Hello all,
My name is Roman and I am from Southern California. I am an Art Director for a local magazine and I’m interested in keeping my servers (at work) and my personal computers safe from intusion. Here is my dillema:
For the past couple of months, maybe longer, I’ve had an individual gaining access to my personal email, chat, and even bank and phone accounts even though I religiously change passwords. I thought it was my wireless network at home but i since disconnected it, it did not work. I use a wireless network at work which I’m told is secure but when I change passwords or create new email identities using home or work computers he can still gain access. I’m at a loss. Here at the things i’ve done so far:
1. Changed passwords frequently
2. Downloaded anti-spyware detection software (computers come up clean)
3. Put passwords on my laptop and PC at home and at work (no one else has access to my personal/work computers except me)
4. Checked for keyloggers on keyboards
He’s cocky, and says he does what he does for a living and even harrasses my email contacts with nasty letters posing as me. It does not seem to matter where i’m at or what system im using (wireless or hardwired), my own or my work, he still succeeds in getting the info he wants. Is there anything else I need to watch for or do? Is there spyware that is completely invisible?
The one thing I have saved from him is the many yahoo identities he’s created to harrass my family. Can these be traced? I sent a complaint letter to yahoo about 3 days ago but I feel there is little they can do.
Any advice would be greatly appreciated.
Roman
I would try going to an internet cafe and set up three free email account X, Y and Z. One will only be logged into using the cafe (X), another only at work (Y), and the other only at home (Z).
Then, write to the one you use at the internet cafe (X) from the one you’ll use at work (Y) and tell X about this guy. The next day, visit the cafe and write from the cafe address (X) and respond to your work (Y) email saying something that will provoke him, perhaps that he can’t see the communication between Y and X, etc….
Egg him on like this for a few more days and see if he takes the bait, if so, you know your work address is compromised and that the person is probably an employee using a packet sniffer on the company network.
If it doesn’t work, then do that same thing, but this time with X and Z. If he sees the communications from home (Z) to the internet cafe (X), then somehow, he has hacked into your system and is avoiding your security settings.
If he takes the bait, let me know and we’ll go from there.
There is spyware that can not be registered (remote control software), but no matter what, it is going to register an open port (or open, then close).
Tell me about your security set up – what OS, Firewall, etc?
Regards,
Jim.
Also – Computerworld released an article in April that let those relying on Wired Equivalent Privacy (WEP) protocol for wireless security that there is a big risk! A few German security experts found a way to tie into WEP protected data in less than 60 seconds!
The key is to switch to WPA encryption, this is still not bullet proof, but chances are wireless hacker is not going to set there for hours collecting packets.
The WEP Security aritcle.
Greetings Jim,
When I took down my wireless network (at home) about 3 weeks ago I once again redid all my passwords, but only about a week later while chatting on gmail (wireless at work) on my personal latop I noticed that the gmail chat window kept minimizing by itself, so I logged into another account set up for me by a friend and the problem went away.
This weekend (at home) I also tossed my router (Belkin) and plugged my cable modem directly to my computer which seemed to give me a new IP address. I did a ground up erase and reinstallation of my OS software (on my desktop computer) and turned on "stealth mode" and "firewall logging" options on my firewall. I plan on doing the same thing to my laptop but in the meantime stopped using it and pulled it’s wireless card.
I also went to my local internet cafe and made email identities X, Y, and Z. I am going to implement them probably today and wait to see what happens.
My questions for the day are: Can a complete ground up restoration of Operating System software get rid of spyware? And, once spyware has been irradicated, will changing internet carriers keep the same hacker from finding me, like using Cox instead of Verizon etc.? Or will just having a different IP address be the same?
As always, thanks for your help!
A few things here Roman:
Your router has its own MAC (Media Access Control) which is a unique identifier that is used by your ISP to assign an IP address to. It is also used in a Wi-Fi router to tighten security* by allowing only a specific MAC to connect to the router
Your computer’s NIC card also has a MAC. So, when you plug in your computer, your ISP will grant you another IP address.
If you look at your routers administration section, you’ll likely see the option to copy the MAC. What this does, is to copy the MAC of your computer into the router so that your ISP never knows that you are using a wireless router.
Why does an ISP care about the number of IP addresses? Some ISP’s will charge for each additional computer connecting to the internet ($5, etc). If they see you are changing MAC’s, then they know you are using multiple devices. Most don’t care anymore. *However, the MAC can be sniffed, then forged, so don’t rely on this as your sole security solution, rather a step towards tighter security.
Does a ground up install remove spyware? Nope, not always. The smart stuff can use your master boot area to hide, so to completely remove everything, blow away the MBR as well.
How do you blow away the Master Boot Record? It’s an old DOS command that many people don’t know about. It is:
fdisk /mbr
This command causes the system to write the master boot record to the hard disk without altering the partition table information.
Here is more about the Master Boot Record.
Changing carriers can have the effect of stopping a hacker from finding you, provided you don’t have some program that associated your ID with your IP. For example, say you are a member of a forum that is run by the hacker, he’ll see the Roman logged in under a new IP and will then go from there.
I say ‘effect of stopping a hacker’ because if the hacker knows your location and the ISP is small enough, they can run a port scanner on the allocated IP addresses, search for an open port (say you are running a website on port 80), scan the contents and once matched, they have you.
It is highly unlikely someone would go to this trouble and the ISP’s you mentioned would be too large to work with – but I had to explain
So, your answer. Plug your router back in, duplicate the mac address (router will look like your computer) and then do the rest (formatting, new installs, etc).
Greetings Jim,
Great info!
This is actually my first forum. Also, I was told that some types of online gaming could make one a target for hackers? If that’s the case, I had been playing "Return to Castle Wolfenstein" for the past 2 or 3 years and I believe at different times it’s hosted by different servers – you just click on the server you want to join. I would only play this game on my desktop, never my laptop but all they would need is a location, correct?
As far as "packet sniffing" is concerned, does it require an actual program loaded into the victims computer or is that done remotely, and is it only exclusive to wireless systems? (Not corporate, but an individual home system hardwired to a router)
I did see the dup feature when I had my router up but never used it. I will have to try that.
Hi Roman,
Online games have had their share of vulnerabilities, but the big games usually stay up to date and offer patches. They would need you to click on the game from the laptop to get in, unless, they got into your desktop and scanned your laptop and found open ports. Not likely if you utilize basic security measures. I doubt you have anything to worry about with Wolfenstein.
Packet sniffing does not need to have a program installed on the computer
Hey Jim,
My wife just informed me that our hacker friend had just sent her two emails. Nothing written on the first one and one referencing her myspace acct. In the headers there are IP addresses shown. Can these be traced back to the person? What should I do with this kind of information? It’s got to be useful for something?
The IP addresses can be tracked back provided the person was trying to hide (or didn’t know what they were doing).
Send me a PM with the message (header with IP’s, etc) and I’ll take a look. If you are lucky, the IP may map back to a location you are familiar with – you never know what might ring a bell.
Also – do the other messages have matching IP’s?
Regards,
Jim.
I’m afraid I don’t know what the PM is?
My wife deleted the emails but printed out the headers and content. Are there any items on the headers in particular I can take from them that would be useful to you? I will have to scan them otherwise.
The IPs seem to be different in the two emails but she may be looking in the wrong places… I will have to check when I get home.
Look for matching IP addresses from the two emails.
PM is Private Message – if you click on AMPC you see the ability to send me a private message so that others do not see your information.
Regards,
Jim.