
Ask HN: My home was burglarized today but my computer is still here - giberson
I was burglarized today--they broke in while I was at work. They took lots of stuff from my living room and garage. They ransacked all of my house going through drawers and cabinets. It sucks, but it could have been worse.&lt;p&gt;Here is the weird thing, my office room while having been thoroughly searched still contains all of the electronics. The computer (a really good gaming machine), dual monitors (large), keyboard, mouse are all still here.&lt;p&gt;Also, my computer was on and I don&#x27;t have a lock screen on it (I live alone and don&#x27;t do any work from home on it--though I regret now that it didn&#x27;t have the lock-screen activated).&lt;p&gt;So I&#x27;m feeling super paranoid. I&#x27;m in the process of updating all my site passwords (mostly managed by lastpass). But I&#x27;m concerned some kind of keysniffer or other invasive software could have been installed.&lt;p&gt;It seems unlikely--but this room remains too intact for it not to be suspicious.&lt;p&gt;I&#x27;m on win7, SP1. What are some good (trustworthy) tools I can scan my computer with.&lt;p&gt;Does anyone know of any concerns or precautions I should take, short of reformatting (which now that I think about it sounds really good).&lt;p&gt;Thanks in advance.
======
DanBC
Have you done a risk analysis?

Some things for you to ask yourself: Do you work for a government agency? Is
it possible for secret documents to be on your machine? Do you work for a high
profile company? Is it possible for trade secrets to be on the machine?

What's the worst that could happen if the data is compromised? Will you die?
Will you go to jail? Will your company lose millions of dollars?

> What are some good (trustworthy) tools I can scan my computer with.

There are none. Once you think your machine has been compromised the only safe
course of action is to wipe and re-install, and then very carefully restore
data from back-up.

Check for hardware tampering too - hardware keyboard grabbers are cheap and
easy to fit.

Don't forget that burglars have different styles - they don't just rob
everything. Some burglars will just steal jewellery and leave everything else;
others will grab everything technical and leave everything else. And the
burglars might have been disturbed in the process of robbing the house.

~~~
zeeed
In addition to checking added parts, do check your USB peripherals carefully
(keyboard, mouse, game controller) if they have been exchanged/tampered with.

------
meowface
Copy all data to an external hard drive. Wipe current drive, reinstall OS,
selectively copy back the files you need.

Any time you're infected with malware or strongly suspect you are, this is
what you should do. It doesn't take that much time, plus you'll probably
notice a big speed boost after you install the OS from a clean slate.

It'll take you way less time and effort than being paranoid and downloading
all kinds of virus scanners and rootkit finders, while also being way more
effective.

A hardware keylogger or spy device is extremely unlikely. If you don't see
anything between the keyboard and the computer that shouldn't be there, odds
are you're fine.

------
Spoom
I would guess that desktop computers are just much harder to fence than, say,
TVs, and that you're just a bit paranoid (I don't blame you, considering the
situation). A smart thief would also be wary of LoJack-type software on the
computer.

------
joeclark77
Desktop computer? They probably decided it was either too big to carry away
without being caught, or that it wasn't something easy for them to sell. I
would guess that cameras, cell phones, and tablets are easier to sell. They're
all one piece, don't look very different "used" or "new", and you could
probably re-package them with some bubble wrap and an envelope. A desktop
computer with lots of parts, some of them obviously used, is going to be a lot
more obvious and harder for the thief to deal with.

------
kazinator
Can you give some examples of what was taken from the garage and house? This
would help paint a picture of what the robbers were interested in.

That activity could always be a decoy, of course, to throw you off the scent;
or it could simply be that the thieves really were interested in those items
that they took and not your computers and electronics.

There are good reasons not to take large electronics: they are not that easy
to turn into cash, and they are bulky items: poor dollar to volume/weight
ratio. It's much better to steal actual cash. Or traditional valuables like
gold.

What's better: a computer monitor you can hawk for 50 bucks at most? Or 4
grams of gold from an 18K ring, worth some 100 bucks? Or an actual $100 bill?
This is why thieves went through drawers and cabinets: they want small things
that are dense with value, and cash.

As far as electronics goes, small stuff like smartphones and tables packs more
value.

I wouldn't get all paranoid. One thing to do, though, is to monitor your
network traffic, especially outbound, to look for any suspicious activity.

------
logn
If being bugged presents risk to your life or career (i.e., you're no average
Joe) then you should just buy a new machine. If they bugged your hardware,
bios, or other equipment, you might never know and it might not be removed
after reformatting.

Also it could be that with a super custom and nice gaming machine, thieves
didn't want it as it's too easy for you to recognize on the black market. And
additionally, they might have worried you had a GPS or software which will
phone home after it's been stolen.

And take a peak at the system logs too and your wi-fi logs.

Btw, a system lock won't keep any determined criminals out of your machine if
they have physical access to it. Although, an encrypted drive and system locks
would help, but maybe not in the case of a hardware bug.

------
wiseleo
Remove hard drive and store it as evidence. Obtain new HDD. Install your OS of
choice. Restore data from off-site backups.

Moderate risk - mount the both the old HDD and the new HDD (with Windows
already installed) under Linux. Copy the data in Linux environment from old
drive to new drive. You can use [http://puppylinux.org](http://puppylinux.org)
to access Windows drives from Linux. It has a nice graphical file manager for
that, so you will find it easy to do. Once done, remove the drive and store as
evidence.

------
serf
A potentially compromised computer can never be secured for future use.

If something like that happened I would likely sell all the equipment and buy
fresh. Really. It's pretty suspicious, and examples of malicious code which
can stay persistent in practically nearly any peripheral with accessible
memory have been shown.

Burglarizations suck. Hope you recover from it well.

------
mobiuscog
How do we know you're not the burglarizer posting under the unlocked account ?

~~~
lifeisstillgood
That's how pentesters think - nice one

