Suggestion Anyone?

[shaggy100]

Agree with all other members responses....but I think the horse has already bolted....I really think you need to introduce sweeping changes and examine how your network/computers are used. Also introduce an AUP (Acceptable Use Policy) and make ALL staff sign it....gives you some control and is better than nothing...

Other than that listen to all the senior members...they really know their stuff....

[11001001]

Well, with regards to the legal end of things...

Originally posted here by nihil
Report to BOTH the FBI and Secret Service.............you have obviously suffered losses in excess of $5000...................that's a Federal one!

It might not be fruitful to report to the FBI at this time.

First, try calling the local PD. They can point you in the right direction; I think the Berkshire County District Attorney has a computer forensics unit.

If not, the local PD can put you in contact with the State Police Computer Crime Unit, or the Attorney General's Computer Crime Unit.

Basically, this is not a case that the feds would get involved in.

[masterchief]

Thanks to everyone who responded. From reading the posts and material on computer forensics and hacking, not only was this possible, BUT, by moving the computers around and continuing to use them, trying to track down the culprit is a waste of time because it's the equivalent of contaminating a crime scene. The evidence is now considered tainted. Any thoughts?

[darkes]

masterchief,

Yes I would agree with you, as you almost certainly have little real evidence left.
AOL should have something, but that is probably not enough, as it is your responsibility to take adequate measures to protect the PCs that your company owns.

I mean, come off it, allowing Kazaa to be installed on a business PC????
This would be grounds for immediate dismissal at most companies that I provide my services to.

And no firewall or up to date AV scanner running under Win98????
Gross negligence in my view!!

You can prevent this sort of thing happening in the future if you get some outside advice as to how to adequately secure your upgrade to WinXP.

The important thing here is that even if someone has access to a users account, the amount of damage they can do will be limited as long as you keep the details of the administrator account (you should rename it anyway) secret, and only available to those you trust.

[masterchief]

I should clarify: the e-mailing was done on both my personal and office computers. It was the personal one that my daughter installed Kazaa on. I ORDERED her not to. However, she did it unknown to me, used it, then made sure that there was no desktop icon, etc. Like most people who aren't computer savvy, I click a desktop icon to go where I want to go. I only found Kazaa when the first virus struck because I looked at the installed programs list and found it.

The first e-mailing occurred from our personal computer when my wife logged on to check e-mails. BANG! Hundreds went out. A week later, this happened again with my office computers which were on, downloading info, and unattended. The reliable staff that follows company policy utilizes a local ISP using a secure data line. The rogue staff uses AOL accounts. It was my daughter logging on through a company computer thru the AOL account looking for an e-mail from her sister that triggered the e-mail/file changing debacle.

It's tough looking for answers as to who did this and why.

As we speak, new Dells are going in with accurate protection. At home, we've replaced the Dell with an iMac.

I've done this because once someone steals who you are using computers, it's tough to recover. And I don't mean financially or hardware or software. My wife and I feel used and violated. Psychologically, the impact of what's happened is immeasureable. It's destroyed our trust in our kids, our employees, and the net.

Thanks.

[darkes]

Well, I'm guessing a bit as to what happened here, but it would seem to me that the most likely sequence of events was as follows.

Firstly, your home PC was seriously compromised, and infected with umpteen viruses because of using Kazaa to download infected files, which, incidentally, is probably illegal anyway!
Better not mention that to the RIAA ......

I would then assume that your daughter managed to infect her sisters PC by sending her something. When she used the same account in your work environment, the virus(es) got transferred back into your business environment, and all hell broke loose.

This should not happen if you have up to date AV protection and a proper firewall.
Even a home PC running WinXP with a software firewall and a professional AV scanner would pick up on unusual email activity, and alert you to the fact that something might be amiss i.e. before AOL picked up on it at their end.
AOL will have been running something similar, which is why your account was suspended, as they detected you were transmitting viruses.

The most important thing to bear in mind is that this is almost certainly not a personal attack on you or your business.
Unfortunately, this sort of thing is becoming very profitable for criminal elements, as a compromised PC can be very valuable.
Compromised or 'hijacked' PCs are used either to send spam (unsolicited emails) or used en mass to try and make a particular web site unusable. There have been several reported cases here of companies being threatend if they don't pay the protection money to stop this happening.

All they do is look for weak points by scanning PCs at random, and in your case it looks like they hit the jackpot.
Really very similar to the way a burglar might wander down a street trying front doors at random to see if they were unlocked.

I would only add that if you do suffer a similar problem in the future, then as you put it 'don't tamper with the evidence' - turn off the offending PC and get the experts in to look at it.

I wouldn't be too hard on your daughter, as I'm sure she didn't know what the consequences might be.
Don't assume that iMacs are immune to viruses - they do exist!!
Much less likely than on a Windows PC though, as their market share is so small.

[darkes]

masterchief,

To clarify, the main point I was trying to make earlier today is that I think you are jumping to conclusions in assuming that any of your employees (past or present) are guilty of doing anything wrong.
Without having physical access to the PCs involved, I obviously can't tell one way or other.

The scenario I outlined is perfectly plausible, and seems to be the best fit with the information that you have provided. At least if your new PCs are adequately protected, then this shouldn't happen again, regardless of the source of the problem. To put it bluntly, it is completely pointless running an AV scanner which is years out of date.

I'd be very wary about looking into any legal action, as it is quite possible that it is you (or rather your daughter) who broke the law in the first place. In the US and most of Europe it is not legal to copy copyright material (i.e. music) which you don't own, by downloading via Kazaa for example.

In the US, the RIAA has successfully issued law suits against those who have done this on a large scale ....

[masterchief]

Well, guess what? A new Dell running up to date Norton anti-virus and firewall was compromised and had a bunch of e-mails go thru it that we didn't create.

My feelings for the new iMac are getting better by the day.

Thanks for the input everyone.

[darkes]

Originally posted here by masterchief
Well, guess what? A new Dell running up to date Norton anti-virus and firewall was compromised and had a bunch of e-mails go thru it that we didn't create.

My feelings for the new iMac are getting better by the day.

Thanks for the input everyone.

Oh well, my final comment on this is that what you are saying does not add up at all.
Maybe you were just joking all along?

I'm assuming of course, that you have an up to date version of WinXP pro which has been correctly set up, and that is extremely unlikely.
I would not expect this to happen to any PC that I set up, and would correct it in the unlikely event that it ever took place, as I do some work for small businesses.

Who set up this PC?
Do you have a hardware firewall?
How is WinXP configured?
If you just buy a PC from Dell, that is wide open, unless you invest some effort in securing WinXP.

I could go on for ever, but if you think you are more secure using Macs then carry on down that road.

[!mitationRust]

Ummmmmmmm., if you don't have the time to invest in locking down XP,nor care about all the tweaks then mac is the way for him to go.IMHO