You can’t. Not in any absolute sense.
There are definitely some clues to look for, which I’ll review. Ultimately, though, there’s no way for the average computer user to know with certainty that a hacker isn’t in the process of weaseling in, or hasn’t done so already.
Perhaps now you’ll understand why I talk so much about prevention.
And I’ll talk about it some more.
Become a Patron of Ask Leo! and go ad-free!
A hack generally involves unauthorized access to your data or computer. Symptoms can include excessive network usage, excessive CPU usage or heat, excessive disk activity, new pop-ups, instability, and unexpected online activity. All of these happen for other reasons, but can also be signs of a hack. Prevention is far simpler, and less costly than recovery.
What is a “hack”, anyway?
There’s no consistent definition of what it means to be “hacked”.
We tend to think of it as someone gaining unauthorized access to the information kept on our computer, or someone with remote access to our computer running their own programs on it.
Someone walking up to your computer and logging in as you because they know your password is a “hack”. So is someone elsewhere on the internet penetrating your security software. If you accidentally download and run malware, you’ve been hacked.
All of these are considered “hacks” if they give someone else access to something they’re not supposed to have access to.
Hackers try not to leave clues
A talented hacker leaves no trace. This is one of the concepts that makes so-called “rootkits” different than more traditional malware: rootkits alter your system so normal ways of looking for files will not expose the malicious files of the rootkit.
The same is true for just about any aspect of hacking: event logs can be emptied, file date and time stamps can be arbitrarily set or modified, files can be renamed or hidden; even malicious programs can be designed to run as part of a legitimate program, or look like a legitimate program themselves.
So what can you do?
Start with prevention
This is where I repeat my standard litany of “stay safe” advice:
- Use security software.
- Keep all your software up to date.
- Know how and when to secure your internet connection.
- Stay educated about the latest threats and safe internet behavior.
Prevention is much more effective by far than any attempt to detect a malicious intrusion, either during or after the event.
Clues to look for
I want to stress that these are clues, not indicators. Any or all of these items can happen for a variety of reasons, only one of which is malicious activity. That’s why this is such a difficult question to answer and such a difficult situation to be in.
So don’t panic if some of these symptoms happen to you — you may not have been hacked at all. In fact, I’ll say that without other evidence, it’s very likely you’ve not been hacked. It’s a conclusion I see many people jump to, and most of the time they’re wrong; the symptoms happened for some other, often benign, reason.
But do pay attention. It’s possible you have been hacked or you have other issues you’ll want to act on.
If your security software has been turned off or disabled, that can be a symptom. The purpose of security software is to alert you when malware is present, so some malware attempts to prevent that by turning off scans, real-time options, or even disabling the tool completely.
While security software can be turned off for other reasons, and finding it turned off is not a guarantee that a hack is underway or present, it’s a symptom that needs to be corrected.
This might be the most common impact of malware and hacking these days: excessive internet use. Be it having turned your machine into a spam-sending zombie in a botnet, or a hacker in the process of accessing all of your files, excessive internet use is high on the list of symptoms to look for.
This can manifest in two different ways: your own internet activity will seem sluggish or slow. Page loads will take forever when in the past they didn’t; videos may not play smoothly; and downloads might take an excessively long time. Or, if you’re on any kind of internet connection that monitors the amount of data you use (like many mobile plans), you’ll see your data usage spike or skyrocket with no explanation.
Your machine unexpectedly slowing to a crawl can be a sign of malware. On occasion, malicious software or hacking attempts run software — intentionally or simply poorly written — that makes excessive use of your CPU. As a result, whatever tasks you’re trying to do don’t have the resources to do them quickly.
This is really your CPU usage becoming apparent via a different symptom. High CPU usage can generate high heat. Even if your machine is behaving normally otherwise, if it’s abnormally hot to the touch or the fans are running at high speed when they normally don’t, malware could be making excessive use of your CPU.
This is easily overlooked. Your computer may be excessively busy, but be responsive and cool. It’s possible the malicious software is constrained by the speed of your disk, which could be thrashing away like crazy. This is particularly true of ransomware — its speed is limited by your disk as it makes its way through encrypting your files.
Malicious software often hijacks the software on your machine to promote advertising and other kinds of information in pop-ups. It’s important to understand what’s been affected, though. Pop-ups can appear either inside or outside your web browser.
If the pop-up comes from within your browser (so hiding your browser hides the pop-up as well), then it’s likely not due to software on your machine, but rather the website you’re visiting. On the other hand, if the pop-up appears separately from your browser, or perhaps takes over your whole screen, then malware could be the cause.
Unfortunately, neither of those two rules are absolute: malware on your machine can appear within your browser, and malicious websites can make it look as if they’re running software on your machine. Either way, new and unexpected pop-ups are worth paying attention to.
Malware has become more sophisticated over the years, but “all software has bugs” applies to all software, regardless of intent. Malware has been known to have bugs that crash or otherwise impact the stability of your entire computer. Even unexpected reboots can be attributed to malware and hacking attempts.
Of course, the intent of a lot of malware or hacking is to gain access to your log-in credentials for online sites and services — anything from email to your bank and everything in between. It’s important to keep an eye on the activity in your accounts and other locations not strictly associated with your computer.
Your computer might be hacked, but at first, the only sign might be an unexpected login to your email account.
As I said, all of these symptoms can occur for many different reasons that have nothing to do with being hacked, but there is another clue that can help determine if that’s the case: timing.
If things are going well and all of a sudden you experience some of these symptoms without explanation or cause, or perhaps they start to happen immediately after you “did something” — like download something, install something, or visit a new website — that’s additional data to consider. Again, it’s not a definite sign of being hacked, but it can suggest a hack is possible.
On the other hand, if a symptom is something you’ve experienced periodically for years, then it’s unlikely to be anything malicious, since it’s nothing out of the ordinary for you.
If you suspect a hack
If you can’t trust your computer, stop using it.
At least stop until you reach a reasonable level of confidence that all is as it should be, and that your next foray to your online banking site won’t result in, shall we say, “unexpected results”.
The first thing to do is to pretend that your machine has been compromised, and take the steps you would take to remove malware. How Do I Remove Malware? covers these steps. And since not all hacks are technically “malware”, you might also review How Do I Remove PUPs, Foistware, Drive-bys, Toolbars, and Other Annoying Things I Never Wanted?, which covers other software you may have unintentionally invited onto your machine, opening doors for hackers.
In general, full scans with up-to-date anti-malware tools should give you some confidence that all is well — at least from a malicious access and/or hacking point of view.
If you’re still concerned, or if this all seems too much, then it might be time to enlist the help of a techie friend or professional services. It might well be worth it, even if only for your peace of mind.
But, honestly, the best thing to do is never get into this position in the first place. Taking the time to secure your machine is less work and results in less anxiety. This is why I’m so adamant about prevention. The best place to start is my most important article of all: Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet.
It’s significantly easier to prevent disaster than to recover from it.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,