puzzled - tough security issue

[Eyecre8]

Did you say you switched ISP's?
I am ashamed to say that yeeeears back I knew a sysadmin out of Brasil that
didn't have the best of ethics. He tried giving me Telnet access to one of
their mailservers in exchange for an account on a server that I ran.
Needless to say, I don't think its benieth a weird sys admin at an ISP to pull a stunt like this.

[Trench_Rot]

I think Eyecre8 already suggested this, but check out your friend's system. This seems to be an important peice of the puzzle. So far it seems to be the only unchanged variable.

Your countermeasures, such as chaning ISPs, countries while obtaining a NEW laptop would thwart most hackers. You'd think someone with this "ability" or persistence would embark on larger endeavors than making you life hell. Not that you're not imprtant

Back to what I was saying... It seems like her machine is the only constant and could very well be the hub for your troubles.

Let us know about this.

[Tiger Shark]

Wrong track guys......

I thought about that too but that would require the target of the abuse to have the cooperation of any other female he has written to.

If it is her monitoring his machine, (and I'm not counting that out entirely - he says it hasn't been physically compromised but, then again, he probably hasn't thought about the victim being the perpetrator - a situation where I spent 8 hours of a perfectly good night being interrogated by military CID once.... fun, fun, fun..... ), then the Glenn Close comment is right up the correct alley....

Run Awaaaaaay....

[dynamoo]

I'll go with the Boot CD idea too. I've tried Knoppix though and I didn't like it that much - I've got Mandriva Move coming in the post (yeah, I paid for it rather that download it, I'm like that!) which does a similar sort of thing.

Some thoughts.

The router - well, I don't know Linksys routers very well or their capabiltiies, but it is possible that the router has a logging function (my Netgear one has a limited logging function) and that remote management for the router has been enabled. With remote management, the hacker could basically open up any port they want remotely - they could have gained remote management through a previous successful intrusion.

Wireless - maybe you don't use it but can you confirm that it has NO wireless or the wireless is defintely turned off.

A question - on the email messages, does it seem that the hacker can read the whole email or just the message title? If they're just reading the message title, then maybe they have some sort of logging function enabled rather than a full compromise.

Check your proxy and autoconfig settings in IE. Make sure that you're not using a strange, alien proxy that you don't recognise.

Check your HOSTS file - now I personally have lots of entries in my HOSTS file but most normal people should have something like:

# Copyright (c) 1993-1999 Microsoft Corp.
#
..blah blah blah..
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Any other entries in the HOSTS file are highly suspect.

As for TEMPEST - well, it's a way of snooping on electromagnetic radiation from computers. CRT monitors are the worst for leaking EM radiation. Laptops leak a lot less and are much harder to do a TEMPEST attack on. A patient amateur could probably do a TEMPEST snoop on a CRT, a laptop would probably require the CIA! It's unlikely though, but the whole scenario is a bit unlikely.

Finally, and most disturbingly, the hacker could have access to your ISP logs. They could even work for your ISP. There's a limited amount you can do in these circumstances, but if your PC is clean (especially if you boot from Knoppix or Mandriva), your firewall is clean and there are no physical devices on the computer, then it could be a possibility.

Another hint - use an external proxy service for your web browsing. I use Megaproxy. That should create a secure layer that will be very difficult to snoop on if your router or ISP is compromised.

[Tiger Shark]

So.... Where'd the OP go?????

Hello.... Ropester.... You out there?

[dalek]

Maybe we were a little.......late

The Glenn Close thing might be right on the mark!!!!

[alleyCat]

ropester: Do you sit on your computer by a window? Maybe they are using a high powered telescope to record your every action and keystroke and hence compromising any accounts or other systems you use...

*shrugs* well I thought it was funny...

[Eyecre8]

Originally posted here by alleyCat
...Maybe they are using a high powered telescope to record your every action and keystroke and hence compromising any accounts or other systems you use...

Heheh.. just watched the movie SNEAKERS the other day. They acquired a guy's login/pass by filming his from a distance and watching his fingers and what keys they pressed

Heheh... maybe our boy here is in deeper than he thinks! There something you aren't telling us? Are you on the receiving end of a 3 letter agency?

[Tiger Shark]

Too late.... Glenn got him....

Or he realized he messed up....

I vote for the latter...

But he might have realized that he was posting here from the spyed on box - and he realized that it might not be the best idea.....

[EDIT]

He was last here at about 2:25 am yesterday.... Daleks post scared him away.... <LOL>

[/EDIT]

[Trevoke]

Seems I'm reviving dead threads here, but I am kinda curious about what's happening to ropester nowadays...