G
Guest
Recently y laptop was taken away from me for "security" examination at JFK
Airport at the security check for a flight to a destination in the Middle
East (known for its stringent security procedures). Given my employment, the
interest in the contents of laptop by these particular security agents was
not entirely surprising.
The logbooks give strong reason for me to believe that security agents
hacked into my (Windows password protected) laptop. I also suspect that my
laptop was connected to the internet given that the Adobe Acrobat Updater had
started and the last "offline content" webpage was the login webpage to my
internet email account whilst I had not recently visited that page. I had
absolutely nothing to hide but feel nevertheless that, absent any probable
cause, this represents a gross invasion of privacy unjustified by any law
enforcement rationale.
How do I confirm that my laptop was hacked into and that it was connected to
the internet? The logbooks have a series of entries which I find difficult
to understand.
Can anybody explain "translate" this particular logbook entry (copied below)
into regular non-IT English? (I've translated some of this into English from
another European language so some of this may not be standard IT-speak.)
Event Type: Control of succesful events
Origin of event: Security
Category of event: Use of authorizations
Event-ID: 576
Date: [deleted for privacy considerations]
Time: [deleted for privacy considerations]
User: NT AUTHORITY\Netwerkservice
Computer: [deleted for privacy considerations]
Description:
Special authorizations granted to a new logon user:
User name: Netwerkservice
Domein: NT AUTHORITY
Logon-ID: (0x0,0x3E4)
Priviledges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege
Is this evidence that my laptop was hacked into?
Many thanks.
Airport at the security check for a flight to a destination in the Middle
East (known for its stringent security procedures). Given my employment, the
interest in the contents of laptop by these particular security agents was
not entirely surprising.
The logbooks give strong reason for me to believe that security agents
hacked into my (Windows password protected) laptop. I also suspect that my
laptop was connected to the internet given that the Adobe Acrobat Updater had
started and the last "offline content" webpage was the login webpage to my
internet email account whilst I had not recently visited that page. I had
absolutely nothing to hide but feel nevertheless that, absent any probable
cause, this represents a gross invasion of privacy unjustified by any law
enforcement rationale.
How do I confirm that my laptop was hacked into and that it was connected to
the internet? The logbooks have a series of entries which I find difficult
to understand.
Can anybody explain "translate" this particular logbook entry (copied below)
into regular non-IT English? (I've translated some of this into English from
another European language so some of this may not be standard IT-speak.)
Event Type: Control of succesful events
Origin of event: Security
Category of event: Use of authorizations
Event-ID: 576
Date: [deleted for privacy considerations]
Time: [deleted for privacy considerations]
User: NT AUTHORITY\Netwerkservice
Computer: [deleted for privacy considerations]
Description:
Special authorizations granted to a new logon user:
User name: Netwerkservice
Domein: NT AUTHORITY
Logon-ID: (0x0,0x3E4)
Priviledges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege
Is this evidence that my laptop was hacked into?
Many thanks.