Ask Leo! by Leo A. Notenboom

I let a stranger send email from my computer, what could that have done?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » EMail » Email Privacy

Summary: It's tempting and even noble to want to help, but letting a stranger access your computer without strict supervision is asking for trouble.

I was working on my computer at Atlanta air port. A young girl approached me and asked if she can send email to her home in Bulgaria as she doesn't have telephone card. I stupidly allowed her. She sent email for maybe 3 minutes. Could she have stolen information from my computer? I am afraid to open it.

Opening it isn't going to be a problem. Whatever's happened has happened.

I get the sense that you didn't watch what she was doing on your computer, which of course means she could have done anything.

And yes, that includes all manner of nastiness.

Remember the statement that I make here fairly regularly:

If it's not physically secure, it's not secure.

By letting someone else use your computer - even for a moment - you've given up physical security on that machine.

"By letting someone else use your computer - even for a moment - you've given up physical security on that machine."

Unless you were watching her actions closely, she could have done a lot. By "closely" I mean literally watching every move - almost reading her email over her shoulder. Since that's fairly intrusive, it's likely that you didn't do that, so I'm sure she had the time to do whatever she wanted.

What could she have done? Anything from installing a key logger to downloading spyware to quickly grabbing account names and passwords that your browser's helpfully saved for you. There's probably much more that I can't think of.

The real question is: did she?

And that's where it gets really scary. There's no way to know with absolute certainty.

It's possible that this was exactly what she said: a simple send of an email or two. It could be totally innocent. Or not. You just don't know.

Yes, you could trying checking your browser history for unexpected downloads, or your temporary files or the browser cache or perhaps even your sent mail for things that look suspicious.

If she's innocent (as she might well be), then there'll be nothing there.

The problem is, if she's guilty - and good at this - then there'll be nothing there.

So, what to do?

This is hard to say. At one extreme you'd do nothing, until or unless some kind of problem showed up. At the other extreme you'd treat it like a serious unfound virus infection: backup, reformat and reinstall everything.

I think a more pragmatic solution is somewhere in between.

In your shoes, I would:

  • Create and save an image backup.

  • Perform anti-malware scans with a few different anti-spyware and anti-virus tools (making sure that they, and their databases, are up to date.)

  • Check your sent mail and your browser cache for "anything suspicious". Things like outgoing messages that include your username password, ".exe" files that have been downloaded at the time you were in the airport and the like.

  • Keep a super-close eye on your computer, and your credit card bills, for the weeks to come.

Needless to say, I'd also treat this as a lesson. While it's actually likely that nothing malicious has happened, we simply don't know. It's not worth the risk.

Next time, politely decline.

Related:

Helpful? Get new articles weekly by email in my FREE newsletter!

Your Name:
Your Email:


Why Subscribe?

Article C3762 - June 14, 2009

Recent Comments
18 Comments

In case you would need to let someone else(not necessarily untrusted) onto your computer who might have a contaminated medium they introduce to your computer or access something inadvertently, consider some precautions.
If you want to be really safe, commit to memory all your passwords, avoid saving user settings to the hard drive if possible, anything you must have access to consider putting on a flash drive for quick access. This also means your OS runs smoother -- and keeps you in control of what is running or not and what priority things are given. Of course, there is even the option to run applications(not sure about restrictions) from flash drives.

Couple with this series of suggestions, I add further: have a restricted set of operating your computer either with(1) a clamped down user account in WinXP Pro or a separate install disk for "public" access situations in which you reduce exposure to your file systems by running a trimmed version/operating mode
or (2) a different operating system.
Either options can be utilized via a secondary(or auxiliary) hard drive(separate and distinct physical object as opposed to a partition) or from a different partition on your hard drive.
Back to Leo's caveat: if it is not physically secure, it is not secure. There are ways to damage the hardware within software(OS or otherwise) operations. Keep an eye on your computer(it is your company) and know its every deed and keep it safe from outside persons' control as much as possible.

Posted by: Snail at June 16, 2009 8:38 PM

Just can't say no to young female, huh?. If she is flying, she can afford a few moments at the Internet kiosk. Should have asked if you could take her picture with your cell phone first. See how fast she walks away!

Posted by: Frank deKrank at June 16, 2009 8:38 PM

Come on Ragnar Even the paranoid sometimes have real enemies that follow them.

The whole point of social engineering is precisely to make it look like there is no "heinous intent". A magician's pretty, young, female assistant is there to distract the audience. Replace "magician" with "social engineer/hacker" and her role is still the same. Let's face it, it is no secret that guys get dumb/"gallant" around "pretty girls".

Ragnar, I'm not flaming you, but I'm sorry to say the 'bad guys' DEPEND on your type of attitude to make their attacks work.

The point has already been made that if the "bad guy/girl" has physical access to your computer, they can hack it. In this case they didn't even have to hack a logon password, it was already logged on. So they could have done anything, the simplest way is by browsing a website that performs "drive-by downloads".

Posted by: Rohn at June 16, 2009 9:53 PM

i think some people have really bad trust issues. and Mr. Gary Yannone, shame on you. How nice is it do you think giving out a name of a student which might be %100 innocent.
same goes for Mr. Frank deKrank too. That could happen to anyone including you.

Posted by: Özgür Çallı at June 16, 2009 11:11 PM

Simply stated, it was a stupid thing to do. Format (re-format) your hard drive.....period.

Posted by: Kenneth P. Pukenis at June 17, 2009 3:18 AM

A second thought.....

How can you be sure if she sent an innocent email? what if she used the stranger's machine to send a threat or scare email to someone - say a bomb threat?

These are not the time to trust strangers.... not even pretty ones.

Posted by: Rahul at June 17, 2009 3:44 AM

If I were him,I would ask the lady to show email address and message she wanted to send and do the sending for her.
She is NOT to touch my computer.

Posted by: Sun Wu-kong at June 17, 2009 7:01 AM

I briefly read this thread and a few suggestion-balloons popped in my head:
First off, I must ask a simple question: Did you go to the "SENT" folder of your email client [errrrr.... gamil, hotmai, yahoo, outlook, t-bird, etc.] and see if she was kind enough to leave a simple clue for you? If not, then take a look at the "DELETED" or "TRASH" folders for some possible telltale hints.
1) Any personal and/or sensitive data files should always be password protected [at a minimum] or encrypted [for the paranoid]. Certain file types [*.txt, *.jpg, etc.] are not readily secured as above but can always be archived [*.zip, *.rar, etc.]. Instructions are here http://www.dslreports.com/faq/8730
2) The Bulgarian gal should have been allowed usage via a "guest" account on the machine, rather than your normal log-on >> You do mandate User/PW entry for post-boot OS log-in, right?
3) A password storage application [such as the OpenSource from http://keepass.com There have been many books, tuts, instructions on the subject matter of security but getting into good/secure computing habits always take constant vigilance but can almost become rote!

You were asking about [Hard Disk Drive] Imaging: Think of it as a bit-for-bit snapshot of your current OperatingSystem (OS) configuration and everything else that is contianed within the same HDD/Partition. It is not to be confused with the System Restore functionality within WinXP/WinVista OS [which does not hurt to turn on anyways]. Imaging should also not be confused with archiving files/data. It used to be Norton Ghost, Acronis TrueImage that were the top dogs in PAYware but why spend $$ when you can just download a FREEware imaging utility from http://www.runtime.org/driveimage-xml.htm? ;)

Posted by: Randy at June 17, 2009 6:41 PM

Change all of your passwords immediately!!! It's not that hard to obtain all passwords stored on your computer.
You can also place an alert with the charge card companies that you have used on the computer. If you want to be real careful, replace the cards with new ones.

Posted by: Dave at June 20, 2009 5:56 PM

I have a "guest" account as an XP limited user for exactly this purpose. Afterwards, I would go ahead and nuke that user account and then make a new one.

Absent any privilege escalation vulnerabilities or she uses a screwdriver, I think thats safe.

Posted by: Bill P. Godfrey at June 24, 2009 4:44 AM

Post a comment on "I let a stranger send email from my computer, what could that have done?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

  • Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.

  • Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.

  • Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

  • Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.

  • Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...


Question? Ask Leo!