Newbie's email and IM being spied on!

The fact that you are wireless compounds the issue. Before the wireless fact was brought into the equation, I just assumed you had a keystolke logger on your machine. If you download music from any of the shared music sites, you are succeptible to someone getting one one your machine. Your spouse or anyone with access to your PC could put one on your machine. And finally, there could be a built in keystroke logger on your keyboard or the wire connecting your keyboard to your computer.

So to stop the keystroke logger, you can download a freebie proigram called snoop free. That should stop any software keystroke loggers. I would also buy a new keyboard.

Now, if someone has access to your computer because they can access your wireless network, that's more complicated. You definitely need to enabvle WEP. That is Wireless Encryption. You can also limit the number of people that can access your network by programming the router to only give out one IP address. And finally, you can tell your computer not to broadcast your SSID. These actions would secure up your wireless network. But you will need someone that knows how to do this to help you.

 

You are covering the keylogger and spyware issue very well so I'll stick with the wireless problem...

As ThunderZ pointed out, we need to check the encryption and logging capabilities of your modem to know if wireless breaking is possible and if we can find the bad guy's computer serial number somewhere...

I'll just add two things:
to sniff the traffic (with aicrack-ng for example), you do not need an IP address, you're just listening. So giving away only one address is good but not enough.

WEP (wired equivalent privacy ) is not strong enough. You need WPA (Wifi protected access) or better, WPA2 that both combine encryption and authentication.

 

Mike,

I.) I suspect the Wireless to be your biggest weak link. Look on the bottom of your 2Wire modem/router.

If your 2wire modem/router is a 1000xx (usually SW), it will have wireless "B" with 128bit WEP. These models are the older ones sold with DSL that is likely 3 years or older.

If your 2wire modem/router is a 1800xx (usually HG), it will have wireless "G" with WPA Encryption. Your DSL is likely 2 years or less.

II.) If you are having issues getting your work's IT staff moving on this issue, I would consult with your work's legal staff. Advise them that you are concerned about the hospital's legal risk involving HIPPA & Sarbanes/Oxley (aka "sox") with a possible breach in security. Nothing like legal forcing the issue to get things moving along.

III.) If you doubt the physical security of your home (for example, did you check the back of your home computer?), then you should consider other "alternate" methods of "backdooring" your home network:
1.) Someone could have physical access to your network. Condo's and apartments have "common" walls and wiring. If you are in a single home, your chances of being backdoored are significantly reduced.
2.) Check the back of your Router for additional pieces of equipment that you did not install.
3.) Could another member of the household be watching you? (I have had a client who's wife suspected him of having an affair and had a professional install a hardware keylogger in the back of his desktop)
4.) If your home is electronically monitored, check with your monitoring company to confirm whether anyone else has accessed your home when you would have normally been away from home. If there is any suspicious activity, notify your monitoring company and change your access code immediately...

 

could you check the logs on the router itself?
also ive got to say this thread is making me nervous, i use wep encrytion because its the only encrytion supported my my nintendo ds and the new nintendo wii so i cant really use wpa. where i live is generally a safe place.
lodore

 

yeah, WEP is very weak

 

Hello All


Well i thank you all for your participation in trying to resolve this issue. What has happened to mike can happen to anyone so we got to be more aware and find better and better ways to protect ourselve against any kind of threat.

I would not get into straight the technical aspects as i see others are covering it very well. But my area of interest is that mike reported that his emails and IMs are getting monitored or recorded? or both

If its monitored then the possibility is that the user has a remote access to Mike's computer either through the broadband or dial or wireless. So the remote user has peneterated through any of these possible network and must be using any of those networks for monitoring the Mike's computer activity.

If its recorded then there are plenty of softwares which do this for legal as well as illegal purposes.... As there are numerous softwares which promises monitoring and recording of your computer activity and sending you via an email all you need is to buy them and install on the computer you want to monitor


Now Mike would you plz tell me did you downloaded anything from the internet and on which computer and through which network?


Secondly when they sent you an email would plz tell us what was in the email and when you say IMs you mean they logging in Yahoo and logging out in your absence?

Plz elaborate as much as you can because that will actually show the source of the problem. Are you sure that your emails and IMs are been monitored by the same person ? Are you sure that this email monitoring has not happened on your freind's end as it could be that its a chain ?



Mknight

 

well i have to use it so i can use my games consoles wirelessly and not have wires trailing round the house.
its a shame Nintendo DS doesn't support wpa.

 

I tend to equate WEP as being similar in form to a chain-lock on your front door, whereas WPA is more like a deadbolt.

In that regard, a chain-lock is certainly better than nothing...

 

Wow guys..thanks for all of the responses. I have been so busy working, I have been unable to keep up with the forum. I am going to print this up and study it tonight.

What I have done was installed snoopfree, and it only identified yahoo messenger. I installed spycop, and it found nothing. I did the Dr. Web's virus scan, and again, clean. Just glancing through the posts, maybe it is NOT a keylogger and something to do with the router.

I have SBC, DSL with a 2wire 1800HG router. The router connects into my ethernet card on the back of my desktop, and wirelessly to my laptop, which is portable.

Like I said, the snoop free and spycop found nothing. I will read through the posts to get what you guys said specifically. I have a lot of reading to catch up on! Thanks!!!

Mike

 

One more thing, you guys..before I dive into your other responses.

This all began when "Bob" became upset and jealous, because I was hanging out with "Jason". This is incredibly immature on all counts, but it may help you guys.

I was on Jason's computer and I checked a couple of my email accounts. Mistake number one.

Since Bob was mad at Jason too (I do not know Bob well at all...never spoke with him since then), he allegedly dropped a "worm" on Jason's computer through an email attachment (as reported by Jason). He then got my passwords and messed with my accounts. He did email me back with the correct passwords and told me to never *&^% with a hacker. I changed all of my passwords. Jason bought a new computer.

Since then, I have had my yahoo passwords changed on numeous occasions. I did change my verification questions, and they have not been changed since.

Jason told me last week that Bob sent him an email with copies of emails that I sent to other friends of mine, basically telling him that I was not a loyal friend. Jason said he deleted them, but did quote some of my emails accurately.

Bottom line, either Jason or Bob have access to my accounts. They live in a different part of the city than I do, so unless they sit outside with surveillance equipment, I don't know how they can get into my business.

I don't want to even mess with Bob...just get my stuff fixed and let him play tricks on someone else.

That is why I don't think an IT guy from work put it on my compter, it was one of these guys.

I have checked my keyboard...no external connection.

I have not seen any suspicious hardware to my router, but I will look

I hate to say that this type of thing occurs with grown men. Bob, apprantly has no life except to look into other's business. Sad, if you think about it. I am no longer part of that situation with him, but Jason said he started sending emails to him again. Jason claims that he has since blocked his address.


Bottom line is that this started because some guy did not get the attention he wanted so he decided to be nasty.

I hope this helps. I will read your responses. Thanks again!!!

 

Mike,

If you want to understand if you need to do anything, you have to break the problem down. You last message provides a flood of detail, and some of that would have helped at the outset to provide some additional context. Also, use Occam's razor in considering options...

With respect to e-mails - as I already asked - Is your email client local or web-based? Is there a sent folder on the web? If the e-mails that you sent were composed from a web client with a web based Sent folder, that would point in a different direction than if you knew that you composed them on your home PC with a local Sent folder. Maybe you're not sure, fair enough. But the two options are highly divergent - one points to an insecure web account, the other points to an insecure local PC - they require vastly different solutions.

With respect to the router - just make sure that remote (WAN side) administration is not enabled, that the wireless is secure, and don't worry about it.

Sometimes when all these applications are coming up empty, it's for a reason and the reason is that the problem lies elsewhere. Your acquaintances have pulled some sophomoric BS... nice crowd that you hang with..., but it sounds like you basically handed the needed information to them. I realize that wasn't your plan.

Before going further, are you certain that you are still experiencing current issues and that it is simply not the continued fallout of past events?

Blue

 

I did not know the details would be so helpful, but I will try to answer your questions.

Firstly, I use yahoo as my email. I do have a sent mail folder, which I have been starting to delete. I am not sure if this answers your questions, but I am not as eloquent in pc lingo as you. Also, an account that they were logging into is a dating account (such as eharmony...) They were messing with that account too.

I called SBC and told them about the problems. They said that they did not see any suspicious activity on my account, and stated that all of the computers using the account were from inside my condo.

I live in a condo that is full of older people...unlikely hacking into my email.

SO...I am not sure how you would know if it was a faulty/leaky pc vs a weak email. I dont' know how to answer your questions as you write them.

Thanks

Mike

 

Hi Mike

I am NOT an adviser/helper here, but have read your thread with interest. I was more or less in your situation about 15 months ago, but the real difference is that I'm no longer working and have been able to spend hundreds of hours simply investigating the mysteries of 'computing' and all the bad things that happen on the Internet.

Others have often said to me 'on-line' .... "Google is your friend"

What they mean is that you can often learn a great deal simply by 'Googling' on a specific word. For example, just Google on WAN - something you said you didn't understand earlier in the thread. I get 56 Million answers!

Probably more frightening, though, if you haven't ever done so, 'Google' for 'mikeinstlouis' - I now know 454 snippets about you and know what you have said in other forums etc (I had no interest in reading them, but your 'friends' may have done!).

Similarly, you can carry out the same exercise on anyone else posting here (including me!) or anywhere else that you have been before!

It took me a while to discover this - it might just be helful to you (and others who may be as naive as I had been!).

David

 

Very true, and it can be scary to the naive. However, it is a big World out there. www = World Wide Web. In my case, ThunderZ, turns up about 21,600. The majority of which have nothing to do with me at all. While mikeinstlouis has narrowed down his possibilities considerably by giving a name and location there still could be more then one. While you make a good point on on general privacy considerations it may be a bit OT for this thread.

 

Your account activity will be associated with the IP addresses of the computers using it. SBC is saying that there is one address associated with your recent account activity and that is the one provided to your router (you laptop, decktop, and any other PC connected to your router will get private IP addresses from the router). If someone is genuinely logging in, they are either physically using your PC's or wirelessly connecting to your router. Thus, for the Yahoo account, nobody is logging in from a remote location.

However, you go on to mention eHarmony. You basically have to ask them the same questions that you posed to SBC. Go through the same explanation and ask if recent logins come from a single originating IP address. Home user IP addresses are dynamic, so they can change over time, but they are stable for reasonable periods of time.

Your extrapolation regarding your living situation is likely correct - your neighbors are low probability hackers.

Finally, what specifically does "They were messing with that account too" mean? Were they posting from it? Responding from it? Actively changing the password or does the site provide for a facility with which a user having trouble logging in can arrange to have a new password created by the service provider, which is then sent to the registered e-mail address associated with a specific account name?

Blue

 

Possibly they got your eharmony information right off the yahoo emails from eharmony. Maybe something to consider. If your HiJack This logs are clean, chances are your PC is clean. Unless you have a rootkit installed.

http://www.f-secure.com/blacklight/

The above is an easy anti-rootkit scanner to run. Just because it comes up clean doesn't necessarily mean you are clean. But then that most likely isn't the problem.

I think it is unlikely that anyone dropped any "worm" on anyone's system in your scenario. I imagine he got physical access to your friends machine, and used a password sniffer, or the login details were stored on the machine. His comment about Zone Alarm is telling. Either he really knows his business, which I doubt by his level of maturity. Or he is just full of bravado and is talking trash.

That said, the problem, as BlueZannetti has pointed out, could well be an insecure web account. And if you are changing passwords, again as Blue pointed out, are you still having problems?

 

I have changed my passwords, but not web accounts.

The eHaromony thing was basically a password change, and quoting messages went back and forth...obviously able to read my mail from there.

 

How about the Google Toolbar? Do you anything Google on your computer? I know someone who had all of their hotmail emails read via some sort of google application that a colleague put on their desktop.

Please check for the google toolbar or any google applications and uninstall.

 

We all take differing views, ThunderZ !

Mike may not be naive - but he appears to be a busy doctor and may not have realised that this information about him is available for all to see. One of his 'friends' may have discovered information without ever needing to 'hack' his PC.

I therefore assessed my comment as being ON topic

David

 

Thank you Boater Dave. If I were an expert at all of these things, I would not be here on this forum.

I do realize that there is a wealth of information out there on mikeinstlouis...but who cares?

I am asking for help. If the thief knows that I am out there looking for help, how does that change anything?


How does someone googleing "mikeinstlouis" help me with my problem? How does it worsen my problem? What does that even have to do with my problem?

The REAL problem is how do they know that it is MIKEINSTLOUIS


I have stated that I did not understand much about the router situation. Sure, I could google it, but the truth is that I don't have the time! I am a busy doctor, I came here for help.

Aside from the wonderful suggestions of software programs that have been suggested to remove keyloggers and rootkits, (THANKS!, some GREAT suggestions!)

Other than the fact that somehow, someone may be hacking into my system via my DSL/router (which other than me calling SBC, no one has given me recommendations on how to check other than to GOOGLE and read the 52,000,000 hits)

And besides the fact that I admittedly am "naive" and don't know all of this (which I always thought was the point of a help forum)

WHAT MORE CAN I DO


To those who have been offering helpful, friendly advice, I thank you. For those who write nothing but belittleing comments and things that don't even relate to my question (ie NINTENDO!!!!), it is ok if you don't try to help me out.

Once again, to the legitimate folks out there helping...I appreciate it. Any further advice?

 

Assuming that:
1- Your computer is clean
2- The problem isn't at work
3- Wireless Router isn't a problem since no hacker lives next door

The problem is when you check e-mails elsewhere, like friend's place, public place, etc., that keeps password or something.

Maybe the solution is already met:

1- You've changed all passwords
2- You don't have the same password for everything
3- The password isn't the dog's name
4- You've secured the wireless router to be on the safe side (advice above)

Be careful from now on, and check if the problem persists. It shouldn't.

Note: i'm no expert, just trying to settle this. If anyone disagrees with this, that would be a good 2nd starting point

 

You can try using any of the online scanner programs listed on my signature line. No guarantee that they will find anything, of course. Your system could be compromised through an external means. I would post a Hijackthis log on another help forum to see if anything odd shows up on your registry. There are too many variables that come into play when you go online or access a network. If you are really paranoid and want to monitor every step that your computer performs when you use it, there are many programs that will do that for you. But being someone from the medical field, that may be very annoying and time consuming. I was a previous Pre-Med who later got into Computer Science. E-mail and P2P services cannot be made completely secure unfortunately. Hopefully, you will get at the source of who is accessing your accounts.

 

Gee, I thought I did. Above, I noted:

Expanding a bit..., at some point I assume you logged into your router. The manual that came with it will explain how to do that and if that's not available, go to that manufacturer's website and download the pdf manual.

Hopefully, the first time you logged into your router, you changed the default password. Remote administration is generally disabled by default, but log onto your router to verify this is currently the case.

As for the wireless side, read the details regarding WEP/WPA in the manual and enable WPA or whatever is available on your hardware.

Based on what I've read, I'm not sure there is much. Given the software arsenal that you have examined your machine with, it is difficult to believe that it is infected. The one caution that I would again note is that many surveillance type applications are commercially valid applications and therefore may or may not be flagged. This is extremely unlikely given the set of products used

The basically leaves other paths if this is a continuing problem.

However, if you feel that you still have an issue with one of your machines, get ahold of a local professional who can personally assess your machine, computing habits, and so on. There is no replacement to having physical access to the machine and a pro will be able to pull the drive on your system, slave it to his/her own, and examine it under very controlled conditions. This can be a pricey solution, so it comes down to using your time and getting expertise or your money with someone else's expertise.

Blue

 

Mike

I wasn't in any way trying to confuse/obfuscate, simply remind you that on many of the forums 'helpers' often use terms with which you (or I!) do not always fully understand.

Google is good to quickly determine an answer. If you carry out a HijackThis scan yourself, you may copy one 'entry' yourself (any line of text/numbered entry) from your saved scan and then paste it, just as it is, into Google. It is amazing what you can find!

Another very useful site is www.Answers.com - using it can help relieve the stress which I know you are feeling, simply by quickly explaining a particular term - like WAN, for instance. Try it and see.

As I mentioned before, I am NOT trying to pretend that I can help you solve your problem - I'm still not absolutely sure about my own desktop PC even now, yet it's 18 months since my identity was stolen on-line (PayPal/eBay). The perpetrator, in follow-up emails after I'd had my money back from PayPal, knew everything about me - my name, my wife's name, the name of my adult daughter who was living with me at the time, when I bought my house, how much I had paid for it, my full address and the name and phone number of my next door neighbour! ... and, of course, my email address.

And I had thought I was being extremely careful!
I'm currently posting from my wife's newish Laptop!

I hope this helps you just a little. The experts here will, I'm sure, help you much more if you 'stick with it!' ...... but waiting seems like an eternity, doesn't it?!!

David

 

My final thoughts......

Whether your wireless connection is the source of the leak or not I would still advise reading (as was mentioned) the instruction manual that came with your router (not modem) as well as the manual that came with the laptop. There should be a section concerning the wireless capabilities. In particular look for a reference to WPA in both and how to enable\use it. You may not live in "Crackers Cove" Condos . But it only takes one curious visitor with a laptop and a little knowledge, or, the term War Driving comes to mind. I have dabbled in it. Never for\with malicious intent. You would be amazed at the places I was able to gain access to the Internet from via an unsecured access point (router) . Never went any further then that, but could have. This was using only my old t21 Thinkpad with a simple wireless G card. With the equipment available legally on the Internet, as well as free software the sky would have been the limit. Best of luck resolving your issue. I will continue to follow this thread.