# Does anyone know anything about computer hacking technology, for my story?



## ironpony (Jul 31, 2016)

If someone wanted to hack into someone else's email or personal information, I was told that it can be done from a separate computer.  But another person told me that that is not true, and that the hacker would have to get onto his target's own computer specifically in order to hack in.

Does anyone know if hacking can be done from a remote computer, or if you need to be on the target's computer particularly?


----------



## Sleepwriter (Jul 31, 2016)

Okay, I'm guessing you have access to the internet, since you are posting this on the forum and not coming over and physically writing on my computer screen. This one, is a rather easy one that you can google and learn about.  There are also more than a couple movies out there on the subject, like Hackers.  A newer TV show called Mr. Robot is another option, where they do a bit of both.


----------



## shivanib (Aug 8, 2016)

Haha, there's so much email hacking in the news recently, I'm wondering if it really IS as simple as Googling it .

I would imagine you need a VPN to start with and some sort of program to do a remote takeover (rather than guessing at passwords).


----------



## Sam (Aug 9, 2016)

ironpony said:


> If someone wanted to hack into someone else's email or personal information, I was told that it can be done from a separate computer.  But another person told me that that is not true, and that the hacker would have to get onto his target's own computer specifically in order to hack in.
> 
> Does anyone know if hacking can be done from a remote computer, or if you need to be on the target's computer particularly?



Whoever is hacking will have to get _into_, not onto, the target computer. They can do that quite easily from another computer in a remote location. All they have to do is send their target an e-mail with an embedded remote access trojan (RAT) that activates once the e-mail is opened. That will give them back-door administrative access to the computer. Embed a keylogger into the same e-mail, and they'll have all the target's login details and passwords as well.

Admin note: Moved to Sensitive Research


----------



## ironpony (Aug 11, 2016)

Okay thanks, that helps a lot.

In my story, their is a serial killer type villain who is committing murders on video and is uploading them to a website which he made to be virtually untraceable, kind of like in the movie Untraceable (2008).  The one cop is blackmailing a hacker to beat the killer at his own game.  So the hacker isn't good enough skill wise to trace the website.  However, would the hacker be able to hack into the website and upload the cop's own video in order to get the killer to react and flush him out in a sting operation of sorts?

Or is it not possible to hack into a website that the hacker cannot trace to the source of where it's coming from?


----------



## ironpony (Aug 24, 2016)

Sam said:


> Whoever is hacking will have to get _into_, not onto, the target computer. They can do that quite easily from another computer in a remote location. All they have to do is send their target an e-mail with an embedded remote access trojan (RAT) that activates once the e-mail is opened. That will give them back-door administrative access to the computer. Embed a keylogger into the same e-mail, and they'll have all the target's login details and passwords as well.



I was wondering, if this trojan got on someone else's computer, would that computer owner notice that it's there?  Or are these hacking trojans meant to be invisible or cannot be found so easily?


----------



## Sam (Aug 24, 2016)

There a millions of bits of data floating around PCs: files that you never think about or see in your lifetime; files that are necessary for programs, such as Internet browsers, to work properly, but which you never give a second glance to; data that is continuously updating every time your computer installs a new update; thousands of files where any amount of malware can locate itself and never be detected with anything less than a deep scan of the system via anti-virus software. 

Where would a computer owner even start looking?


----------



## ironpony (Aug 14, 2018)

*How would a person discover if his computer was hacked in this case?*

For my story, basically a character's computer is hacked into and I want him to discover that his computer has been hacked. But the question I have is, how would he discover something like this?

I was told before that if on your computer, on a PC, you can tell if it says winlogon.exe twice, in the task manager, when it should just say it once.

However, would someone who knows how to hack into someone's computer know how to delete one of the winlogons, to avoid being discovered?  If the hacker can just delete one of them, then he would.  So is there anything that a hacker cannot cover up that the victim of the hacking could discover?


----------



## Ralph Rotten (Aug 14, 2018)

They might find their firewall disabled, or suspicious entries in the access tables.
They might see their cursor moving about as someone uses Windows remote access features to access the files.
They might get notifications from some web services that they are logged in elsewhere.
Access dates on their secret files may be during the same time they were away (or in jail).

But if they were really a cool super villain then they could find their traps sprung.
Savvy users (savvier than I) can set up active defenses that work like a counter-virus, attacking an intruder or infecting them. Some of these can collect an amazing amount of data on the remote computer, forwarding it to a cloud, or the owner's pc.


----------



## ironpony (Aug 15, 2018)

Okay thanks, so you are saying if they have computer knowledge, that they can trace who is hacking them, and there is no way the hacker can block such a trace?


----------



## JustRob (Aug 15, 2018)

Does winlogon.exe still exist in current versions of Windows? I haven't hacked any logon procedures for years now, so don't know the details any more. I know that GINA (Graphical Identification 'n Authentication) was pensioned off some time ago. I should point out that I was quite officially hacking additional customised security _into_ the system that my employers were using rather than hacking around what was there already for my own purposes. "Hacking" is just tinkering with the underlying systems regardless of one's reason for doing it.

One way of discovering that one's computer has been hacked is to notice that the very facilities that one would normally use to detect the hack have themselves mysteriously become disabled. I once noticed that the Task Manager on my computer had done this, which immediately set the alarm bells ringing in my mind. A casual user might not even notice it or just think "That's weird," rather than thinking "That's_ seriously_ weird!" 

The simple answer to your question should be that a person's anti-virus software would inform him that his computer had been hacked and automatically take steps to prevent the hack from having any effect. However, If you are asking how an undetectable hack can be detected then you are answering your own question. It won't be until the effects become apparent, by which time it is too late. 

Nowadays successful hacks are most likely to arise because the computer's owner actually allowed themselves to be deceived into authorising the hack, as an anti-virus system can only advise against any such action but not ultimately prevent it. A favourite approach by hackers is therefore to display messages on the computer telling the owner that it has already been hacked and giving instructions on how to eliminate the supposed hack, which are in reality the ones to install it. Nowadays computers are less likely to get hacked than people's brains are.

When writing fiction don't go into any detail on computer technology as it will be out of date long before the story gets published.


----------



## Ralph Rotten (Aug 15, 2018)

ironpony said:


> Okay thanks, so you are saying if they have computer knowledge, that they can trace who is hacking them, and there is no way the hacker can block such a trace?



Yes, but they'd need to be good.  Really good.
Even in the dark web people get hacked.


Is your villain any good at this stuff?


----------



## ironpony (Aug 19, 2018)

The villain already has a website with all this crime going on that the police and the hacker have been failing to hack to find out where it's coming from.  So the hacker decides to hack into a person he suspect's to be the villain's email instead to see what he can find.  So the villain is good enough to set up a website that has not been able to hacked, so maybe that means he is good enough to trace the hacker who has entered his email?


----------



## Ace (Aug 20, 2018)

I wanted to also mention that other common signs that a computer has been compromised is an unresponsive mouse/keyboard, extra/new programs on the desk top/start menu you didn't download, missing/edited/new files & folders in explorer, random pop ups asking you to download/run software you don't remember looking into, browser appearing different or even unresponsive, and limited accessibility with desktop icons (some work, some appear broken, some do nothing, etc).  These are only a few I could think of, but basically, something that seems off from how the computer usually operates could be a sign.  Depending on the computer skills of the character you're creating, then they may or may not know to investigate further.


----------



## ironpony (Aug 20, 2018)

Okay thanks, but some of those examples, sound like signs that are too obvious that the hacker would not want to leave behind.  I'm assuming a hacker wouldn't want to leave behind a pop ups, or make any of the files go missing, since he is not going to want the person know he has been hacked.


----------



## Ace (Aug 20, 2018)

ironpony said:


> Okay thanks, but some of those examples, sound like signs that are too obvious that the hacker would not want to leave behind.  I'm assuming a hacker wouldn't want to leave behind a pop ups, or make any of the files go missing, since he is not going to want the person know he has been hacked.



It depends on the skill level of your hacker and _when_ your character discovers the actual hacking.  If it so happens during the process, then yes it might be this obvious.  And these are actual examples I pulled from a cybersecurity textbook.


----------



## Ralph Rotten (Aug 20, 2018)

I dunno if the villain would actually set up a website.
He may do business on SilkRoad II (or III by now) but I doubt he would have a web site.  If he did store his data in a dark web cloud, it'd be encrypted. Your hero would need the encryption key or app to decrypt the data.
Modern encryption is 2048bit. The next level will be 4096bit (it is based on binary sequences.)

He may have a lot of data on his phone, and those can be hacked too.  Something to consider.
You could have the hero exploit a hole in his browser (Google Chrome runs on both platforms, and when you are logged in it brings along data that you may have accessed on your PC.)
So this guy's one hole in his defense is that he uses Chrome which shows his history, bookmarks, favorite sites, IPs, etc.
In fact with Chrome, you don;t even have to hack the PC or phone...you can just hack their account.
All you need is their username & password, and you can login as them.


----------



## ironpony (Aug 21, 2018)

Okay thanks, but the villain would use a burner phone, so the hero would not have access to such a phone, nor would he know the number of which burner phone that is.

The hero would not have the villains password to log into chrome either though.

As for the villain not using his own website, why wouldn't he use his own that he created?


----------



## ironpony (Oct 12, 2018)

Well as it turns out that in order to send a trojan, it has to be in an attachment.  But if a person was emailed this, they would have to open the attachment for the trojan to go onto their computer and do it's job.  But an attachment would alert the person, cause they are not going to open an attachment from someone they don't know.  Or if the hacker makes it look like from it came from someone they do know, the villain is going to want confirmation, since he isn't going to accept attachments, not knowing what they could be.

So is there anyway to hack someone's computer, without alerting the person, that they have to open an attachment in an email first?


----------



## Ralph Rotten (Oct 13, 2018)

Yes, you absolutely can hack a computer remotely.
Sometimes you get in by using click-bait or infected email.
Sometimes you can attack the router or gateway.
Sometimes you need to compromise a peripheral user, get them to click on an infected email, then use their access to step up to bigger players with more access (or to implant a bot while you are in there.)


I don't understand why the villain would be uploading videos of his own hits.


----------



## moderan (Oct 13, 2018)

ironpony said:


> Well as it turns out that in order to send a trojan, it has to be in an attachment.  But if a person was emailed this, they would have to open the attachment for the trojan to go onto their computer and do it's job.  But an attachment would alert the person, cause they are not going to open an attachment from someone they don't know.  Or if the hacker makes it look like from it came from someone they do know, the villain is going to want confirmation, since he isn't going to accept attachments, not knowing what they could be.
> 
> So is there anyway to hack someone's computer, without alerting the person, that they have to open an attachment in an email first?



Yes, and google has your answers. This is pretty elementary stuff.


----------



## ironpony (Oct 13, 2018)

The villain just does it to threaten society and get attention.

However, since he is a computer expert and manages to create a website of his that the police are not being able to trace, it also means he would be smart enough to click on any click bait or open emails without confirmation that from the sender that it is not infected.

But in my research, every way to hack into someone's computer remotely, requires the person to open an email it seems.


----------



## Ralph Rotten (Oct 14, 2018)

ironpony said:


> The villain just does it to threaten society and get attention.
> 
> However, since he is a computer expert and manages to create a website of his that the police are not being able to trace, it also means he would be smart enough to click on any click bait or open emails without confirmation that from the sender that it is not infected.
> 
> But in my research, every way to hack into someone's computer remotely, requires the person to open an email it seems.





Nah. There is always social engineering, and good old fashioned hacking.
As I mentioned in a previous post, the easiest way to hack them would be to hack their browser.
Once you own that, then you likely have access to all their saved passwords, URLs, etc.

Click bait is how hackers attack the masses. But with a single target, the hack would be much different.


----------



## moderan (Oct 14, 2018)

ironpony said:


> The villain just does it to threaten society and get attention.
> 
> However, since he is a computer expert and manages to create a website of his that the police are not being able to trace, it also means he would be smart enough to click on any click bait or open emails without confirmation that from the sender that it is not infected.
> 
> But in my research, every way to hack into someone's computer remotely, requires the person to open an email it seems.



Seriously? Then you're not researching very well, or very deeply. If I knew your IP address, I could hack your system from here. It doesn't require opening a frigging email. That's just one of the ways viruses and other malware are distributed.
How do you create a website that police aren't able to trace? What exactly does that mean?
Clickbait is a term about attention-getting news headlines. It has nothing at all to do with hacking. How you prattle.


----------



## ironpony (Oct 15, 2018)

Oh okay thanks.  Well in some fictional stories, I remember the villains had websites the police couldn't trace.  In the movie Untraceable (2008), the FBI couldn't trace the villains website, and I think this also happened in season 3 of 24 if I recall correct.

So I was just going by that idea.


----------



## moderan (Oct 15, 2018)

It's impossible for you to write what you know, isn't it?


----------



## ironpony (Oct 15, 2018)

Well I don't feel I know anything interesting that would make for a good story, so I look elsewhere.  If I get an idea I think is good, I feel I should go with that, even if it involves research, if that's good?


----------



## ironpony (Oct 23, 2018)

Well I've done research and it seems the easiest way to hack someone's computer without the person knowing is to get their IP address.  However, how would a person get someone's IP address?  I mean it's not like they are publically listed or anything, so how would one find out someone's IP?


----------



## bdcharles (Oct 23, 2018)

ironpony said:


> Well I've done research and it seems the easiest way to hack someone's computer without the person knowing is to get their IP address.  However, how would a person get someone's IP address?  I mean it's not like they are publically listed or anything, so how would one find out someone's IP?



Getting someone's public IP is, I believe, fairly straightforward; you could set up a website and  see who logs on, or sit near their wi-fi with a packet sniffer, but you're not seeing anything you can easily use, as their private IP will be protected by a firewall. I guess if you can get through the firewall or past the local router security you're golden. No idea how though. Something about buffer overflows is all I know. For your story, why not use the click-on-the-link? I mean, if you can come up with a compelling enough reason that someone who knows better to click on it, that would be a good plot point. My limited understanding is that people use social engineering - trickery, manipulation etc - to get people to do just that. Do I speak from bitter experience? No, no! I _almost _do.


----------



## ironpony (Oct 23, 2018)

Okay thanks.  It's just my villains doesn't want anyone getting into his computer, so he would be very cautious not to click on any links.  I mean the main character could send one of the villains an email looking like it came from their lawyer, but then they will probably find out.  Or if they are so cautious, would they confirm with the lawyer first and not click until confirmation that is.  Or if they do click beforehand, they will still want confirmation from the lawyer after I am guessing, and the main character would assume they would find out they are hacked therefore.


----------



## bdcharles (Oct 23, 2018)

ironpony said:


> Okay thanks.  It's just my villains doesn't want anyone getting into his computer, so he would be very cautious not to click on any links.  I mean the main character could send one of the villains an email looking like it came from their lawyer, but then they will probably find out.  Or if they are so cautious, would they confirm with the lawyer first and not click until confirmation that is.  Or if they do click beforehand, they will still want confirmation from the lawyer after I am guessing, and the main character would assume they would find out they are hacked therefore.



Have the lawyer be compromised.


----------



## ironpony (Oct 23, 2018)

Okay thanks, but what do you mean by compromised?


----------



## bdcharles (Oct 24, 2018)

ironpony said:


> Okay thanks, but what do you mean by compromised?



I mean have someone maybe bribe or threaten the lawyer or other confidante of this master hacker, so that they can get the antagonist's info as the trust bond between the 2 is no longer secure (aka compromised).


----------



## ironpony (Oct 24, 2018)

So you are saying get the lawyer to turn on his client basically?


----------



## bdcharles (Oct 24, 2018)

ironpony said:


> So you are saying get the lawyer to turn on his client basically?



yep


----------



## ironpony (Oct 24, 2018)

Okay thanks.  But the main character threatens the lawyer later on in the story as well.  Would the lawyer still choose to sleep in the same house, if the main character had already threatened him once?  Because of he does choose to stay there, the main character will just come threaten him again, which is what happens later.

But I don't know if I see the main character breaking into someone's house with a gun and a mask, and threatening the lawyer, if that is what it would take to get the lawyer to give up the information.  It just seems kind of extreme, instead of just hacking into the lawyer's computer without him knowing.  The main character would be pushed that extreme later on, just don't know if he would do it this early.


----------



## ArthurC (Jan 16, 2019)

Unknown applications or files deleted automatically might indicate that you are hacked.


----------



## ironpony (Jan 18, 2019)

Okay thanks, but the person hacking has no reason to install applications on the computer or delete files though.


----------



## Myk3y (Jan 25, 2019)

ironpony said:


> For my story, basically a character's computer is hacked into and I want him to discover that his computer has been hacked. But the question I have is, how would he discover something like this?
> 
> I was told before that if on your computer, on a PC, you can tell if it says winlogon.exe twice, in the task manager, when it should just say it once.
> 
> However, would someone who knows how to hack into someone's computer know how to delete one of the winlogons, to avoid being discovered?  If the hacker can just delete one of them, then he would.  So is there anything that a hacker cannot cover up that the victim of the hacking could discover?



Is your protagonist computer-savvy?

I am, and I rely on tools to tell me I have a security problem.

And when I say 'I am', I am a compile-the-core, root-and-boot, bits-and-bytes, hex-and-binary-math computer savvy, since the early 1970s.

Of course I never get hacked, because my security-Fu is so damned awesome  But I have seen the results on others computers.

If he's not a software guru, someone that is would have pointed it out to him, or an app set up for that purpose would have alerted him.

If he is, you risk alienating your audience if you delve into it in too much detail.


----------



## Myk3y (Jan 25, 2019)

ironpony said:


> Okay thanks, that helps a lot.
> 
> In my story, their is a serial killer type villain who is committing murders on video and is uploading them to a website which he made to be virtually untraceable, kind of like in the movie Untraceable (2008).  The one cop is blackmailing a hacker to beat the killer at his own game.  So the hacker isn't good enough skill wise to trace the website.  However, would the hacker be able to hack into the website and upload the cop's own video in order to get the killer to react and flush him out in a sting operation of sorts?
> 
> Or is it not possible to hack into a website that the hacker cannot trace to the source of where it's coming from?



If you're not an expert, don't try to be. Just set your plot, assume that what you want to do can be done (it can - I've seen some mind-bending technologies used by governments and their opponents) and don't go into too much detail.

If you do get embedded in detail, some hacktivist in his mother's basement will get upset and you will end up with unwanted pizza to pay for and a a subscription to European Man-Boy Love Monthly.

Simple answer, with physical access or a close approximation, any computer can be accessed. Even the ones at the NSA, FBI, CIA, etc. are vulnerable to physical intrusion.

Less easy is remote hacking, if the computer in question is designed to be difficult to access. If it's a 'retail' computer web-enabled space on the internet, piece of piss.

By far the majority of 'hacking' is actually human behavioural modification - getting you to sign on to my spoof website with your credentials, that I then pass you on to the correct website, log you in, unknown to you. Then I have your login credentials. People being people, they use the same password for many systems. Once I have one, I have a huge head start in getting into all your systems and from there I can plant things, or send things on your behalf. (my use of 16-digit random number/character passwords is not paranoia. I've been the person hacking in - it's all too easy.).

As far as network spoofing is concerned, I can send an email that has info@microsoft.com (or amex.com, or paypal.com, or gmail.com) in its header, that has all the relevant mail server addresses along the chain to make it look legit to the casual glance (or even the more insistent researcher), that originated in the US at Redmond (or Langley, Pentagon, GCHQ, etc.) and you will open it because it's addressed to you from a legit source.

If you think of it, it can probably be done, and probably has been done.

Don't get hung up on the technicalities - that's what your specialist beta-readers are for, your subject-matter experts that will point out the flaws - just write your story, not an engineering brief.

"He finished uploading the video, cleaned up any trace of his access and logged out' - there, done.

Hacker vs hacker is no different than bomb-maker vs bomb disposal dude. If you can hack it, a better hacker can hack you hacking it.

Just write the story.


----------



## ironpony (Mar 12, 2019)

Okay thanks.  Well before writing it, I just want to know if it can be done at all, so I know I can write it.  When you send an email to a person then, just opening that mail can get the hacker into a computer then?


----------



## moderan (Mar 12, 2019)

It really _is_ impossible for you to write what you know. Worst Google-fu EVER.


----------



## ironpony (Mar 12, 2019)

Well according to google, in order to hack into someone's computer be email, you have to send an attachment with the email.  But the villain in my script, being computer knowledgeable, is not going to be dumb enough to open an attachment, unless maybe from someone he knows.  But then he will get confirmation from that person and then know he's been hacked.


----------



## moderan (Mar 12, 2019)

_Really bad Google-fu_. And if you're going to write somebody computer-literate, you have to have that capability yourself. Clearly this is not the case. If you supply an email address, I'll be happy to send proof that you don't need to send an attachment.


----------



## Pallandozi (Sep 6, 2020)

ironpony said:


> Okay thanks.  It's just my villains doesn't want anyone getting into his computer, so he would be very cautious not to click on any links.  I mean the main character could send one of the villains an email looking like it came from their lawyer, but then they will probably find out.  Or if they are so cautious, would they confirm with the lawyer first and not click until confirmation that is.  Or if they do click beforehand, they will still want confirmation from the lawyer after I am guessing, and the main character would assume they would find out they are hacked therefore.



Have a read of:

https://en.wikipedia.org/wiki/Man-in-the-middle_attack


----------



## Pallandozi (Sep 6, 2020)

ironpony said:


> For my story, basically a character's computer is hacked into and I want him to discover that his computer has been hacked. But the question I have is, how would he discover something like this?



All sorts of ways, depending on the cracker and the trouble taken not to leave traces.

He might discover his unique password appearing on a list of known unsafe passwords to use.
He might discover a backdoor the cracker left behind.
He might notice the last modified date on a file had changed.
If he's really paranoid, he might have set up a firewall that logs all traffic passing through it (or maybe just inbound connections)


----------

