Hacked/Spied Upon
Thread Starter
Join Date: Jul 2004
Location: Cloud 9
Posts: 2,948
Likes: 0
Received 0 Likes
on
0 Posts
Hacked/Spied Upon
Guys/Gals,
The ex boyfriend of a good friend of mine, by all accounts he has a PHd or two in IT, it seems installed a programme on her PC whereas he can, or could, read whatever she typed.
They are no longer a couple and she is unsure if he could only read her writings when they were together, i.e. he was manually logging in to her PC to read, or if he is reading remotely to this day from half a world away.
I'm presuming that she needs to select "Control Panel" and then "Programs", if this is incorrect then please speak up, what does she need to be looking for, any programme ID suggestions please?
Thanks in advance
The ex boyfriend of a good friend of mine, by all accounts he has a PHd or two in IT, it seems installed a programme on her PC whereas he can, or could, read whatever she typed.
They are no longer a couple and she is unsure if he could only read her writings when they were together, i.e. he was manually logging in to her PC to read, or if he is reading remotely to this day from half a world away.
I'm presuming that she needs to select "Control Panel" and then "Programs", if this is incorrect then please speak up, what does she need to be looking for, any programme ID suggestions please?
Thanks in advance
Join Date: Jan 2008
Location: Finland
Age: 77
Posts: 465
Likes: 0
Received 0 Likes
on
0 Posts
You can try that and see if there is a program that you can uninstall that you do not know what it does - google any you don't recognise.
If this had happened to me, I would, for "peace of mind", at least refomatt the hard disk and start from scratch.
Depending on the ability of the chap, he may have hidden his tracks very deeply.
I'd, in reality, replace the hard disk - they are very cheap these days.
If this had happened to me, I would, for "peace of mind", at least refomatt the hard disk and start from scratch.
Depending on the ability of the chap, he may have hidden his tracks very deeply.
I'd, in reality, replace the hard disk - they are very cheap these days.
Thread Starter
Join Date: Jul 2004
Location: Cloud 9
Posts: 2,948
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for that Tarq57, I've just emailed her the "idiots guide" of how to disable it
finncapp, if I were sitting beside her I'd scroll thru her programmes and google, difficult to get this across to her remotely.
cattletruck ... Certainly a weirdo, he wasn't taking care of her so she went looking elsewhere and rather than mend his ways, or indeed finish the relationship, he went spying on her and is now the p1ssed off ex boyfriend out to seek revenge.
finncapp, if I were sitting beside her I'd scroll thru her programmes and google, difficult to get this across to her remotely.
cattletruck ... Certainly a weirdo, he wasn't taking care of her so she went looking elsewhere and rather than mend his ways, or indeed finish the relationship, he went spying on her and is now the p1ssed off ex boyfriend out to seek revenge.
Join Date: Aug 2007
Posts: 647
Likes: 0
Received 0 Likes
on
0 Posts
Dar Mr Fogg
You seem to be describing a piece of software called in the "trade", a key board logger.
The software intercepts keystrokes and than either stores them secretly to be downloaded at will by a third party or relays in the keystrokes in real time to a remote device for inspection. [Tarq and Cattletruck -Software of this type may try to hide its self; Sorry of the omission]
Obviously these activities can be accomplished without the PC owners consent
A slightly more modern variant of this approach is to use the Computing devices built in cameras to relay both still and moving images captured by the device.
If I were in this situation [or anyone I knew of]. I would as a matter of urgency, cease to use the PC immediately; and get the potentially at risk party, to contact a solicitor, get professional advice as to the status of the potentially compromised PC and depending on the results, contact the police.
The key word in your OP was "seems" so because this is a public forum care is needed in giving any advice here.
Anything that I've suggested is purely in the context of what I would do, if i were suspicious that a personal computing device that I owned, were to be compromised and not in anyway shape of form, explicitly linked to the potential situation that you have outlined.
CAT III
The software intercepts keystrokes and than either stores them secretly to be downloaded at will by a third party or relays in the keystrokes in real time to a remote device for inspection. [Tarq and Cattletruck -Software of this type may try to hide its self; Sorry of the omission]
Obviously these activities can be accomplished without the PC owners consent
A slightly more modern variant of this approach is to use the Computing devices built in cameras to relay both still and moving images captured by the device.
If I were in this situation [or anyone I knew of]. I would as a matter of urgency, cease to use the PC immediately; and get the potentially at risk party, to contact a solicitor, get professional advice as to the status of the potentially compromised PC and depending on the results, contact the police.
The key word in your OP was "seems" so because this is a public forum care is needed in giving any advice here.
Anything that I've suggested is purely in the context of what I would do, if i were suspicious that a personal computing device that I owned, were to be compromised and not in anyway shape of form, explicitly linked to the potential situation that you have outlined.
CAT III
Last edited by Guest 112233; 28th Apr 2015 at 14:08. Reason: De personalisation
Join Date: Jul 2010
Location: East sussex
Posts: 624
Likes: 0
Received 0 Likes
on
0 Posts
Targ57..."One of the first things to do would be to check that remote assistance is disabled"
Thanks for the 'head up' out of curiosity had a look at mine, the remote assistance was 'ticked' it's not now
Thanks for the 'head up' out of curiosity had a look at mine, the remote assistance was 'ticked' it's not now
Join Date: May 2009
Location: Confoederatio Helvetica
Age: 69
Posts: 2,847
Likes: 0
Received 0 Likes
on
0 Posts
The first thing I would do would be to disconnect it from the Internet. Turning it off and not using it would be my second action.
Then I would seek professional help in cleaning it of any malware.
Or, buy a new computer - they are fairly cheap these days.
Then I would seek professional help in cleaning it of any malware.
Or, buy a new computer - they are fairly cheap these days.
Thread Starter
Join Date: Jul 2004
Location: Cloud 9
Posts: 2,948
Likes: 0
Received 0 Likes
on
0 Posts
Targ57..."One of the first things to do would be to check that remote assistance is disabled"
Thanks for the 'head up' out of curiosity had a look at mine, the remote assistance was 'ticked' it's not now
Thanks for the 'head up' out of curiosity had a look at mine, the remote assistance was 'ticked' it's not now
ExXB ... and others,
Here, for my friend, a new computer is equivalent to 3 months (gross) salary, but the computer isn't the problem, the problem is HIM, he's more recently been trying to blackmail her, she's become so stressed she's been in and out of hospital.
Before she let me know of this she had already blown her money seeking legal advice, the ex bf is claiming that she has been involved in illegal activities but she's told me, pretty much, the full story and all she is guilty of are some indiscretions, she hasn't done anything illegal.
I'm just asking of her for his home address or home city so I may goggle for his local police's electronic crimes department or similar, to the best of my knowledge blackmail is illegal.
Thanks again
Here, for my friend, a new computer is equivalent to 3 months (gross) salary, but the computer isn't the problem, the problem is HIM
Short of shelving the existing system and buying a replacement, the safest thing to do is reformat and reinstall everything from scratch. Don't use backups as they will likely be affected as well. Change all the passwords for all her on-line accounts (e-mail, Google, Facebook, etc and so forth) - do this from another computer in case it is a keylogger and it's still there. It's a pain I know but the options are limited.
Join Date: May 2009
Location: Confoederatio Helvetica
Age: 69
Posts: 2,847
Likes: 0
Received 0 Likes
on
0 Posts
one thing that key loggers do not pick up is mouse movement and clicks. So when entering a password like "passowordo" type wordo; move the mouse to the beginning and click; then type passo. The key logger will pick up wordopasso. Obviously not a perfect or long-term solution but could be effective when necessary.
Hippopotomonstrosesquipidelian title
Join Date: Oct 2006
Location: is everything
Posts: 1,826
Likes: 0
Received 0 Likes
on
0 Posts
Almost everything using the logging technique these days is event-driven: it's actually a form grabber, and so looks for submit events. It then has the correct string no matter how you assembled it. Your method would only defeat hardware-based keyloggers in the keyboard cable.
Some commercial antivirus providers have free bot scanners, for example Trend's RUBotted. But I'm not sure that would detect, say, Spector.
Some commercial antivirus providers have free bot scanners, for example Trend's RUBotted. But I'm not sure that would detect, say, Spector.
Last edited by Bushfiva; 29th Apr 2015 at 08:36.
Thread Starter
Join Date: Jul 2004
Location: Cloud 9
Posts: 2,948
Likes: 0
Received 0 Likes
on
0 Posts
A few years ago there was a South Australia idiot threatening all sorts, including rape and murder, on a forum, I got in email contact with a detective from South Australia Police's Electronic Crimes and one day, whilst this idiot was being brave from behind his keyboard, the Police came knocking at his door
This guy lives in San Francisco, I've already successfully goggled SF's Police email addresses, any more nonsense from him and I'll be emailing his local cops.
This guy lives in San Francisco, I've already successfully goggled SF's Police email addresses, any more nonsense from him and I'll be emailing his local cops.
Join Date: Aug 2007
Posts: 647
Likes: 0
Received 0 Likes
on
0 Posts
le Pingouin
By re formatting the thing and re installing the operating System: there is a risk of destroying evidence.
Phileas, Obviously this is only an opinion based on descriptions of what has been said; on the thread and I stand by the advice I've suggested, but only the potential victim can really decide the best course of action.
Obviously in this case - I cannot state that this applies in this alleged instance, but given the very advanced state of the science of malware development, there are already established ways of circumventing the re installation of the operating system. [Edit: and preserving the functionality of the malware].
Think of Stuxnet and its variants. [Further edit: I cannot verify the voracity of this site but its worth a look https://security.stackexchange.com/q...ntial-malware].
CAT III
Phileas, Obviously this is only an opinion based on descriptions of what has been said; on the thread and I stand by the advice I've suggested, but only the potential victim can really decide the best course of action.
Obviously in this case - I cannot state that this applies in this alleged instance, but given the very advanced state of the science of malware development, there are already established ways of circumventing the re installation of the operating system. [Edit: and preserving the functionality of the malware].
Think of Stuxnet and its variants. [Further edit: I cannot verify the voracity of this site but its worth a look https://security.stackexchange.com/q...ntial-malware].
CAT III
Last edited by Guest 112233; 29th Apr 2015 at 12:42. Reason: Carification - Grammer error
Thread Starter
Join Date: Jul 2004
Location: Cloud 9
Posts: 2,948
Likes: 0
Received 0 Likes
on
0 Posts
CAT III,
Thanks, if I had her laptop in front of me there is so much I could do to advise better ... It does appear that the offender is working on out of date information and/or making it up for himself so, fingers crossed, he only installed something that he could read there on the spot and not read remotely.
Thanks, if I had her laptop in front of me there is so much I could do to advise better ... It does appear that the offender is working on out of date information and/or making it up for himself so, fingers crossed, he only installed something that he could read there on the spot and not read remotely.
Join Date: Jan 2008
Location: Timbuktu
Posts: 962
Likes: 0
Received 0 Likes
on
0 Posts
I've seen laughable attempts at spying e.g. people installing TeamViewer as a silent background service, or saying that VNC is antivirus. This kind of thing you can deal with without wiping. However, if this guy does know what he's doing, either wipe and start again or hand in to Plod as evidence for prosecution.
There are valid points to get a new machine - the maxim of "if someone you don't trust has had physical access to it, it's compromised" is technically true. With enough resources the accused could install a rootkit or even some additional hardware in an internal expansion slot (even a laptop; mine has 3 mini-pcie slots, expresscard, internal 56k modem card plug, etc). But unless he works for Mossad / NSA / Q branch this is extremely unlikely...
There are valid points to get a new machine - the maxim of "if someone you don't trust has had physical access to it, it's compromised" is technically true. With enough resources the accused could install a rootkit or even some additional hardware in an internal expansion slot (even a laptop; mine has 3 mini-pcie slots, expresscard, internal 56k modem card plug, etc). But unless he works for Mossad / NSA / Q branch this is extremely unlikely...
I would also recommend changing the password for any domestic Wi-Fi network that she may be using.