> I understand you perfectly but there are some points I want highlight: > Then there is a huge number of hacked site and hackaed desktop out there. > Many people > didn't know that their pc or phone is not under their control anymore. > The new frontier of hacking is espionage. None want be discovered.
Hacking for espionage is not exactly a new trend. > 2) Sometime the old schema to pull out evidence of hacking are not valid > anymore. > For example if you are Edward Snowden all that little and subjective things > that are not > important for a common person become very important because the context is > very > different. You have no chance defending your desktop against each and every attacker, no matter which operating system you have running. Even OpenBSD had a remote root hole just a few weeks ago. Even if your operating system is impeccable, the code running on your mother board and your network card is probably anything but. It's no wonder, that professional services still rely on air gaps to protect their most valuable assets against compromise. Note: professional crypto services deploy their algos on dedicated hardware, not on random personal computer systems. Low security means, that stuff runs on an FPGA, high security stuff runs on discrete logic. Going to a professional crypto outfit still doesn't buy you much, if that crypto outfit turns out to be owned and controlled by a government agency. To make a long story short: there is no such thing as a system, which is secure out of the box. If you think, that your system is actively exploited, revert it back to a known, secure state, wait for the exploit to hit you again, and have a network sniffer ready to figure out, how the exploit works. PS: Since you referred to Edward Snowden: the exploits published by him and later by wikileaks were not really breathtakingly innovative. Do not expect to find a completely new attack procedure in your investigation, whatever turns up. PPS: Like others, I have seen quite a few computer systems with "evil viruses", that turned out to have faulty memory or a failing hard disk. I expect you ran a complete offline check of your hardware before you started suspecting foul play. Yes?
