As an IT Pro, I routinely monitor employees computers and emails. It’s essential in a work environment for administrative purposes as well as for security. Monitoring email, for example, allows you to block attachments that could contain a virus or spyware. The only time I have to connect to a users computer and do work directly on their computer is to fix a problem.

• How To Know If Someone Is Hacking Your Computer Mac Without
• How To Know If Someone Is Hacking Your Computer Mac Free
• How To Know If Someone Is Hacking Your Computer Mac Pro

Feb 28, 2017  While it is possible that you may never in your life be hacked, it is important to know how to protect yourself from this possibility. In this article, we look at the five most common signs someone is trying to hack your computer. The Mouse and Keyboard Behaving Strangely; Hacking a computer happens when someone gets control of it remotely.

May 04, 2018  On a Mac, press and hold down the Shift key while restarting your computer. Keep holding the key through the Apple logo and release when you see the login screen. We don't like to think about it, but it can happen: whether by hacking or by theft, someone can get access to your computer and everything on it. When the unthinkable happens, here's how. It is not easy to tell if your computer has been hacked but it is extremely unlikely for any Mac to get hacked because they have the best security of all personal computers in the world. The only likely way to hack your Mac would be if you allowed.

However, if you feel that you are being monitored when you shouldn’t be, there are a few little tricks you can use to determine if you’re right. First off, to monitor someones computer means that they can watch everything that you are doing on your computer in real time. Blocking porn sites, removing attachments or blocking spam before it gets to your inbox, etc is not really monitoring, but more like filtering.

The one BIG problem I want to emphasize before moving on is that if you are in a corporate environment and think you’re being monitored, you should assume they can see EVERYTHING you do on the computer. Also, assume that you won’t be able to actually find the software that is recording everything. In corporate environments, the computers are so customized and reconfigured that it’s nearly impossible to detect anything unless you’re a hacker. This article is more geared towards home users who thinks a friend or family member is trying to monitor them.

Computer Monitoring

So now, if you still think someone is spying on you, here’s what you can do! The easiest and simplest way someone can log into your computer is by using remote desktop. The good thing is that Windows does not support multiple concurrent connections while someone is logged into the console (there is a hack for this, but I would not worry about). What this means is that if you’re logged into your XP, 7 or Windows 8 computer and someone were to connect to it using the BUILT-IN REMOTE DESKTOP feature of Windows, your screen would become locked and it would tell tell you who is connected.

So why is that useful? It’s useful because it means that in order for someone to connect to YOUR session without you noticing or your screen being taken over, they have use third-party software. However, in 2014, no one is going to be that obvious and it’s a lot harder to detect third-party software stealth software.

If we’re looking for third-party software, which is usually referred to as remote control software or virtual network computing (VNC) software, we have to start from scratch. Usually, when someone installs this type of software on your computer, they have to do it while you’re not there and they have to restart your computer. So the first thing that could clue you off is if your computer has been restarted and you don’t remember doing it.

Secondly, you should check in your Start Menu – All Programs and to see whether or not something like VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, etc is installed. A lot of times people are sloppy and figure that a normal user won’t know what a piece of software is and will simply ignore it. If any of those programs are installed, then someone can connect to your computer without you knowing it as long as the program is running in the background as a Windows service.

That brings us to the third point. Usually, if one of the above listed programs are installed, there will be an icon for it in the task bar because it needs to be constantly running to work.

Check all of your icons (even the hidden ones) and see what is running. If you find something you’ve not heard of, do a quick Google search to see what pops up. It’s pretty easy for monitoring software to hide the taskbar icon, so if you don’t see anything unusual there, it doesn’t mean you don’t have monitoring software installed.

So if nothing is showing up in the obvious places, let’s move on to the more complicated stuff.

Check Firewall Ports

Again, because these are third-party apps, they have to connect to Windows on different communication ports. Ports are simply a virtual data connection by which computers share information directly. As you may already know, Windows comes with a built-in firewall that blocks many of the incoming ports for security reasons. If you’re not running an FTP site, why should your port 23 be open, right?

So in order for these third-party apps to connect to your computer, they must come through a port, which has to be open on your computer. You can check all the open ports by going to Start, Control Panel, and Windows Firewall. Then click on Allow a program of feature through Windows Firewall on the left hand side.

Here you’ll see see a list of programs with check boxes next to them. The ones that are checked are “open” and the unchecked or unlisted ones are “closed”. Go through the list and see if there is a program you’re not familiar with or that matches VNC, remote control, etc. If so, you can block the program by un-checking the box for it!

Check Outbound Connections

Unfortunately, it’s a bit more complicated than this. In some instances, there may be an incoming connection, but in many cases, the software installed on your computer will only have an outbound connection to a server. In Windows, all outbounds connections are allowed, which means nothing is blocked. If all the spying software does is record data and send it to a server, then it only uses an outbound connection and therefore won’t show up in that firewall list.

In order to catch a program like that, we have to see outbound connections from our computer to servers. There are a whole host of ways we can do this and I’m going to talk about one or two here. Like I said earlier, it gets a bit complicated now because we’re dealing with really stealthy software and you’re not going to find it easily.

TCPView

Firstly, download a program called TCPView from Microsoft. It’s a very small file and you don’t even have to install it, just unzip it and double-click on Tcpview. The main window will look like this and probably make no sense.

Basically, it’s showing you all the connections from your computer to other computers. On the left side is the process name, which will be the programs running, i.e. Chrome, Dropbox, etc. The only other columns we need to look at are Remote Address and State. Go ahead and sort by State column and look at all of them processes listed under ESTABLISHED. Established means there is currently an open connection. Note that the spying software may not always be connected to the remote server, so it’s a good idea to leave this program open and monitor for any new processes that may show up under the established state.

What you want to do is filter out that list to processes whose name you don’t recognize. Chrome and Dropbox are fine and no cause for alarm, but what’s openvpn.exe and rubyw.exe? Well, in my case, I use a VPN to connect to the Internet so those process are for my VPN service. However, you can just Google those services and quickly figure that out yourself. VPN software is not spying software, so no worries there. When you search for a process, you’ll instantly be able to tell whether or not it’s safe by just looking at the search results.

Another thing you want to check are the far right columns called Sent Packets, Sent Bytes, etc. Sort by Sent Bytes and you can instantly see which process is sending the most data from your computer. If someone is monitoring your computer, they have to be sending the data somwhere, so unless the process is hidden extremely well, you should see it here.

Process Explorer

Another program you can use to find all the processes running on your computer is Process Explorer from Microsoft. When you run it, you’ll see a whole lot of information about every single process and even child processes running inside parent processes.

Process Explorer is pretty awesome because it connects up with VirusTotal and can tell you instantly if a process has been detected as malware or not. To do that, click on Options, VirusTotal.com and then click on Check VirusTotal.com. It’ll bring you to their website to read the TOS, just close that out and click Yes on the dialog in the program.

Once you do that, you’ll see a new column that shows the last scan detection rate for a lot of the processes. It won’t be able to get the value for all processes, but it’s better than nothing. For the ones that don’t have a score, go ahead and manually search for those processes in Google. For the ones with scores, you want it to pretty much say 0/XX. If it’s not 0, go ahead and Google the process or click on the numbers to be taken to the VirusTotal website for that process.

I also tend to sort the list by Company Name and any process that doesn’t have a company listed, I Google to check. However, even with these programs you still may not see all the processes.

Rootkits

There are also a class stealth programs called rootkits, which the two programs above won’t even be able to see. In this case, if you found nothing suspicious when checking all the processes above, you’ll need to try even more robust tools. Another good tool from Microsoft is Rootkit Revealer, however it’s very old.

Other good anti-rootkit tools are Malwarebytes Anti-Rootkit Beta, which I would highly recommend since their anti-malware tool was ranked #1 in 2014. Another popular one is GMER.

I suggest you install these tools and run them. If they find anything, remove or delete whatever they suggest. In addition, you should instal anti-malware and anti-virus software. A lot of these stealth programs that people use are considered malware/viruses, so they will get removed if you run the appropriate software. If something gets detected, make sure to Google it so you can find out whether it was monitoring software or not.

Email & Web Site Monitoring

To check whether your email is being monitored is also complicated, but we’ll stick with the easy stuff for this article. Whenever you send an email from Outlook or some email client on your computer, it always has to connect to an email server. Now it can either connect directly or it can connect through what is called a proxy server, which takes a request, alters or checks it, and forwards it on to another server.

If you’re going through a proxy server for email or web browsing, than the web sites you access or the emails you write can be saved and viewed later on. You can check for both and here’s how. For IE, go to Tools, then Internet Options. Click on the Connections tab and choose LAN Settings.

If the Proxy Server box is checked and it has a local IP address with a port number, then that means you’re going through a local server first before it reaches the web server. This means that any web site you visit first goes through another server running some kind of software that either blocks the address or simply logs it. The only time you would be somewhat safe is if the site you are visiting is using SSL (HTTPS in the address bar), which means everything sent from your computer to the remote server is encrypted. Even if your company were to capture the data in-between, it would be encrypted. I say somewhat safe because if there is spying software installed on your computer, it can capture keystrokes and therefore capture whatever you type into those secure sites.

For your corporate email, you’re checking for the same thing, a local IP address for the POP and SMTP mail servers. To check in Outlook, go to Tools, Email Accounts, and click Change or Properties, and find the values for POP and SMTP server. Unfortunately, in corporate environments, the email server is probably local and therefore you are most definitely being monitored, even if it’s not through a proxy.

You should always be careful in writing emails or browsing web sites while at the office. Trying to break through the security also might get you in trouble if they find out you bypassed their systems! IT people don’t like that, I can tell you from experience! However, it you want to secure your web browsing and email activity, your best bet is to use VPN like Private Internet Access.

This requires installing software on the computer, which you may not be able to do in the first place. However if you can, you can be pretty sure no one is able to view what you’re doing in your browser as long as their is no local spying software installed! There is nothing that can hide your activities from locally installed spying software because it can record keystrokes, etc, so try your best to follow my instructions above and disable the monitoring program. If you have any questions or concerns, feel free to comment. Enjoy!

Every day we see news about computers being hacked and how the cybercriminals make money off people clueless about the protection of their assets.

For someone not very technical, it may sound as if hackers are so powerful, and the only way to hide is to shut down all devices and go off the grid completely.

However, the truth is that there are several simple things one can do to make sure that we are reasonably safe when browsing the internet without affecting our ability to access the information we need.

Whether or not someone can hack into the computer or phone through WiFi depends on a person’s proximity to the WiFi router. If a cybercriminal in the range of access to the WiFi router, they can connect to the local network and perform various attacks, such as Man In The Middle attack.

If the hacker is outside of the WiFi range, then the way they attack will be different.

Let’s consider various scenarios of how the computer can be hacked and ways to protect your devices.

Hacking Computer Through Local WiFi

As you probably guessed, it is much easier to hack the computer, which is in close proximity to the hacker’s device.

For instance, your neighbor can connect to your WiFi and use your internet for free. Or you may connect to the free WiFi in the cafe or hotel, but someone already hacked the network, and now everyone, including you, is a potential target.

Or maybe you are using the office WiFi, and it was also hacked.

And it doesn’t have to be a computer, such as a Mac or PC. Your smartphone, iPhone, or Android, which uses the WiFi can be hacked as well.

Let’s see what hackers can do if they are physically connected to the WiFi you are using.

Man in the middle attack

If you have the internet at home from a cable, DSL, or fiber-optic provider, you have a router. Your computer does not directly connect to the internet; it sends and receives data by directing it through the router.

In layman terms, the process is the following:

1. Your computer or phone finds a WiFi router.
2. After submitting the correct password, the router sends back its MAC address. MAC address is an identifier of computer components, and in theory, it should be unique across billions of devices on the planet. The network card on your computer also has a unique MAC address.
3. After you get the MAC address of the router, all internet activity will be going through the router. In the pic below, there is a MAC address next to each device on the local network, and the router’s address is 11:22:33:44:55:66.

When a hacker connects to the local WiFi router, it also finds the MAC address of the router. The hacker changes his computer’s MAC address to be the same as routers one (11:22:33:44:55:66 in the pic below).

Now, all devices on the local network connect to the hacker’s machine, and then the data flows to and from the router. So the hacker becomes a man in the middle (MITM).

Once this happened, the hacker can read all outgoing requests and incoming data using various tools that collect such data.

This means every time you enter a username and password on some web site or enter your credit card number, and it gets saved on the hacker’s machine. Also, every URL you are visiting also gets saved.

There are some limitations, obviously. For instance, if the website uses the HTTPS protocol (S at the end stands for Secure), all traffic is encrypted between your computer and cybercriminals will not be able to crack it (in most cases).

However, if the web site uses HTTP, all data, including the password, is in cleartext.

So, if you want to avoid your data being stolen, always check that web site is using a secure protocol (HTTPS). In the browsers, the secure protocol is usually displayed with a padlock icon next to the URL.

How To Know If Someone Is Hacking Your Computer Mac Without

Never enter passwords or financial information on web sites with HTTP!

How the router can be hacked

When it comes to your home WiFi, there are three ways for someone outside to connect to the router:

1. The router is not password protected
2. You tell the password. For instance, you told the guest the password, or she looked it up on the router (if you didn’t change the default one)
3. If the router is using an old authentication protocol

I am going to skip the first two and instead of focus on the last one. The authentication protocol used in with WiFi router is very important.

If your router is old, it is possible that it’s still using WEP protocol, then you should know that anyone who knows a little bit about hacking can hack the router literally in less than a minute.

So, if you have it enabled on your router, then go ahead and disable as I did.

What you should have is WPA2 with AES encryption. In the pic below, the authentication strength (protection from hacking) increases from top to bottom (WPA is less secure, and WPA2-PSK with AES is the most secure).

Some hackers employ a dictionary attack to crack WPA protocol, but it takes supercomputers to hack it. So as long as you are not a celebrity or a billionaire, nobody will spend so many resources to break into your network.

Usually, you can connect to the home router settings by going to the local IP address, such as http://192.168.0.1/.

How to tell if someone hacked your router

One of the sure routers hacked signs is the existence of an unknown device connected to the local WiFi network.

As I explained above, in order to perform a man in the middle (MITM) attack, the hacker must connect to the WiFI network first. And if he’s connected, you can see him too.

One way to find out the connected devices is through the router settings. Some routers allow us to see all connected devices and kick them out if needed.

Another way is to use a network scanner app. For instance, I found a cool app called Fing. The app is available for almost all platforms: iOS, Android, macOS, and Windows.

It is free (with ads) and doesn’t even require creating an account in order to use it.

One cool feature they have is scanning for open ports.

For instance, when I scanned my MacBook Pro, I found that remote desktop and screen sharing features were enabled, and anyone could connect to my Mac remotely.

How to protect from a MITM attack

While it is possible to scan and find unknown devices on the home network, this approach will not work with public WiFi networks, such as the one in Starbucks or the hotel.

You would never know if the public network was compromised. In this case, the only way to protect your privacy is to use a VPN (a virtual private network).

When connected to VPN, your computer or phone creates a secure encrypted channel with the VPN server. After the connection is established, all requests go to the VPN server. The server makes all requests on your behalf and returns the results back to you.

From outside, it looks like the computer is sending some garbage to and back to the same computer. Even if the hacker collecting the information, he won’t be able to tell whether you’re connecting to Google.com or MacMyths.com.

When choosing a VPN software, follow these best practices:

• Do not use a free VPN. They have significant limitations, and you know that good things are never free.
• Test for speed. Some VPS are significantly faster than others.
• Check the provider’s reputation. Since all requests now go through the VPN, technically, the VPN server becomes a man in the middle. So choose only reputable providers.

Personally, I am using NordVPN: it’s the fastest on the market and very inexpensive. It is available for multiple platforms: macOS, Windows, Linux, iOS, and Android.

If you use my NordVPN affiliate link you get a pretty steep discount for three-year plan for up to 6 devices.

Hacking Computer Remotely

We discussed ways to hack the computers and phones through local WiFi, but I know the question that most people ask is whether hackers can connect to the home network when they are on the other end of the world (or more than a hundred yards or meters away).

Fortunately, the answer is no, someone cannot get into your home network, even if they know the password if they are outside of the range (more than 300 feet).

Also, in most cases, hackers cannot get into your computer is off (link).

However, there are other ways to get into your system remotely. Do you remember a story of Bezos’s personal data being leaked?

In his case, he received a message on WhatsApp with malware attachment. When the malware was installed on his phone, it started sending the personal data to the server abroad.

Similarly, we are all at the risk of having malware installed on our computers and smartphones. Some malware open access to the device, so the hackers can access it remotely.

Or, the malware could be a keylogger, and in this case, even having HTTPS or a VPN will not help. A keylogger will record the keys pressed on the keyboard, and if it happens to be a credit card number, then the hacker will have it.

So, how to protect the devices from malware? You need to install an antivirus program.

There is a common myth that Macs cannot have viruses, but this is not true. I was able to inject my Mac with more than 100 malware samples when testing various antimalware solution.

You can check the results of my test and recommended antiviruses in my post: Best Malware Detection App for Mac.

Every time my friends and family ask me for a recommended antivirus, I go with Norton 360. It comes with the biggest bang for the buck and provides antimalware and other security features on all platforms. And it also has its own VPN!

Conclusion

We reviewed multiple ways how someone can hack into your phone or computer through WiFi. I also listed ways to prevent this from happening, which I wanted to reiterate.

If you worry about online security, consider investing in the following tools:

• VPN software
• Antivirus program

Be very cautious when connecting to public WiFi. I’d say if you don’t have VPN installed on a laptop or smartphone don’t use public WiFi, or at least avoid making purchases with a credit card or entering passwords.

If you are interested in the topic of security, there is a great course available on Udemy about ethical hacking. The instructor teaches how to hack computers ethically and most importantly what can you do to prevent from being targeted:

Also, check my other post:

How To Know If Someone Is Hacking Your Computer Mac Free

Photo credit: ©canva.com/cyano66

How To Know If Someone Is Hacking Your Computer Mac Pro

Last Updated on