Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can trojans gather data without internet connection?


  • Please log in to reply
8 replies to this topic

#1 ITicSoWhat

ITicSoWhat

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 September 2015 - 08:06 AM

I have a series of questions here, I will make it as comprehensible as possible, thanks in advance.

 

I have bought a second-hand laptop. I live in a place that has lots of different users connected to the same network.

I want to write stuff down, and I don't want anyone to be able to read them (like trojans, spyware etc.).

 

I do NOT need internet connection.

 

Question #1.

If I disable the network on my laptop, is that enough to be fully sure that no one is able to gather information from my laptop?

 

Question #2

Can the laptop somehow automatically go nuts and connect to the internet in the future by itself? (Like cause I havent' activated my windows or w/e).

 

Question #3

If I write something down today, but connect to the internet next week. Will a super spyware or trojan or whatever, be able to gather data of things I wrote today?

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 ranchhand_

ranchhand_

  • Members
  • 1,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:48 PM

Posted 24 September 2015 - 08:38 AM

Hello ITic.....welcome to BC website.

Question #1:  No.  It is enough to be fully sure that no one can gather information through the internet via a virus/backdoor trojan; but if someone steals your laptop they can get at your information. The best defense against that for someone unacquainted with IT security, is to set a BIOS password (not to be confused with a simple Windows password which can be easily cracked). However...if you ever forget that password you are royally nuked, because I am not aware of any way for an average or even expert user to crack a BIOS password.

 

Question #2: Possibly. First, the computer is not going to "go nuts".  Computers are very stupid people, they do not make random decisions by themselves. They can only operate through programs. If you have internet access enabled and active, a trojan or rootkit that you already have installed without your knowledge can activate and send data back to the hacker via an unused port without your knowledge. Keyloggers are an example of this. But if you have disabled (not just disconnected) your internet access and removed the network password needed to access the network, it is impossible.

 

Question #3: Yes, if you save that data on your hard drive.


Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.


#3 ITicSoWhat

ITicSoWhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 September 2015 - 09:23 AM

Hello ITic.....welcome to BC website.

Question #1:  No.  It is enough to be fully sure that no one can gather information through the internet via a virus/backdoor trojan; but if someone steals your laptop they can get at your information. The best defense against that for someone unacquainted with IT security, is to set a BIOS password (not to be confused with a simple Windows password which can be easily cracked). However...if you ever forget that password you are royally nuked, because I am not aware of any way for an average or even expert user to crack a BIOS password.

 

Question #2: Possibly. First, the computer is not going to "go nuts".  Computers are very stupid people, they do not make random decisions by themselves. They can only operate through programs. If you have internet access enabled and active, a trojan or rootkit that you already have installed without your knowledge can activate and send data back to the hacker via an unused port without your knowledge. Keyloggers are an example of this. But if you have disabled (not just disconnected) your internet access and removed the network password needed to access the network, it is impossible.

 

Question #3: Yes, if you save that data on your hard drive.

 

Thanks very much.. The BIOS password is indeed something I was looking for. And I will install it now.

 

And I have disabled the network adapters.

 

Question #4

If I use a USB-stick to transfer files from a PC(with internet access) to my laptop(no internet access), then put some wordpad text files from my laptop on the USB stick, then insert this usb stick back into the PC (with a trojan). Will the PC only have access to the wordpad text files I put on the USB stick, or will it automatically have access to all the other wordpad files on my laptop (which I did not put on the USB)?



#4 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:07:18 AM

Posted 24 September 2015 - 09:29 AM

Hi,

So, you say you live in a place with shared network.... Hence I suggest you to use VPN to connect to network whenever needed.

 

 

Question #1.

If I disable the network on my laptop, is that enough to be fully sure that no one is able to gather information from my laptop?

Temporarily disabling your network adapters (disabling wifi, disconnecting ethernet cable, etc) wont help you in case of infections. Trojans can gather the info and wait in background till you are connected to internet, to call their home. So, the first defense in place must be safe browsing and a good set of security software and tools.

Now suppose you are disconnected from network for the entire life of PC, but if you connect an infected USB any external device, it can infect your PC and if enough sophosticated, the can use these devices to upload the data to their servers via another PC.. Not to mention, your softwares will not be uptodate nor patched.

 

 

Question #4

If I use a USB-stick to transfer files from a PC(with internet access) to my laptop(no internet access), then put some wordpad text files from my laptop on the USB stick, then insert this usb stick back into the PC (with a trojan). Will the PC only have access to the wordpad text files I put on the USB stick, or will it automatically have access to all the other wordpad files on my laptop (which I did not put on the USB)?

See above as well as:

No, the PC will have access only to your files on USB stick. But, the trojan may have infected your 'Air gapped' PC by this data tranfer. So it all can depend on the infection also.

 

 

Question #2

Can the laptop somehow automatically go nuts and connect to the internet in the future by itself? (Like cause I havent' activated my windows or w/e).

No, Not heard of any infection doing such a weird activity. Malicious software needs to be too sophosticated to do so... Currently very rare in PoC (Proof of Concept) also. But in field of malware and threats, nothing is future proof!

 

 

Question #3

If I write something down today, but connect to the internet next week. Will a super spyware or trojan or whatever, be able to gather data of things I wrote today?

If you got infected somehow, then yes. Well, malwares like keyloggers may be. If the attacker can grab a screen shot in the 'next week' unfortunately while you opened what you wrote today, at that time of infection.

May be, if the malware can search through the readable files (like text, documents, pdfs etc and you used one of such file, then it can transmit the data gathered to server. But this can be an extremely rare possiblity.)

 

So, you must first prevent incidents so you dont need to worry about it later.

Bottom line: You have to secure your docs and data as much as possible and protect your machine from threats.


Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 24 September 2015 - 10:33 AM

Question 1: I would also disable Bluetooth if your laptop has it.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 24 September 2015 - 10:36 AM

 

Question #1:  No.  It is enough to be fully sure that no one can gather information through the internet via a virus/backdoor trojan; but if someone steals your laptop they can get at your information. The best defense against that for someone unacquainted with IT security, is to set a BIOS password (not to be confused with a simple Windows password which can be easily cracked). However...if you ever forget that password you are royally nuked, because I am not aware of any way for an average or even expert user to crack a BIOS password.

 

 

There are computers with a BIOS that also accepts a default password.

Furthermore, by removing the disk and connecting it to another computer, you can read its content.

 

If you really want to protect your data on your disk from people that (could) have access to your machine, use full disk encryption. Then when the machine is turned off, the password is needed to unlock the disk and boot from it.


Edited by Didier Stevens, 24 September 2015 - 10:37 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 ranchhand_

ranchhand_

  • Members
  • 1,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:48 PM

Posted 24 September 2015 - 04:44 PM

@ didier: in my post:

 

but if someone steals your laptop they can get at your information.

The OP did not go into those circumstances therefore I did not either. Obviously, any time a laptop or desktop falls into the hands of a thief anything could happen. If that thief happens to be a CIA or NSA agent and really wants that data they are going to get it, even a BIOS password is not going to stop them. I don't think that is what we are talking about here. Likewise, does the average thief know how to remove a hard drive out of a laptop and slave it to another computer?  Extremely doubtful. They aren't interested in data, just fast drug money.

 

@ ITic:

Will the PC only have access to the wordpad text files I put on the USB stick

Yes.

 

 

will it automatically have access to all the other wordpad files on my laptop (which I did not put on the USB)?

 No, of course not.

However...because the USB stick was used in an infected PC Desktop and data was saved to it, a really powerfully coded virus could infect the USB stick and then "jump" from the USB stick and infect your laptop.

 

As long as that laptop is disabled from the internet it is a tiny, lonely island in the middle of a huge internet ocean.

Just remember....the only time that laptop is in danger is when there is any kind of contact from the outside world, be it the internet, or through a USB stick that is inserted. Other than those two circumstances it is cut off from the rest of the world, which is what you want. We can go into dozens of extreme circumstances from now 'til the cows come home, but that is the fact.

Back in the days before the internet existed we ran computers without the invisible internet connection. My first computer was a PC-XT (the senior members of this forum remember this computer). Viruses were almost non-existent, and the only way to get one on your computer was to use a 3.5" plastic disk called a floppy, which was inserted in a slot reader in the computer. 1.44 glorious megs (not gigs) of storage. Awsome. So that is how data was shared from one computer to another. And that was the only way a virus could be contracted, through an infected floppy disk. What you want to do is return to those days of yesteryear and disconnect your computer from the outside world, and you are safe.


Edited by ranchhand_, 24 September 2015 - 05:00 PM.

Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 24 September 2015 - 04:49 PM

<deleted>

Edited by Didier Stevens, 25 September 2015 - 01:36 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 ITicSoWhat

ITicSoWhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 31 October 2015 - 01:25 PM

For some strange reason my laptop died on me. So now I have another question.

 

If I write my book directly to my USB stick (on a laptop that is connected to the internet), will trojans be able to gather data from it? How about if I disconnect from the internet while I am writing it and then disconnect the USB stick before connecting back to the internet? And continue doing this?


Edited by ITicSoWhat, 01 November 2015 - 05:18 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users