Page 1 of 7 123 ... LastLast
Results 1 to 10 of 62

Thread: puzzled - tough security issue

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    9

    puzzled - tough security issue

    Hi guys, this is my first post but this is probably not going to get resolved on this thread. I want to explain a situation that i am in and it is unbelievably infuriating and disturbing.

    Basically i have a cyberstalker except he is stalking a friend of mine in response to anything i do online that may provoke him. He/they have been doing this for 12 months, i have spent a considerable amount of money on security and got the authorities involved and this person is still able to trace my activities. It appears to have started from a virus to a hotmail account a long time ago and i signed upto yahoo, gmail etc they all got compromised one by one, then persnal mails started getting sent out so i closed everything down and havent used webmail since. Anyway its now moved onto a new level in the last few months and im really stuck as to what to do.

    First let me describe my system, i have windows xp SP2, a linksys firewall, sygate software firewall, a suite of anti-spyware, hijackthis detector etc, ghostsurf, nod32 antivirus and so forth...i run scans daily, occasionally some minor malware appears but everything apart from what i can tell is squeaky clean..

    I actually thought this guy was somehow remotely intercepting traffic between my machine and my ISP or a machine somewhere in the line but i've removed this theory based on a few events.

    First up, i >did< format my machine in frustration a while back which 1) annoyed the authorities so i've not been able to do it again and 2) it apparently pissed him off which means it is something local to my machine and he had to rehack my machine.

    Whatever this thing is it is 1) able to see what websites i have visited, 2) detect what mails have arrived in my pop3 account on this machine and so forth.

    He seems to have a pretty good read on anything going on so assumed he might be logging in via remote desktop and so forth, anyway i have shut down all non-critical services, i am using pix prempt preview software to harden my system aswell.

    Anyway whatever i do he seems to detect it reasonably quickly and email horrible mails to my friend within a day - he also doesn't seem to be able to tell the content of the mails in the sense that i could write rubbish and he thinks its something else. He makes the assumption about some of the content. This again was proved when i sent a very harmless mail from my work place to home email address with 2 words in it as a test and he took the bait and used it. This proved that he somehow can read or has access to my mails coming to this machine.

    I've no idea what this could be but the authorities describe it as very sophisticated, it has avoided all detection systems i've tried and i am completely stuck as to what else i can try to see if there is any more unusual behaviour going on.

    What i want to know is does anybody know of stuff - no specifics required that can essentially do what i am describing above? They appear to be able to circumvent all my firewalls with no problems and nothing seems to be sent off the machine that shouldnt be so i can only assume he is using a common port like 80 if thats possible? Question is how is he monitoring and sending back or is he just hooked in and monitoring remotely? If thats the case, why can everything i have no detect this intrusion?

    Any help or advice would be greatly appreciated as ive run out of ideas and ive probably done more than the average persont o stop this from happening.

  2. #2
    Wow, this seems very interesting if even the authorities can't help you. I really have no good recommendations since you listed everything i'd recommend. Looks like he's watching you remotely, have you tried changing passwords daily, see what traffic goes through what ports. Maybe it's something the person wrote so nothing can detect it yet ? Not sure but i'd like to hear from other members here as well on this matter.

    allenb, nihil, Htregz, come on....
    O.G at A.O

  3. #3
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    Have you scanned your system for keyloggers and the like? There is just one of mant programs called Dameware and it is a monitoring program like you describe but, it has to be installed on both pc's to work properly and he/she has to have your IP address to remotely take over you pc. Do you know of anyone who has a grudge against you or whatever and has or has had access to your pc? I would strongly suggest doing a scan for keyloggers. Do you have a desktop or a laptop?
    Git R Dun - Ty
    A tribe is wanted

  4. #4
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    A software keylogger would not survive a reformat and reinstall. (you did do a complete reformat didn't you?)
    A hardware keylogger would, and that is the only thing I could think of that would give this person immeadiate access to a complete reformat and reinstall of the OS.

    Hardware keyloggers are easy to discover and have to be place physically on your machine. Does anyone have access to your box that you could suspect of placing one on your system?
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  5. #5
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Don't get known and even unknown keyloggers blocked or deleted by most Anti-virus software ? Except offcourse if it is a hardware one but then they should have had access to you computer and you should have seen it (if you know what it is naturally). Or when the "culprit" has rewritten a software one so it doesn't get dedected but then we are indeed talking about someone with advanced knowledge I would think.
    If this keylogger then sends his logs trough the regular email port (which you granted full access rights in the firewall) then it is possible you can't detect it I think. But it should then use the engine of the mail program that is installed and granted access, because if you use a built in mail-engine it should be seen in the firewall logs.

    This is all hard-up thinking ...correct me if I'm wrong .

    What's the chance of the "bad-person" using a website you visit frequently to install the "device" used for logging everything you do? Offcourse he/they/she should have access to this website then.

    Do you have a fixed IP-address or a dynamic one, what's your ISP, have you talked about it with them or did the authorities ...can't they take a look at what happens with your traffic or your ports?

    ? Strange situation

    [EDIT] moxnix was a bit faster with the hardware keylogger suggestion then me, sorry [\EDIT]

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  6. #6
    Senior Member wiskic10_4's Avatar
    Join Date
    Jan 2004
    Location
    Corpus Christi, TX
    Posts
    254
    Basically i have a cyberstalker except he is stalking a friend of mine in response to anything i do online that may provoke him.
    I'd like some more details... namely - do you have any idea *why* he's stalking your friend? And why is it in response to whatever *you* do on your computer?

    What is the nature of your relationship w/ this friend? I'm thinking the culprit may be a jealous ex-boyfriend that thinks something may be going on between you and this "friend"??? I know I'm jumping to conclusions, but it just seems most mysterious to me that anytime *you* do something *your friend* gets a "nasty" email...? What's up w/ that?

    Anyway whatever i do he seems to detect it reasonably quickly and email horrible mails to my friend within a day - he also doesn't seem to be able to tell the content of the mails in the sense that i could write rubbish and he thinks its something else. He makes the assumption about some of the content. This again was proved when i sent a very harmless mail from my work place to home email address with 2 words in it as a test and he took the bait and used it. This proved that he somehow can read or has access to my mails coming to this machine.
    [edit] A keylogger would give the attacker/stalker no way of knowing that an email had been sent from work to home[/edit]
    I don't understand this at all... you sent yourself something via email... he somehow "intercepted" it, yet can't read it... and it pissed him off... wtf? What sort of "retaliation-email" came as a result? ie - what did he 'assume' the email was about...

    Something's fishy here...

    given the security of your box, I find it hard to believe that there's any sort of trojan, etc installed... (unless, as copyright said, it's something he wrote personally) Did you *personally* implement your systems security? Or did you have someone do it for you?

    One more thing - what "authorities" were contacted? Local police dept? ISP? Who???

    [EDIT] It would be most interesting if you could get one of these 'retaliation-emails' he sent your friend and post it here... I just don't understand why he'd get upset that you sent yourself something, and then say something "nasty" to your friend... Also - does he seem to be doing the same thing to your friend's system???[/EDIT]
    My Corner of the Intarwebz: Jeremy Dean Online

  7. #7
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    He makes the assumption about some of the content. This again was proved when i sent a very harmless mail from my work place to home email address with 2 words in it as a test and he took the bait and used it. This proved that he somehow can read or has access to my mails coming to this machine.
    After rereading the post and seeing this section, I don't think it's a keylogger on the machine, because it logs what you type and doesn't record allready typed text in a mail (I thought). So it should indeed be something that monitors traffic that comes and goes from your pc.

    If this is the case , I'm sure the ISP must be able to help you there... ports in promiscue mode and things like that come to mind ?? But then you should have a fixed IP unless and don't block pinging the WAN side of your router (Linksys firewall can do this, no ?).

    Some more network-experienced people here can elaborate a bit more I should think ?

    Although like wiskic10_4 I to am thinking that something "fishy" is going on.

    Your not trying to get tips from us to do what you describe as being done to you are you ? I'm sorry it is offending but we get some strange people here sometimes ... and we have to be carefull .

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  8. #8
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    Do you have anyfriends that come round your house regulary because from what you described your system seems pretty locked down and the format 'should' of fixed it what kind of format did you do was ir fm a recovery console like PC Angel or did you wwipe the harddrive clean and pop in a fresh disk installation. Not unless something is attacthed to some firmware which i doubt but couldnt do any help up-dating all your firmware. Now the reason i asked if you have anyfriends round alot ? do any of them know quite a bit about computers ? if so it could be them messing with you. If you have left them alone with your box they could do pretty much what they want and maybe thats why they are getting access to your several acccounts. Othere than that im stumped

    one other thing do you have a password policy set in place ( ie ) change your passswords every so often not use obvious things that people could find out from you etc
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  9. #9
    Your not trying to get tips from us to do what you describe as being done to you are you ? I'm sorry it is offending but we get some strange people here sometimes... and we have to be carefull .
    Kids asking how to haxor aren't a threat to anyone and there is no chance they'll ever be in the future. Its not that you don't already know... really the whole thing is just an excuse to beat your chest every now and agian, wouldn't you agree?

  10. #10
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    really the whole thing is just an excuse to beat your chest every now and agian, wouldn't you agree?
    I'm not sure where you're going with that statement, but I'm just trying to get a better picture of the things happening ... If I don't write what comes to mind then I'm not being true to myself.

    It has nothing to do with beating my chest or anything ... call me paranoid or anything what you want but don't go turning this in a macho thing of me thinking I need to make a statement about haxor-kids ...jeezzz.

    If this is a "haxor-kid" or anybody else trying to get some info on how he could become überleet or get some info on his "ex-something" ,then tries something stupid, gets cought and then tells the cops he all got it from this website ?? Then what.

    Maybe a bit farfetched but ... that's me being paranoid.

    C.
    Back when I was a boy, we carved our own IC's out of wood.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •