Hacking Question Advice Needed?

[robin.mckay80]

Hello,

I just wanted to ask a question about computer hacking as there is a situation going on in my workplace right now and its really frightening.

Basically, my Facebook account got hacked and there were comments on it that I never made.

I have contacted Facebook and got the police involved.

However, my major concern is that what if the police find no evidence of hacking? What does that mean for me then?

Is it possible for a hacker to leave absolutely no trace of their activities on your system?

Should it come about that no evidence of hacking could be found, I would see no other option but to hand in my letter of resignation because then nobody would believe it wasn't me who did this when I didn't.

I am feeling really scared and concerned at the moment and I am worried for my state of mind.

Please help.

Thanks.

[Max Hallam]

It is more likely that your email account was compromised to then gain access to your Facebook account. If you have anything connected to your email account that would give away your IP address then yes, it is entirely feasible for a hacker to connect through a proxy and mask their traffic as yours - making it seem as if you were the only one ever to access the account.

Barring that possibility, hackers can connect through proxy servers and notably, the software known as Tor which reroutes your connection through hundreds of different countries around the world. Unless the hacker was positively brain-dead, they would have left nothing that allows them to be traced back.

[PoohBearPenguin]

The cops won't find any evidence of hacking because the cops are completely useless for anything online related.

Only Facebook can show evidence of hacking. For instance, if you log in from home or the office everyday, then their records will show the same IP#. If suddenly a new IP# is used when logging into your account that could be indication of someone else accessing your account. Of course it could be that you're on vacation and are trying to update your wall, which is why Facebook will ask you a series of questions to (supposedly) verify it's really you.

Also keep in mind that all I need is your password. I don't need to do anything to your computer at all. Maybe you logged into Facebook using a public, unencrypted WiFi network - like the one at Starbucks or the Airport. Or maybe you used a public computer at school and didn't log off. There are lots of ways of getting your password that don't require the bad guy to access your computer at all.

In the meantime, CHANGE YOUR PASSWORD. Choose a strong password that is not a word and not easily guessable any one. NEVER GIVE OUT YOUR PASSWORD TO ANYONE. Facebook will never ask for your password (they can find it out themselves.) Do NOT use the same password for multiple accounts - ESPECIALLY for important things like email accounts, Facebook, your bank, etc. If you need help remembering your passwords, try Lastpass.com which lets you manage your passwords online. Or use a program like Password Safe (which is what I do.) Also, change your security questions. Do not use the correct answers - those can be easily guessed by a hacker if he does some research on you. For example, use the question "Where were you born" but don't use your birth city. Instead, use something totally random. This will make it harder for someone to change your password by using your security questions. Just make sure you make a note of what you used for your security answers (with LastPass.com or Password Safe) so that you can still access your account.

Some sites, like Gmail, are now using additional security methods, like sending a special code to your smartphone that you need to type into the login page. Sign up for this if available. Yeah, it makes logging in a bit more of a hassle but it also makes your account much more secure.

[ArcadianStormcrow]

There's two most likely possibilities - they got to your account by guessing your password/security questions, or they got your password from malware on your system.

First thing I'd recommend would be to run anti-virus scans on your PC. If you've got IT techs at your workplace, I'd speak with them about it. If you have a home PC, I'd recommend doing the same thing there.

Next, update your password for both facebook and email, and consider changing your security questions. Don't be afraid to use "false" answers (so long as you can remember what you set them to) - for instance, using "Albuquerque" as your mother's maiden name, etc.

Facebook can provide (or, at least, should be able to provide) the IP that the posts came from to the police. The police would then need to subpeona records from the internet provider that hosts that IP, and track that back to a person. Depending on what the comments were, they might not pursue terribly far - it depends on the available resources and how severe they consider the crime.

Your best bet is going to be the source IP and timestamp from Facebook - if you can show that the comments couldn't have been posted by you (for instance, it was posted by someone in another state, or it was posted from your compromised computer at midnight when you can show you weren't there), then you've got something to work with. I'd recommend discussing the matter with your HR department as well - depending on what the comments were, you might be the target of intraoffice harassment.