Suggestion Anyone?

[Galdron]

Originally posted here by masterchief
Lost AOL privileges due to heavy e-mail useage.
I need solid info to bring to my lawyer who knows nothing about computers and believes that no one can hack in and use someone's machine, e-mail accounts, and files.

Well if you lost your AOL privies. because of a malicious act. you should start by appealing to AOL. (they suck by the way) They (should) have logs of all actions with regards to your acct.


http://www.emailabuse.com/report.asp

Your Lawyer does not use E-Mail? Where are his offices Mayberry?

Kazaa and a lawyer who still wears a wig in court? Sounds like an ugly situation.


I agree with above posts regarding the amount of info you need to provide, regarding your HW, and systems. You will get much better answers by specifying your Technical situation.

[masterchief]

Computers aren't networked. The 3 affected computers all connect thru their own dial-up. The computer that did the most damage, i.e., all the e-mails, file changes, etc., was the computer guy's desktop. All machines had a dual option: AOL or a local ISP and could connect at the user's discretion. All operated Win98, no firewalls, and Norton 2000 with no updates since 2000. The problems began in earnest 7 to 10 days after what looked like an e-mail test takeover of my AOL account (logged on and sent hundreds of e-mails without my knowledge). AOL shut us down, then, restarted us. The day it started, the computer was online for several hours downloading a patch for a business program. It logged off, rebooted, installed the software, and BAM!, off went the e-mails.

[moxnix]

Your best bet is to contact the FBI as nihil suggested. They can even point you to a knowledgeable lawyer.

[masterchief]

Correct me if I'm wrong on this: 1) With the right info in hand, someone can access your computer; 2) Then, use your computer at will; 3) Change files as desired and wreak havoc; 4) Send e-mails using your accounts; 5) Access any crucial info on your units like financial info; 6) essentially steal your identity and just destroy your life. And in the end, it all looks like you did it, and its up to you to fix it and prove it wasn't you. So, I'm replacing all the Win98 machines with XP Pros w/Norton + firewalls, and from everything I've read, XP has the same if not more flaws.

A simple "Yes" or "No" will suffice: Am I correct about all this?

Thanks loads for all responses and help.

[OlySiteOp]

For the most part, yes. Except Win98 != WinXP. WinXP is still actively patched when new flaws are discovered (albeit slowly).

A few tips.

#1 - EDUCATE YOUR USERS - most important factor by far
#2 - Deny All, then allow only the required users/services
#3 - Update, Update, Update. Your Virus/Malware/Adware/etc protection is only as good as your last threat database. New threats are discovered daily.

[moxnix]

1. Yes
2. Yes
3. Yes
4. Yes
5. Yes
6. Yes and No (depends, but you didn't want an answer?)

[bucket]

I see from your profile that you are the president of a medical billing company.
I wonder if your lax security procedures constitute HIPAA violations ?
Not what you wanted to hear, but........

[CT2600]

If I were you, I would start putting some security measures in place to prevent this type of abuse in the future. I would lock down user accounts and implement complex passwords. Avoid the use of the administrator account. Ensure the AV software is implemented and the signature files are up to date. Learn about the audit logs and the events that are being tracked and above all implement a hardware firewall between your network and the DSL modem.

[darkes]

masterchief, my reply would be NO.

The answer to questions 1-6 is still yes, but question 1 is the key question.
WinXP pro is vastly more secure than Win98 if set up correctly.
In technical terms, it is a completely different operating system.

It has far less flaws than Win98, and more to the point new flaws are fixed, and an updated AV scanner together with a correctly configured firewall will pick up on most other things as well.

For a start with WinXP you can set up 'user accounts' as CT2600 mentioned which have limited privileges, which means you can restrict what the users can do.

If you are using this in a business environment, then maybe you should get a reputable computer consultant to give you the low down on what to do?
Try friends, familly, or other small businesses to get a decent recommendation.
Basic advice shouldn't take more than one or two days

[alanmott]

Tedob1 is right. If you need help from this thread then we need lots more detail on the topology of the network and how it connects to other systems, such as the Internet. But for you, the first place to start with is the logs. You should have logs on your servers, workstations and, if you have them, network devices such as routers. Start from the outside and work in loooking for suspicious or otherwise out-ot-pattern activity. Starting from the outside and working in should start to give you an idea of where the attacker broke in. From there you can start to narrow the search the first compromised servers/workstations to see what the hacker did. I'm sure many of us on the forum could provide some help in looking at the logs if you provide network topology details and post the logs.

Regards,

Alan Mott