Sunday, December 13, 2009

Spying

I didn't tell the full story of why I became so paranoid about cyber-spying last week.

I received an email message allegedly from Evelyn Pringle, the author whose investigative pieces on Tony Rezko and Barack Obama I discussed in several posts published in 2008. I corresponded with Pringle a few times, though the messages were never substantive or sensitive. Her email address was lodged somewhere in my Yahoo email account -- and presumably my address was in her account.

The new message from "Pringle" contained nothing but a link. The link went to a web page selling consumer items. I had never seen that particular site before, although we have all seen that kind of site. I closed the page within a few seconds, then studied the Pringle message more carefully.

It did not come from the account of the real Evelyn Pringle. Someone was pretending to be her.

After that odd incident, my computer began to act very strangely. Among the strange happenings: I had to press "publish" or "reject" twice when moderating comments. I got the hinky, uncanny feeling that someone else was reading those comments, even the ones that were never published. (The vast majority of these are spam.)

As you know, I also received a message informing me that other people were logged onto this computer.

Thus, a total re-install on a new HD. Took the whole damned system apart. Got everything perfect -- then saved an image to an external drive so I can re-attain perfection within half an hour. Ever since, Blogger has been acting normally.

The "Pringle" business haunts me. Maybe someone learned of my respect for her work by reading old blog posts. More likely, someone hacked into either my Yahoo email account or hers. My account was apparently hacked once before -- and a year-and-a-half's worth of messages were deleted, or downloaded onto someone else's system.

Naturally, I changed passwords, and I've loaded even more anti-malware programming onto this system.

Forgive the rant, but what happened to me may happen to you. Alas, few people these days care much about internet privacy.

At least people are starting to wise up about Facebook. See here and here and here.The last link goes to the Electronic Frontiers Foundation:
The Ugly: Information That You Used to Control Is Now Treated as "Publicly Available," and You Can't Opt Out of The "Sharing" of Your Information with Facebook Apps
Facebook has eliminated users' ability to opt out of sharing private information.
These changes are especially worrisome because even something as seemingly innocuous as your list of friends can reveal a great deal about you. In September, for example, an MIT study nicknamed "Gaydar" demonstrated that researchers could accurately predict a Facebook user's sexual orientation simply by examining the user's friends-list. This kind of data mining of social networks is a science still in its infancy; the amount of data that can be extrapolated from "publicly available information" will only increase with time. In addition to potentially revealing intimate facts about your sexuality — or your politics, or your religion — this change also greatly reduces Facebook's utility as a tool for political dissent. In the Iranian protests earlier this year, Facebook played a critical role in allowing dissidents to communicate and organize with relative privacy in the face of a severe government crackdown. Much of that utility and privacy has now been lost.
For chrissakes, just AVOID the thing. You don't need it! The only information you need ever share with the world is a shout of defiance: "I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered -- OR DATA-MINED!"

NEVER USE FACEBOOK FOR ANY REASON. If your friends use Facebook -- subject them to ridicule!

30 comments:

MrMike said...

Got anybody you can trust that knows computers inside and out?
Give them your old hard drive to go thru for viruses and malware.

Alessandro Machi said...

I think sneezing on the old hard drive can kill the virus as well.

John from Liberal Rapture said...

Joseph,

This is an important post. I've received emails via Liberal Rapture that are from my address book asking me to click on a link. My suspicions were raised and I did not. You've confirmed my hunch.

After being told last year via email to "off myself" on more than a few occasions because of things I said on my blog I almost never click a link in an email.

Anonymous said...

"NEVER USE FACEBOOK FOR ANY REASON. If your friends use Facebook -- subject them to ridicule!"

Done!

Anonymous said...

I have equal respect for Evelyn Pringle. I read her series last year with fascination and horror.

Weirdly enough, I had something tag me two weeks ago, presumably an alert for a virus attack that was masking as a Microsoft alert [but it as slightly off in presentation]. According to the original message I was loaded with Trojans and 365 other destructive bugs.

I managed to close the alerts and blinky signals [not an easy task] and then ran a full scan through my current virus and malware system.

Everything came up clean.

Lots of nasty, seductive stuff out there. Particularly for people not getting with the game plan. Or going on sites without comrade compatible opinions.

Welcome to the New World!

Joseph Cannon said...

Anon -- what you came across there was a classic come-one for a fake anti-malware (or "rogue antispyware") program. The ads tell you that you have all sorts of problems which that company's anti-malware product can solve. If you pay for the product, you have just paid for a crappy product. If you get the product for free, the supposed "anti-malwre" tool will actually PLACE trojans on your system.

Perry Logan said...

Can I keep using Facebook if I take time to ridicule myself?

Not to minimize your very disturbing message. I, too, have had a few odd experiences--suggesting someone or some thing was sending out messages, posing as me.

I am saved from breaking down my PC and recreating it only by my utter inability to do do. Whew!

It does appear that privacy is a thing of the past--unless you want to expend considerable time and effort to get out out of the Matrix, and still more time and effort to staying out. We're as paranoid as we were in the 60s, and rightly so.

Anonymous said...

Those fake anti-malware programs are like paying the mob for "protection."

They infect your computer then want you to pay them to remove the virus they planted.

You can bet their "cure" will make it easier for them to infect your computer in the future.

beeta said...

I don't use facebook and I don't tweet but I heard something on Rachel Maddow's show the other day about facebook that was interesting. Apparently there is a popular video game (I only started paying attention in the middle of the story, so I may be wrong about somethings)that requirs you to collect points to win and there are ads? or links? on facebook that tells you to click on something if you want to collect points for this game. When you click on the link/ad? your name gets added on a petition that is sponsored by a group? that opposes health care reform.

Anonymous said...

your last post on this subject prompted me to post that I have had a lot of experience with this. Plus I mentioned having problems trying to post on that article causing me to want to send you an email. I'll look over what I have and send it out over email. The subject matter is complex and it's been a challange to simply the techical part so everyone understands.

Please be advised that there isn't any commercial software available that will "dig out" the high level problems that are found with this. Virus's and trojans are common and there is software to help spot and remove these. But what I'm talking about is a heavy modifcation of the Windows program where the criminal code becomes part of the Windows system.

You can if you want to spend a lot of time digging around with the right tools, find part of it and remove it. But they will quickly come back and reinstall it all over again.

Hopefully I'll post soon. Please feel comfortable with asking questions.

Marty Didier
Northbrook, IL

Anonymous said...

Part 1a

Note: Windows messages can be defeated by code designed by Intruders. Because you saw a message means you were lucky!

1: Testing for Intrusion and setting up systems for maximum privacy.
Testing for Intrusion
Repeated intrusions allow learning HOW they intrude. Our normal work environment doesn’t allow for us to easily spot intruders, there are many reasons. Changing our work environment increases our safety but may make intruders interested in you.

Intruders want secrets
Intruders are scared of getting caught and need reasons to intrude. Providing juicy secrets makes them tenaciously persistent and allows for learning how they intrude. If you work on sensitive (to them) stuff, you’ll be very attractive.

Change work environment to maintain privacy
If running a standard setup, you’re an easy target for intruders. Securing yourself for a high degree of privacy requires changing how you work. Commercial security software doesn’t work, they already have workarounds.

If you’re composing and researching, you’re using MS Word saving documents to your hard drive and have a high speed internet link. Having a dial up link doesn’t escape intrusion because they will intrude when you’re off the Internet. More on this later…

One problem with intruding is if they don’t like what you’re working on, they’ll change it. Large document files are difficult to spot changes. As you know, editing documents can take less than a second using “find and replace”. So it’s important to design your work environment so you can secure data with each step. It’ll take more work but in the end it’ll be what you wanted.

I run two systems. One is linked to the internet all the time and is built for safety. The other doesn’t have an Internet connection, yet they intrude all the time. More on this later too

My internet station is a library computer system. I’ve been forced to use library computers because all of my other computers have been either corrupted or burned up to force me not to research. However the libraries deal with corrupted software all the time and some have devised interesting approaches to resolving the problem. The better idea uses large hard drives and re-images their Windows areas with each reboot. This supplies a fresh virgin software environment for each work setting. I use a combination of Floppy disks and a Flash drive for retrieving special data and storing research and generated data.

Consider saving an additional drive image to another storage device, perhaps another flash drive. Intruders have been known to change the image map file too! Nothing is sacred! Having a backup image map file will allow you to sleep at night.

I have important very basic core documents that are used daily. It’s vital that these are in good condition so they are stored on floppy disks. Also, my research files that store addresses for review topics are also stored on disks. All disks are set for “read only”. Whenever they were available for editing, someone has always changed them around. This would set my research back. Now, I can hear them trying to make changes to the floppy drive.

Anonymous said...

Part 1b

Set system up to help surface intruders is important
Start by getting rid of Windows backgrounds and set your system up with a black background. This should maximize the screen contrast. It’s important that you go to the highest pixel setting you can work with. Something around 1024 by 768 pixels is a good start but higher is better. Maximizing content on your screen with many windows is the goal.

Why: Our CPU’s make decisions one at a time. If someone is inside your system, the CPU has to split its work to service your system and theirs. That means, for your screen it runs slower basically around half speed. Also, if you have two other Intruders inside, the CPU for your screen even runs slower. The benefit is shown when you’re doing normal things with your system. The slower response speed shows up immediately and you’ll see it. When doing your work in smaller windows and layering them on your screen, try moving one of the windows around. You’ll notice that the picture of the window prints in separate pictures. The faster the CPU works to update your screen, the smaller the steps of printing the window. When you have others in your system, the update speed is slower hence there are larger steps between printing of the windows. This is really easy. Having a good contrast on your desktop will show up everything. Having a background and different colors doesn’t. The higher pixel count means the CPU has more data to print with each update. This forces the system to work harder making it easier to spot when someone is intruding.

It’s important to make sure your hard drive can be heard when it is running especially when the hard drive pickups are hunting for something on the drive platens. Usually drives have more than one platen and each platen has its own pickups. So it has the ability to generate enough noise to catch your attention. If your drive is quiet, move the drive as close to the front of the computer as possible. Plus if you can, remove the front drive cover so you can hear it better. This is important.

Why: Intruders often search drives for specific data. They often use modified search engines that run quietly as they try not to be noticed. They like to be tricky but if you can hear the drive hunt for something while composing and it shouldn’t be hunting, then you likely have an intruder inside looking around. A common Windows system hard drive can have around 100,000 or more files so looking at these files will take time.

Look for abnormalities with icons or anything that appears different than what it should be. This may mean you have intruder installed software. OR an intruder is currently inside and your system is reacting differently. If you setup your workspace each day do it the same way all the time. Intruders get bored and will want to play games with you. This will also tell you someone is inside.

Using MS Word
If you use MS Word, realize that Word is built on a language engine called Word Basic Language which intruders write code that helps them manage what they do. Word Basic is a very powerful language and can manipulate your system down to very low levels. So after affected by an Intruder, when opening up Word, immediately functions are added to your Windows system to automatically assist the Intruder with what they do. This can include rebuilding the Windows system to where you won’t ever detect what they did.

Anonymous said...

Part 1c

Alternate to Word would be to use WordPad first, then Word later
Running Wordpad would eliminate the problems from running Word at a cost of using a trimmed down editor. An option is to compose using Wordpad then edit it later in Word. The files produced are smaller and more controllable as the Word files are huge in comparison. Intruders add destructive code to Word files. When opening a Word file in a different system that’s infected, it will change your BIOS. The next time you run the system, it completely burns up. Beware that saving your Word files to a flash drive can mean that these Word files may contain destructive code. This may require adding another step with reviewing the size of the Word files looking for a larger than normal file size. This is why it’s important to use WordPad on the Internet machine and later use Word with your non-internet machine for editing. But remember that even still the computer isn’t connected means they can enter in this system and do harmful acts.

Summary:
· Setup and arrange the work environment for maximum privacy.
· Setup your system to show intruders
· Use Internet and non-internet connected systems
· Use Flash drives for storage with backups
· Use floppy disks for core reusable files, set for “read only”
· Use WordPad for composing and store on flash drive
· Use MS Word for editing on non-Internet computer
· Compare to insure data hasn’t changed.
· Look for signs of intrusion.

The intent to change my work environment to surface Intruders came from losing expensive equipment and data. My business was destroyed along with a lot of equipment.

Marty Didier
Northbrook, IL

Anonymous said...

Joe, there are three posts.
1: Testing for Intrusion and setting up systems for maximum privacy. (Posted Today 12-14)
2: Hardware Intrusion Explanation
3: Different Types of Intruders and Systems

I'll enterain question after the final post.

Marty Didier
Northbrook, IL

Zee said...

Marty, I wish I knew enough to question all the inexplicable stuff you posted. All I know is that a friend of mine's email showed up this weekend with a link and no text. She's a writer and NEVER posts a link without a lengthy explanation of what she's sharing. I didn't click on it and wrote to her. She replied it went to all the people in her email list and was to a Canadian pharmacy. I told her to change her settings on Facebook because Google was mining it...I got another spam from her email and then my entire email system was whack and I lost a lot of irreplaceable emails, plus have no idea if my own email list is now infected. I was furious. She just sent another email with the subject heading that the Boston Globe has an article today on malware:

http://www.boston.com/business/technology/articles/2009/12/14/malware_targets_facebook_twitter_users/?comments=all

I had to look it up myself because her email was garbled. I wrote back to her and said remove me and my info from ALL of your contact listings if you want to waste your time with Twits and Facebook! I said, I TOLD you to change your settlings and password. Spam is one thing. Bad enough. But something else is going on and I have a MAC so I don't understand how I could get infected with this Google Facebook shitola.

Hoarseface said...

My policy is generally not to put my name or real personal info on my computer anywhere that I can avoid it. Same goes for yahoo/gmail, anything else that doesn't involve transfer of funds. If it didn't cost extra I'd get an unlisted phone number. Until the last time I moved, a year ago, I never left a forwarding address at the post office. If I haven't personally provided another individual with contact info, chances are I don't want to be contacted by them. I'm surprised I seem to be in a rather small minority...

BTW, good idea with the back-up image. I run mine a couple times a year... anytime things start to get hinky. I don't even try to fix problems of any difficulty - just reformat, restore image, presto. Works every time, plus your system runs nice and smooth again, like new.

djmm said...

The situation you describe happens frequently -- a virus takes over the address book on an infected computer and sends out e-mail that appears to come from that person's address. I don't click on any e-mails with just a link or a message that does not appear personal to me.

I use Spybot and other like programs. I get the odd commercial for stuff I don't want but I delete without opening. Good luck!

And I have avoid social networks: "I am not a number -- I am a free person" and plan to stay that way. (Even if my friends laugh at me for it.)

djmm

Anonymous said...

http://www.youtube.com/watch?v=ZgyJvLG8gfY&feature=youtube_gdata

purenoiz

Anonymous said...

The fake e-mail might have taken you to a site with some kind of "drive-by" exploit that's not covered by your security products.

I don't know your security set up and it's probably best that it stays that way. My own recommendation, for what it's worth, is always to have your Internet-facing applications sandboxed. If any malware or iffy changes to your machine's configuration slip past your antivirus and OS protection, they'll be deleted once you close the application.

I use and heartily recommend Sandboxie at www.sandboxie.com. I have no affiliation to the product and am just a very satisfied user.

Mike Rogers

Anonymous said...

Thanks for the comments. Remember that my system of computing comes after years of fighting with the nastiest intrusion ever. What I learned is how to protect what I have a little at a time and it has left me with confidence.

But there still is more to talk about as I have two more parts equally as large to post. The problem we are faced with is much worse than just standard computing and it opens the doors to explain what else is happening.

Currently I'm trying to finish up the last two parts which should be ready soon. Please stay tuned.

Marty Didier
Northbrook, IL

Anonymous said...

Besides dealing with ongoing intrusion I also have to deal with damage to my cars and other personal things. Just recently, according to my mechanic, someone punctured my radiator and A/C Condensor with a large screw driver. After filing a Police Report and insurance claim, the car is in the shop. The two other Parts to my post are nearly done and will be posted here.

Pleast stay tuned...

Marty Didier
Northbrook, IL

Anonymous said...

Part 2a
Part 2 of 3: Hardware Intrusion Explanation
Ports….
Our computers have many communication ports to access data. Throughout the development of computers ports were the only way to link and exchange data other than using floppies. Serial ports were often used whereas USB is used today. Parallel ports are two way but were mostly used for printing because of the transfer speed. When scanners came along parallel ports were used in a two way mode allowing transfer of images to the computer hard drive. Inferred Transmission (IR) has been common with Mice and Keyboards eliminating wires. IR acts much like serial ports do where one wire or communication stream is used.

Common Networking Ports:
My explanation briefly discusses two types of Networking Ports; Common and Uncommon….
Common ports are Ethernet http://en.wikipedia.org/wiki/Ethernet (RF based with coaxial cable and without), ARCNET - Token Ring - FDDI (old and obsolete), Wireless, USB, (SONY)Firewire and “others” being uncommon, are used today.

The Technical language can be confusing especially when standards are offered, please focus on the point that we have common ports in use today.

Uncommon Networking Ports:
What is concerning is how uncommon ports are being used. We as citizens being consumers aren’t aware of these uncommon ports. We don’t know HOW they link up to “other” networks and we don’t know WHO uses them and for WHAT purpose. This will be explain more in Part 3: Different Types of Intruders and Systems

Automatic Computer Setup:
Most electronic systems have AI (Artificial Intelligence) built in. In this case, it works with the hardware and software to automatically rearrange settings to make the system operate properly without user involvement. Thus need for technical assistance is minimized. The elimination of switches and buttons means hard wired connections are now software controlled. This also means “settings” are easily changed without you knowing. An example is that although your system has built-in wireless and you turned it off, doesn’t mean it’s really off! The indicator lights can easily be turned off while the function is still on. Remember sophisticated Intruders don’t want you to know what they are doing.

My MOTTO: “If you have it installed consider that it’s being used”:
The best is to electronically disconnect the hardware to insure it’s off. Also if you have a communication ports card installed, think about pulling the card. In some cases placing grounding plugs in the port will stop it from being used.

Anonymous said...

Part 2b
Extreme Hardware Snooping Example:
Offering a few examples may explain how seriously extreme the intrusion problem is….

After my desktop was burned out, I was forced to use a small handheld computer. The destroyed desktop didn’t have wireless hardware or an Internet connection (Internet not at home), I did have an Ethernet card installed.

The small hand held computer is a HP 620LX. It’s from 2001 days and was upgraded once with a new ROM card from HP and multiple software upgrades over the years. It has one USB port, a PCI card slot and flash memory extra slot. It runs CE Windows with Word and storage capabilities. The surprise was that I was being intruded but where was it coming from? After finding intrusion, I removed all hardware that could have supported intrusion, so the unit was back to bare bones. And they still broke in consistently! So without any ports, how was this happening?

I didn’t have the Internet but I do have Comcast Cable, which includes the Internet. We only use the Digital converter box for our older style TV and don’t use the high function Comcast Box.

The tip showing intruders was with exhausting the battery 80% faster. Plus depending on what they were doing, the computer’s functionality degraded quickly as well. Side note about battery life – witnessing your battery exhaust at a faster rate works with Cell Phones, portable land phones and other electronic devices that are battery powered and able to be intruded.

After awhile it was noticeable that they were taking data, changing the Operating System code and even upgraded my Solitaire game. God only knows why the upgrade? They were using the installed flash memory card for storing their new code along with startup changes for the operating system. Once I removed the memory card the computer reset back to normal.

Someone recently gave me a Dell computer. This computer already has had the drive remapped once because of software corruption from intrusion and remember I don’t have any Internet connections. It’s an ongoing battle for me.

The above example suggests other “connecting” problems supporting intrusion exists. My experience is that you can’t stop them! They keep coming in no matter what you do but you can minimize their ability to intrude.

Wireless:
For convenience reasons, Wireless is a blessing. But Wireless has a serious evil side too. Realize that the best protection from intrusion is always with direct wire connections. Radio waves go everywhere. The reach on wireless is over 150+feet between a wireless card and a Homeport. Simple testing showed that Cable Homeports will actually reach out further then the cards will. The Cable Homeports have demonstrated to me that they also have a lot of built-in functionality making them very flexible for purposes of intrusion.

Something important to understand what a mathematical Matrix is. It’s a combination of numbers in rows and columns that have math relationships. Next, realize that residential homes are laid out on an average space of about 100feet from each other. Apartments are closer and staked on top of each other. Homeport reach and flexible functionality will make for an interesting discussion. More on cable intrusion in Part 3: Different Types of Intruders and Systems.

Testing laptops with Wireless surface that some have two wireless units built in, one seems to be a hardware backup. Is this an alternate Intrusion port?

Anonymous said...

Part 2c
Example of Wireless Intrusion: Three years ago a friend was trying to compose a long 30+ page letter to the Illinois States Welder Care Attorney. She had then a newer SONY laptop with built in wireless. She runs a Homeport connected to cable that connects to her phone line. Her home has a standard four wire phone line which supports two separate lines. Printing ability is linked to a wireless system which at that time was new technology. There were ongoing problems with intrusion focused on stopping us. At times the incidents became exceptionally hostile. From numerous computer crashes to errors we were being told “not to print out this letter”. If I’m not mistaken we ended up going to a printing place to print the document.

At the time I had an older SONY laptop WITHOUT wireless hardware. Normally I use a wireless card for the Internet. Unfortunately my Windows system was badly corrupted with criminal software. This disabled my ability from using the Internet. Every time it was turned on, I quickly had someone inside trying to stop me from fixing the software, so I gave up trying.

Ever try to get away from Wireless Internet Influence? Rural areas might be best but who wants to drive an hour out of town just to get away from Homeports? I ended up going to a large shopping mall near home. After checking around I learned that none of the stores had the Internet. However the Malls run Facial recognition systems. Since the criminal system is huge, it didn’t take more than 15 minutes before I had 6 men circling around me while I sat working on my laptop. It seems this criminal system knows me well. I was successful with finding many of their software files. It was interesting that they have the deletion of their intrusion software automated. I found icons used to install, delete and more. Getting nervous I soon left, but the next time I powered up my laptop, someone immediately came in and changed a number of things around.

My MS Word worked with generating her document. While testing our wireless ports, I ran my wireless card with a copy of hacker software available free off the internet for finding Homeports. It shows detailed identification information of who is within reach of me. This can be extended by adding a special focused antenna to the card which requires a special card with an antenna. For purposes of discussion the reach of some added antenna’s can go more than 25 miles. So if you live in a tall building it’s feasible to find someone miles away and steal their data.

This software also shows your wireless card and a backup if it exists. Keep in mind that I wasn’t as thorough as I would have liked with testing. But preliminary brief testing suggests many interesting things supporting intrusion.

Most electronic systems try to eliminate mechanical buttons and switches. They often break so changing this to electronic selection minimizes mechanical breakdowns. There is also an indicator light linked to the switch function letting the user know when it’s on or off. Please realize that any electronic switch where lights or otherwise are selected digitally, they are often compromised. Hence thinking your wireless is off because you switched it off doesn’t mean anything! Those who are intruding have complete control over your entire system EXCLUDING HARDWIRED switch connections, jumper connections and any mechanical connection; floppy disk “read only” window slider switches.

I moved my desktop system into the basement to escape a wireless link with a homeport unit or someone sitting outside my house. This seemed to work.

Homeports may possibly work together in a Matrix. Although untested but feasible as a theory, Homeports arranged as a Matrix may work together. An incoming Intruder signal may be able to hop from one Homeport to another until it reaches your system.

Anonymous said...

Part 2d
Methods of Intrusion:
For the Computer to run hardware ports, Software Device Drivers are needed. A Software Device Driver is special high speed code. http://en.wikipedia.org/wiki/Device_driver

You may be able to look at your Control Panel and see what communication settings exist, but remember that maybe compromised. Although complex, the Windows system is actually a Window where data of all sorts is updated along with other activities because the CPU can only make one decision at a time. This means there are opportunities to change HOW Windows handles individual updating and thus enable hiding Intrusion stuff.

Using Explorer, while investigating my system files, I ran across two different pictures oscillating one at a time of my file listing within the same suspicious folder. Somehow I disengaged the Intruder’s function for handling the pictures properly. That’s when Windows started oscillating between the two different pictures showing one with Intrusion software and one without.

It was noticeable that they rebuilt my Windows system purposely to hide the files and folders they were using. They did this by changing how Windows worked with the screen showing only common Windows files. Rebuilding the Windows software meant that my common maintenance software wouldn’t find the Intrusion software because it’s built in. Back then I tried different software but nothing worked.

There are ways to find it but it’s very tedious. It requires some code and system knowledge and it’s not for a novice. When I started to remove parts of it, they always came back and reinstalled it right away. This is why it’s best to run your systems apply a new virgin drive image with each reboot. This forces the intruder to reinstall their intrusion data package with each reboot and makes it easier to spot them. They use an Intrusion Data Package that explodes and installs fast. In the earlier days they were installing separate packages and fine tuning them. And also note that I’ve seen Drive Image files modified to include Intruder modifications. If this happens consider making a read only DVD of the Drive Image to recopy to the hard drive.

Beware as this can be very sophisticated and highly technical. My earlier attempts to protect my data led me to install removable drive hardware similar to what the CIA and FBI uses. I suspected they were breaking into my office at night so removing my hard drives allowed privacy. I had 6 hard drives to take home each night and coming in to the office each morning made it simple to slip the hard drive in and start up the system. Even my Network server had slip in drives. A special carrying case was required to make it easy to carry the drives in one case packed in foam.

The Intrusion and rebuilding of my Windows systems didn’t end. When problems developed instead of rebuilding the drive, I purchase larger drives, putting the infected ones to the side. Much later I decided to research into what they had been doing. The older no longer used drives shows a history of their development that offered a good explanation of what had been happening.

Using Internet Hacking Tools, a DOS start up disk and setting up my infected drive as a slave to clean Master helped define more funny business. There were hidden drive partitions with compromised drive size results to hide any attempt with sizing the drive. Swapping drives around was simple with using the plug-in drive hardware. But I shut down my office and it took me weeks to learn enough to satisfy my interests.

Anonymous said...

Part 2e
Methods of Intrusion, Continued:
I found many things. Earlier I installed a port sniffer which is a well built Device Driver that sits on a port and logs all incoming and outgoing IP addresses with brief descriptions of tasks. It’s interesting that without knowing I had installed a version before the Intruders learned of it and later it produced listings of IP Receiving addresses on a couple of machines. However please note that later the Intruders did learn of what I did and defeated my installs when I upgraded to a newer port sniffer. One thing I didn’t test but feel does work is the older version of the port sniffer I used wasn’t able to be defeated but all the later versions were. I found this a little puzzling since is suggested something else may be playing into the reason why a newer version worked and an older one didn’t. But since I had enough information on the IP addresses I didn’t look much further into this.

A common point to look for with your Windows folders and files is for the same creation and Install file dates! I expect questions, feel free to ask. Playing with my system was simple since all I had to do is add a “-“ before the Folder name. This took out the folder from being executed and allowed me to view what that folder did to my system. I believe that some time later the intruders defeated this trick by calling on their software within each folder making Windows tell me it wouldn’t allow me to change the folder name because files were being used.

I sincerely doubt any of you will want to spend endless hours searching for needles in a haystack as I did. This is why it’s best to follow along with using two systems and remapping your drives with each reboot. Then be on the lookout for signs of intrusion.

RFID:
RFID technology has been around for decades. It’s currently available in devices as small as a pencil eraser or smaller. There has been talk on the Internet of this technology installed in a chip that can be inserted under your skin. This technology doesn’t require batteries and the power to drive it comes from demodulating the incoming main RF wave that is then converting to DC power. This technology is widely used by the Tollway systems. It’s also used in manufacturing and ID automated shipping systems by people like Walmart and others.

Regarding our electronic systems and Computers, these devices are installed into our electronic computers or Home entertainment systems as a circuit chip while the main boards are being assembled. By design they allow for link-ups with other outside systems.

Our problem is that if you look at the circuit board you wouldn’t know what is. It can be installed in anything even hot water heaters to turn off the gas during emergencies by the Police or anything where they are installed. They are easily accessible with the right outside devices and can transmit data back and forth from the system it sits on to the outside controlling system. More on this in Part 3….

Summary:
• All computer systems have ports to link the outside world to exchange data.
• To minimize intrusion, minimize hardware links by removing hardware or grounding ports.
• All indicator lights and switches that are digital can be compromised.
• Intrusion methods are technically sophisticated by design and built in to Windows to be undetectable by commercial protection software.
• Intruder software scrubs clean its path to make it even more difficult to spot.
• Best method I found was to play around with the Windows files by removing suspicious folders with renaming the folder name along with using a mix of hardware swapping and Snooping Tools.

Next - 3: Different Types of Intruders and Systems!


Marty Didier
Northbrook, IL

Anonymous said...

Part 3a of 3
3: Different Types of Intruders and Systems
For purposes of clarity I’ll separate Intruders into three categories. Realize that there are many different highly technical skills needed to develop a Windows System. Beginners often have a more narrow technical understanding and the least amount of skills available. However the Professional skilled group would possess a very wide technical understanding of the more involved skills needed. This may be the “cream of the cream” with abilities and skill levels in software development. Why they are involved is because it pays so well!

Less Skilled Group:
This group normally uses remote software to enter your system. This approach has the highest software overhead and runs the slowest so it’s the easiest to spot. Intruders need hooks within our system to link up with. This requires installing hooks earlier often using bogus email and directing you to a bogus website as an example. I’ll call them beginners.

Semi-Skilled Group:
This group uses newer techniques sometimes with remote software. They are expected to be more menacing since they have more experience. The software used is probably an older version and it’s possible that some newer commercial fixing software may be able to find it. In all cases though, our Windows systems often has more than 100,000 files and it’s better to remap the hard drive then look for the needles in the hay stack.

Professionally Skilled Group:
This group is most professional and very highly skilled. They use back doors built within Windows. This approach uses the smallest code overhead, runs the fastest and is most difficult to detect. My work around is to load up the screen with many Windows to stress the CPU. Then occasionally while sensing someone may be inside I’ll abruptly move one Window around with the curser and see how it prints on the screen. Slow printing shows large steps between each printed window as opposed to fast screen prints shows small steps between. When you know what to expect from your machine, you’ll notice the difference. Another hint is machine command responses with be slower than normal.

This group will rebuild your Windows system and while doing so erase their path making it most difficult to find them. I’ve found deleted files sitting in the Recycle Bin as an example but this group will make sure everything has been cleaned up.

A note about System Development…. Usually when developing the cleanup stage is at the end if it ever comes to be. I’ve seen Intruders leave a huge mess which was helpful to learn more about what they were doing. Up to now, I haven’t seen what would be a clean Intruder software install.

Anonymous said...

Part 3b
Comcast boxes:
I read through some of Comcast’s patents on their Cable Box. Interestingly enough they have a camera and microphone installed as part of their design. Normal these microphones have a 50 foot reach that can pick up whispers. Their cameras from my experience will pick up a lot of detail. We only have a digital converter for use with an older TV set however this box has shown to have equal functions as the deluxe does. Although I haven’t tested other makes or Cable units, my suspicion is they are the same as Comcast.

An example of trouble and testing…. Last year at a friend’s home, I had problems with Computers, new SONY flat screen TV and video players all at the same time. For some reason nothing wanted to work. My friend told me that the remote upstairs was changed so every button would turn off the TV. There were two remotes for me to test. No matter which one I used, they were programmed the same way to screw everything up. This told me programming changes are stored in the TV and not in the remote. Typical connection is the TV signal is fed from the cable box, so any changes came from the box.

The system layout had a deluxe cable box on top of a stack of two video combination (DVD and VHS) players under the SONY Bravado TV. Connecting only the cable box to the TV ended up with the same results. Connecting only one Video box ended up the same with the Video not working. The video box worked as though it was confused when trying to play a DVD. I exchanged the DVD twice and still the same result. The rental place was able to play the DVD without any problem. The vintage of their player was earlier than the one I had. Normally newer technology is backward compatible. This meant what I had should have worked. There was another same type video player that had been unplugged. After re-plugging it directly to the TV, it started to work. But after a little while it stopped and acted confused like the other one. Realize that neither video player’s were linked to the Comcast Cable, but the Cable box was linked and on.

After unplugging everything I had to wait almost three days to drain the equipment of any power. After connecting only one video player to the TV and leaving everything else unplugged and unconnected, the video player worked normally. The remote was working properly as well. I was worried that a neighbor may have their cable box close enough to allow that box to communicate with either the TV or Video player but luckily it didn’t. The other neighbors are too far away to be an influence. This took more than a week and what else I surmised was that the intruder(s) needed to see what I was doing for them to plan my trouble. My friend and I have known for a long time that the home had microphones from too many coincidental situations.

So after witnessing the video players being digitally modified the question is HOW was it being done? They weren’t connected to the Cable system yet they were changed enough to make them unusable. Also this fits with other questions of my small hand held computer without any ports is also being intruded. Plus my desktops both had Ethernet cards and were also intruded, but how.

The answer I came up with is that there were two methods being used. One method targets the Ethernet port as I have noticed device drivers installed probably by an Intruder setting up my system. But how did the first one enter? This is where the second method comes in with the possibility of using RFID connections. I believe RFID chips are installed by design into our computer main boards as a backup to intrude. I also feel that the power usage may be larger than using a standard port and my handheld showed high battery usage when I had intruders. The same may be true for the video players with they having RFID’s installed for intruding. Frankly it’s possible the video players may have it installed as a way the factory dealt with the manufacturing process.

Anonymous said...

Part 3c
Home spying devices other than Cable Boxes:
Wireless listening devices and cameras:
Microphones can reach around 50 feet and pick up whispers at that distance. These devices would be expected to communicate with a Cable box or someone sitting nearby possibly in a vehicle.

Internet and Computers:
While at the library another person comes in around the time I’m there. Occasionally we chat about life. When I’m posting sensitive posts, we may briefly chat about something, this is when the computer runs sluggish as if it’s busy doing something else. I feel the computer is recording our conversation and because sound is filled with data, the computer is busy storing it as a file then sending it out before coming back to service my regular commands.

Cable boxes and video players:
Another friend and I would watch DVD’s or a cable channel movie at their house. When one of us would talk, the TV sound would shut off. Then when we were quiet, it came back on.

Cable boxes and TV:
At my home there have been times where the TV acts crazy. This will sound nuts but the picture change colors to only one color, sometimes it’s almost black. My technical mind suggests that picture data is being disassembled and separated into colors. If I were to talk to another family member, the TV would go quiet and then start again after finishing talking. If I mention in an email during the day that Mom is enjoying watching the Catholic Daily Mass, for some reason, when the Mass was on, the color problem surfaced and Mom complains.

Cable boxes and stereo players:
Another friend has a CD stereo player in a room where we sit and talk. Interestingly enough while previously working on intense posts regarding corruption, this stereo unit would play the CD and radio station but occasionally or for long periods wouldn’t produce any sound. As puzzling as it was it worked sometimes and other times it didn’t work leaving those moments where it was so quiet you could hear a pin drop.

The Relationship with the Intruder
Basically a relationship can be minimal with only smile at someone who you see at the same time each day. It could also be someone who you deeply interact with on a regular basis throughout the day. Relationships can start out minimal and progress but both parties control the progress or reduction of the relationship.

Intruders, especially the Professional Intruders aren’t in your computer by accident. They’ve known about you and knew where to find you. The reasons vary why they are in your system. The Internet is public and for those highly skilled mostly all data is available. For those who are skilled, this open system gives those with resources and serious “need to know” opportunities to prowl the internet. They look for information that may affect them especially threats. Intruders and those hiring the intruders are people with emotions, needs and pressure. They may find some of their targets so interesting that they may want to know as much as they can about them. My experience shows that curiosity drives them with a “must have now need” to know more about you.

Your relationship with the Intruder mostly is based upon their interest to snoop. However having this much information on you makes them powerful leaving you very vulnerable without knowing someone knows this much about you. Your concern should be to question what are they going to do with this much information on you? It there isn’t an interest to harm, then who cares, but what if there is?

Realize that they may watch you daily and get bored. My experience shows that they will entertain themselves by play games on you. You have to be sharp to realize this is happening to realize you have an intruder.

Behavior says everything. If someone who is snooping is hostile towards you this could present a dangerous situation for you. No one knows what the micro-snooper intends to do with their highly detailed information on you. But if they demonstrate hostility towards you, you might be in danger.

Anonymous said...

Part 3d
Intruder Relationships with Other Team Members:
The Intruders I’ve dealt with have demonstrated to have OTHER relationships with OTHER team members or gangs. There are many groups. Each has different skill sets and work together. I could list it out but don’t feel anyone would believe it and there has been ongoing hostility!

Technology offers abilities to hide data and to display secret messages:
Today’s technology has grown to be very usable and has replaced many old technologies; film cameras, printing and much more. Along with this growth is a ballooning of file sizes noticeably in the still picture file sizes. Requiring traceability has caused manufacturing and ownership information to be embedded within the files. But along with this is more room to hide other information. Realize that pictures can be placed in webpage’s and elsewhere that can be looked into. Normally people don’t disassemble picture files to see what’s inside but doing so may be interesting.

Little known is that a standard TV transmission signal is actually a video stream with sync pulses and video data and a right and left channel for stereo sound within another carrier frequency. The video stream is a busy place and has lot of room for other things if need be. Realize that how well the TV displays detail is based upon how much data is fed into the picture signal and the new “HD” even has more data. But video can be minimized in specific areas to prepare to insert other data that wouldn’t be noticed by the user. Same is true for sound signals.

Using today’s digital video signal mixed with digital receivers allows for specific addressing of information to any particular destination. This is in “large part” how cable directly talks to a user for allowing payment for various products. This information can originate from anywhere even the beginning of the transmission or taping process as the user has a specific address to send to.

There is a lot more but it’s doubtful many will believe what how involved this is.

#####
Please note how complex and voluminous this topic is. With trying to make this brief, I’ve left out many things that may be of value to some of you. I’ll use this as a working document.


Marty Didier
Northbrook, IL