Re: Need advice about hacking and security

From:
Date: 10/29/02 

Date: 28 Oct 2002 15:13:46 -0800

"Ron Ruble" <raffles2@att.net> wrote in message news:<3dbd2bef$0$1447$1dc6e903@news.corecomm.net>...
> "darlene" <dlor60@hotmail.com> wrote in message
> news:83724cbc.0210280109.db1dc12@posting.google.com...
> > If anyone can please give me some insight about some computer
> issues,
> > I would appreciate it.
> >
> > Since I've had my used computer for about 2 years, I've had my
> privacy
> > violated to the extreme. All of my email accounts - Hotmail, Yahoo,
> > my Outlook, my personal files have been tampered with.
>
> Yahoo, Hotmail, and Outlook, if you use the default
> preferences, is like walking around with a big "Kick Me"
> sign on your back.
>
> They are not designed with security in mind. The best way
> to protect yourself on Hotmail and Yahoo is to remember
> that they can't divulge information they don't have.
>
> Rather than give lots of information to them, provide
> only what they absolutely require, and select the "do
> not put me in any online directories" options.

You would think that would be enough, however, one of the individuals
who has been hacking/spying on my computer for so long is very
arrogant (and sick?) I consciously created that new email account and
blocked ALL unsolicited incoming mail and within a few hours received
the porno 'opt-in'. I've also received email addressed from myself,
TO myself which I obviously didn't send. I didn't know someone could
duplicate an email address. This 'person' enjoys flaunting its
capabilities - After that incident this 'person' posted in a ng that
she received an email from herself, just to let me know that it IS her
who sent the letter, and in essence is letting me know she is one of
the hackers.
>
> Outlook also requires a lot of tweaking to secure it.
>
> > The sites
> > where I frequent, some sock puppet apparently take personal info
> from
> > personal emails and post them in their messages.
>
> There is no private email on the net. If it's private
> and personal, either don't put it in an email, or
> encrypt it. Email is a postcard delivered by
> passing it around your entire neighborhood,
> rather than handing it to the post office.
>
> A postcard, only the postal employees can read.
>
> An email, any mook on any of the intervening
> servers can read. And many system admins
> leave directories unprotects.

Good advice, but a little too late for me.
>
> > I receive offensive
> > purported porno 'opt-in' emails that I did not subscribe to - even
> > within a few hours of creating a brand new email account.
>
> Part of that is spammers targeting every possible
> id on all the main services. The email address you
> use on this mail is simple enough you'll get lots of
> hits. Change it to something like d90_lor4567
> and you'd probably see a huge reduction, just
> because the spammer's random id generators
> wouldn't try something that unusual as often.
>
> > I also get
> > taunted by a psycho cyberstalker who puts her name in the 'subject'
> or
> > email address of porno junkmail to make it appear to be unsolicited
> > spam.
>
> There are some web sites that detail cases of serious
> cyberstalking. It sounds like it's time for you to get
> serious about your computer security education.

Yes, I know. Last year I was dropped from my ISP, being accused of
being a "multiple user" which was a violation of their service
agreement. I was annoyed because I had no idea what they were
referring to, but after I investigated their accusation I realized
that this was the first evidence I had of the hacker. They asked me
if I had another computer which I don't, and even had the name of the
other "user." I sent emails, called, left messages to investigate,
but Netzero didn't want to deal with it - They sent me a final letter
saying it was my responsibility to secure my password. It was so
ridiculous...
>
> > I frequently get these prompts "...computer shut down by the remote
> > computer," "Password or access denied by the remote computer" or if
> > I'm using a program I'll get kicked out accompanied by the message
> > that says something to the effect of it "being used by 'another
> > user'."
>
> Sounds like you may have a trojan. The good news is
> there are tools to detect and remove trojans. The
> bad news is, unless you secure your system, they'll
> come right back. Do a search on Yahoo or Google.

I don't know what a trojan is - I do know that I used Ad-aware
several months ago and found about 40 spyware components.
>
> > What can I do about all of this? I have 3 suspicions as to who is
> > behind this crap and all have their motives, but I would like to
> know
> > what are the legal ramifications?
>
> There is no general answer. First, you need to prove
> who is doing this. _Very_ difficult, if they are at all
> knowledgeable. Most police departments aren't
> capable of understanding the problem, so they
> won't help. For legal advice, you need to contact
> a lawyer. In some states, there are laws with teeth,
> in most there aren't.

True, the police are not even sure of any regulations regarding the
internet. They were only aware of issues that may involve credit card
number theft/fraud, etc. You have no idea of the extent that this
individual has gone infringing upon my life. I have my suspicions of
who is doing this, and the person by leaving her name in ng's seems to
believe she is above the law by taunting me. If I find that she has
violated any laws (besides my privacy), I will find a way to follow
up. ;)
>
> Direct your newsreader to news.grc.com
> Gibson Research has a series of newsgroups dealing
> with security and protection.
>
> Also check out http://www.cert.org, particularly
> http://www.cert.org/tech_tips/. You'll find links
> there and on the grc newsgroups to more
> information.
>
> You probably need a firewall to start. A software
> firewall is fine, but if you have a broadband connection,
> you may want to use a hardware firewall or router.
>
> Get ready to back up all your data. You're likely
> to need to wipe and reinstall your OS and all
> applications to be sure you're secure.

Huh? All of this is right over my head! firewall? OS? I'll look it
up. Someone did suggest I re-install my software, but I thought it
may remove any proof of individuals tampering with my computer.
>
> Expect to spend a _lot_ of time learning what you
> need to know, and a little regular refresher for new
> information (a couple of hours) every few weeks
> for the rest of your life.
>
> Good luck.