laptop which you believe to be secured, I’ll also adviced you NOT to save your passwords at all. It is such a primitive security but it does help to weed out casual trouble-makers, but if you let your systems remember your passwords, you might be in for a surprise when things really cropped out.
To make sure passwords are not saved in Internet Explorer 7, go to Tools | Internet Options | Content. In the AutoComplete panel, click the Settings button and verify that the Prompt Me To Save Passwords check box is deselected. None of the other AutoComplete features needs to be enabled either, so deselect them as well.
In Firefox, choose Tools | Options | Security and deselect Remember Passwords For Sites.
Don’t save files locally
By saving files locally on a public computer, you risk forgetting to remove it when you are done, and even if you do, traces of the file will still be lugging somewhere waiting for someone to retrieve it.
Use a flash drive instead to save your files and probably attach the flash drive to your key ring so you’ll be less likely to misplace it and create a new security problem.
Delete your Browsing History
When you’ve finished browsing, it’s a good idea to delete your cookies, form data, history, and temporary Internet files.
In Internet Explorer 7, you can do this all at once under Tools | Delete Browsing History. In older versions of IE, each of these must be deleted separately, under Tools | Internet Options.
In Mozilla Firefox, go to Tools | Options, click the Privacy tab, and select Always Clear My Private Data When I Close Firefox. By default, this erases your browsing history, download history, saved form information, cache, and authenticated sessions. Click the Settings button and select the options to erase your cookies and saved passwords, too.
Delete temporary files
If you use a public computer to surf the web only, step 6 above will help and this step may not be necessary for you. However, if you use Microsoft Office or any other applications on the public computer, then this step is very important to you.
Temporary files (often abbreviated to “temp files”), as opposed to temporary Internet files, are created when you use programs other than a Web browser. For instance, when you create a Word document, in addition to the actual document file you save, Word creates a temporary file to store information so memory can be freed for other purposes and to prevent data loss in the file-saving process. These files are usually supposed to be deleted automatically when the program is closed or during a system reboot, but unfortunately they often aren’t.
To find these files, do a search on all local drives (including subfolders, hidden, and system files) for *.tmp,*.chk,~*.*
This will bring up all files beginning with a tilde or with the extensions .tmp and .chk, which are the most common temp files. Once the search is complete, highlight all and Shift + Delete to remove them. (If you don’t hold down Shift, they’ll usually be sent to the Recycle Bin, which you would then have to empty.)
If you did not clear these files, somebody else will be able to open the temporary files and recover your full content from it!
Clear the pagefile
The pagefile is the location on the hard disk that serves as virtual memory in Windows. Its purpose is to swap out data from RAM so that programs can operate as if they have more RAM available than you actually have installed in the computer. Anything that can be stored in memory could also be stored in the pagefile.
To delete the pagefile, change the settings in Windows Explorer. Click View | Folder Options and the View tab, then scroll down and click Show Hidden Files And Folders. Deselect the Hide Protected Operating System Files check box. Now, find the file named pagefile.sys. It is usually (but not always) on the C: drive. Delete it; a new one will be created when the system reboots.
Reboot
When you’re finished using the public computer, the final thing you should do is a hard reboot. This will not only clear the pagefile, if you’ve enabled that option, but it will also clear out everything you did from the physical memory (RAM).
Boot from another device
This is a fairly advanced option, and one that is often overlooked. If you boot from either your own USB drive or from a CD, many of the problems mentioned above can be avoided. Today, many Linux distributions have the option of running completely in memory after booting from a CD.
If a public computer has had its BIOS options left at default (which happens more often than you would think), this could be an option. If you are able to do this and remember not to save any other files to the local hard drive, everything will be gone when you reboot.
Do remember that there is nothing you can do to make a public computer completely secure. A truly malicious owner or user could install a hardware keystroke logger that would be impossible to detect without actually opening the case and inspecting it. With that less-than-comforting thought, use common sense and use public computers only for nonsensitive tasks.