Re: Hackers please help

From: Dossy (dossy@panoptic.com)
Date: Sat Feb 22 2003 - 19:09:09 MST

  • Next message: W.Sadowski: "Re: How's it all playing in France itself?"

    On 2003.02.21, gts <gts_2000@yahoo.com> wrote:
    > It appears that my personal home PC has been hacked.

    Doubtful. But, I'll suspend disbelief for a moment ...

    > Someone unbeknownst to me has discovered the password and email
    > address that I once used to logon to a particular website. [...] I use
    > pretty much the same email and password for everything, [...]

    Is the email address you use common enough knowledge? It probably is --
    so, the only challenge is getting your password. It probably wasn't
    longer than 8 characters, was it?

    > though I have already rushed to change the most critical passwords in
    > the wake of this incident.

    Good move. In general, change your passwords often -- at least once
    every 3 months to be safe, I'd say.

    > This person then impersonated me on the relevant site and used the
    > resulting record of my activity in an effort to disrupt my personal
    > life in a very destructive way.

    That sucks. No matter what, that's a real drag.

    > I have no evidence so far that this person is not also seeking to
    > disrupt my financial or professional life.

    Count your blessings.

    > My PC is generally not physically accessible to anyone other than
    > myself.

    What do you mean by "generally"? How often is your PC physically
    accessible to someone else? Once a week? Once a month?

    > [...] but in this case there is every reason to believe that the
    > culprit was no stranger. The primary suspect in my mind is one of a
    > handful spiteful and potentially treacherous ex-girlfriends [...]

    Presumably, these ex-girlfriends had to have had physical access to you
    and your PC at some point.

    > My first guess therefore is that my security was compromised by some
    > kind of remote installation stealth keylogging software capable of
    > gathering my password information and transmitting back to the sender
    > over the internet. It's my understanding that it is possible to
    > install keylogging and screenshot copying software remotely via email
    > attachments, attachments which would then, if executed, start sending
    > data secretly to the original sender via unseen email.

    Occam's Razor would say your little conspiracy theory is a bit unlikely.

    > She might just as well know right now that I have every intention to
    > go after her ass with a vengeance. If possible I will press legal
    > charges.)

    FYI, if she's clueful enough to 0wn you, chances are, your threats
    aren't scaring her. If you indeed are 0wned, any threats may just lead
    to you getting more unpleasant things happening to you. Not wise on
    your part.

    > I am running Windows XP Home Edition. Until a couple of week ago I was
    > connected 24/7 via DSL, but in the last few weeks I have been using
    > dialup only.

    h0 h0 h0! Windows XP 0wned Edition connected 24/7 by DSL. I bet you
    probably didn't keep up with the latest security patches as they
    immediately came out, did you?

    Did you know enough to rename your owner account? And put a password on
    it?

    Anyone running Windows XP (Home or Pro, but /especially/ XP Home) should
    at least glance over this web page at least three times:

        http://www.blackviper.com/WinXP/supertweaks.htm

    Specifically, number 12 which I'll quote here:

        | Note: If you have previously used the "Owner" or "Administrator"
        | account for "general purpose", your account options could be
        | affected if you rename the accounts. If anything, password them
        | NOW!
        |
        | Most, if not all, games and applications require you to have
        | "Administrator Privileges" to install them. Most, if not all,
        | games require you to have "Administrator Privileges" to use them.
        | Why should you do these things? Crackers need 2 things to access
        | your PC:
        |
        | 1) A user name
        | 2) A password.
        |
        | If you do not rename your Administrator account, 50% of their work
        | is done. If you do not password your Administrator account, 100%
        | of their work is done. If you do not rename your "Owner" account,
        | 50% of their work is done. If you do not password your "Owner"
        | account, 100% of their work is done. This is only valid for
        | Windows XP Pro. For XP Home, skip down a few lines:
        |
        | Disable the "Guest" account. Where?
        |
        | Administrator Tools --> Computer Management --> Local Users and
        | Groups --> User folder --> Right click "Guest" and select
        | "Properties". In the General Tab, check "Account is Disabled".
        |
        | Rename the "Administrator" account. Where?
        |
        | Administrator Tools --> Computer Management --> Local Users and
        | Groups --> User folder --> Right click "Administrator" and select
        | "Rename". Do NOT disable this account. You may need it someday.
        |
        | This is only valid for Windows XP Home: Do this NOW!!
        |
        | Everyone on XP Home, by default, has Administrator privileges and
        | the User name is "Owner". If I know that, so does everyone else on
        | the planet. Change the name and / or password your account. If
        | anything, password it. NEVER have an account unprotected! EVER!
        |
        | How?
        |
        | Start --> Control Panel --> User Accounts --> Choose "Owner" -->
        | Select "Change my name".
        |
        | Also, you should (will) place a password on your account.
        |
        | How?
        |
        | Start --> Control Panel --> User Accounts --> Choose "Owner" (or
        | what ever account you named it above) --> Select "Create a
        | password".

    > In what other ways might someone gain access to my password and logon
    > information to impersonate me at a particular web site, short of having
    > physical access to my PC? Thanks in advance to anyone who can help.

    If I were a betting person, I'd bet you a nickel that you got socially
    engineered or shoulder surfed, and not keylogged.

    Social engineering is likely: if the aggressor is an ex-girlfriend, she
    may have learned enough about you to simply guess your password -- or,
    ask you the right questions to learn the same.

    Shoulder surfing is likely: if the aggressor is an ex-girlfriend, she
    was likely physically present when you logged in using your email
    address and password and simply shoulder-surfed your password out of
    curiousity. Girlfriends like to know these weird little details about
    their partners ... at least the geeky ones do.

    These last two, less likely possibilities, I wouldn't necessarily bet on
    but I wouldn't rule out:

    The first possibility: You may have logged into your account from
    another machine which might have been keylogged -- such as from a
    friend's house, a public library machine, etc. Do you ever log into
    your account from a machine other than your own? EVER? I'm not talking
    about "not frequently" -- all it takes is one time and for that one time
    to be monitored and you're hosed.

    The second possibility: Are you using wireless LAN at all? Even with
    WEP (you know, Weak Encryption Protocol, ha ha ha!) you're not secure
    unless you're using something real like IPSec as well. If all you're
    using is either clear wireless LAN or even wireless LAN with either 64-
    or 128-bit WEP, anyone within range and the right software tools could
    walk away with your network traffic which likely includes usernames and
    passwords. It's not hard for a geeky girlfriend who knows you're using
    wireless LAN to sit in her car parked down the street from your house
    and capture your network traffic and pick out your passwords later on.

    Think about it ...

    -- Dossy

    -- 
    Dossy Shiobara                       mail: dossy@panoptic.com 
    Panoptic Computer Network             web: http://www.panoptic.com/ 
      "He realized the fastest way to change is to laugh at your own
        folly -- then you can let go and quickly move on." (p. 70)
    


    This archive was generated by hypermail 2.1.5 : Sat Feb 22 2003 - 19:11:41 MST