Several times each year I receive rather disturbing correspondence, usually from women, who believe they are being electronically stalked and harassed by (usually) an ex-boyfriend/husband/lover, a rejected suitor, or (less often) by some other disgruntled person such as ex-friend/co-worker/employer/etc.
While I sometimes can’t help but think that some of these people are giving their tormentors credit for a skill level they probably don’t possess, there is rarely any doubt that “something nasty” is going on.
A common claim is that the stalker “is inside my computer” and/or “inside my e-mail”. For a stalker who once was close to the victim (boyfriend/husband/lover) and had physical access to their computer, this level of intrusion is not too difficult to achieve. There are any number of spy programs available on the Internet that can be installed and operated by any reasonably competent computer user.
To achieve the same level of intrusion from outside is more difficult, but far from insurmountable. The degree of difficulty depends a lot on the security level of the PC being attacked, which, unfortunately, is usually low to non-existent, because…
Few people are aware that their new PC comes to them virtually completely unprotected and is a sitting duck the moment they hook it up to their broadband Internet connection.
Getting help from officialdom
Another common thread in this sort of correspondence is that the victim has been unable to get the police or FBI interested in their plight.
With the possible exception of special departments in major jurisdictions, in most countries the police are usually a waste of time in matters of computer crime. However I would think that it shouldn’t be too hard to find someone to take an interest in, say, a public servant who is abusing his position of authority. Be aware that the higher up any public totem pole your attacker may be, the more vulnerable they are themselves to exposure.
For my American readers, as to what the FBI can and can’t do and what they may be interested in, I do get conflicting reports on the type of responses people get from that agency. I’m not an American resident so I’d appreciate any informed advice on this but, according to information I’ve received in the past, the FBI doesn’t need proof of an actual “threat” in order to take an interest. This video tends to support that information. Hacking into a computer without authorization is in itself a federal/national offense in most Western countries, including, I believe, the United States of America.
Probably the best place for information about the various FBI departments is at: http://www.fbi.gov/cyberinvest/cyberhome.htm
You might also want to take a look at the US-CERT website at: http://www.us-cert.gov/ and in particular the reporting form at: https://forms.us-cert.gov/report/
Make them WANT to help you!
Whether you are submitting a complaint to the local police or to a national agency, or just reporting problems to an IT professional, for goodness sake be thorough, logical and explicit.
Your first aim is to get someone to want to help you, and you can’t expect a positive response to a rambling report with only vague references and few hard facts.
If you know your own writing is not particularly articulate, prepare all the facts in note form and get someone to help you write the letter of complaint. Depending on the type of harassment you are facing, it may be one of the most important pieces of correspondence you will ever prepare, so make every effort to make it count.
Why me?
So why do these unhappy and often frightened people write to me with their problems?
Often they have tried officialdom without success, and they want to ask if my security e-book The Hacker’s Nightmare will be of help to them.
My answer is always along these lines…
The Hacker’s Nightmare will definitely help you to configure a very secure system. However, there is little point in trying to secure a computer that is already compromised. For the techniques in The Hacker’s Nightmare to be effective you must start with a clean computer that is free of malware.
And that’s the very reason that I subsequently wrote “Seven Steps to a Clean PC”, which is also available free of charge from the members’ download area for any owner of The Hacker’s Nightmare. 7Steps has helped a lot of people clean up their systems, but there is no such thing as a universal cure for all situations. More on 7Steps in a moment, but first…
If a reasonably competent hacker is already “in” your computer, the remedy will probably be too complex for the average casual PC user to attempt themselves. In such cases I would have to recommend that you call in a professional consultant, preferably someone who is experienced in security issues.
Seeking professional help
Now I’ve heard plenty of stories about people calling in “the local computer guy” to solve security related problems and being disappointed with the outcome. You need to be aware that not all IT support people have as much experience in security matters as you may need. I think it would be quite reasonable for you to ask a consultant to work on a “no fix, no fee” basis. Anyone confident in their own ability should be willing to accept those terms.
Anyway…
When a victim has cause to believe that someone is “inside the computer” it’s usually the case that, by one means or another, a trojan of some description has become installed on the computer and the intruder is gaining access via it.
The fastest and surest way to clean out a badly compromised computer is a reformat and reinstall of Windows. No malware will survive that. However, if you then reconnect to the Internet without taking certain other precautions, you immediately put yourself at risk again. The best precaution you can take is to install an inexpensive router. The topic of routers is well covered in The Hacker’s Nightmare.
Another thing you should probably do is contact your Internet service provider and tell them you need a change of IP address. Like the street address of your home, your IP address is your identity on the Internet. As long as a hacker has your IP he can start probing you again to find a way in. But you need to change your IP address while your computer is clean, otherwise the trojan can simply report the new IP back to the hacker. Obviously any such changes you make should be arranged offline (e.g. by phone), or at the very least via another computer known to be clean.
The tricky part comes when you prepare to reconnect your clean PC to the Internet again, because unless your router is correctly configured to be secure, you could soon end up being compromised again. Depending on your router type and your own level of experience, you may find the task of properly securing your router a little daunting. However “Chapter 10: Wireless Security” from The Hacker’s Nightmare will give you quite a bit of insight in this regard.
Again, a competent consultant should be able to do all this for you in a few hours. If the person you’ve called on is more into general IT support than security issues, it may be necessary for you to give him/her specific directives. For example, rather than ask for a “clean up” of the existing installation, perhaps ask him to:
- Take backups of your most important files
- Reformat the hard disk
- Reinstall Windows
- Install and configure your router to WPA2 standard
- Install the latest Windows Service Pack
- Apply all relevant Windows Patches & Updates
- Install & configure Online Armor software firewall
- Install & configure Webroot SpySweeper — just the plain WebRoot SpySweeper, not one of the versions with other bells and whistles
- Install & configure AVG Anti-Virus — the commercial version (there’s too much important stuff missing from the free version), anti-virus only (not anti-virus+firewall and not the Security Suite)
- Reinstall the backups of your important files
- Run full scans from Online Armor, Webroot Spysweeper and AVG Anti-Virus
- Reinstall your main applications programs
The sequence should be followed in that order. A consultant experienced in security issues will have a few other tricks up his sleeve as well, but any reasonably competent support person should be able to execute the items on that list.
Yes, I know you can probably do some of those things yourself, but if you’re going to call in a consultant at all I strongly recommend that you have them do the lot.
The consultant may want to install different software than Online Armor, Webroot SpySweeper and AVG Anti-Virus. My suggestion to you is that, if you are going to then follow The Hacker’s Nightmare to really secure your system for the future, that you insist on those particular programs. The Hacker’s Nightmare will be a lot easier to follow if you are running the programs it recommends. However make sure the consultant properly CONFIGURES each of those programs, not just install them.
A self-help alternative
A complete re-installation of Windows as above is by far the most certain way of eliminating all malware threats and intrusions, but if you want to try a cleanup without doing a reformat/reinstall of Windows, you can try this…
As already mentioned, owners of The Hacker’s Nightmare can download the companion e-book “Seven Steps to a Clean PC” from the members’ area. I suggest you download it and browse it on another computer, and if you decide you want a try the process yourself, print it out and take the printed copy to the computer that is compromised.
The important thing to keep in mind about 7Steps is that it is essential that each step be followed in order. There are no optional steps, and skipping one for whatever reason is a fatal mistake. Then there is the possibility that, if a hacker is actually watching you do this, he may interfere with your attempts to follow the 7Steps process.
Conclusion
In the final analysis these are your best options:
- If you believe your computer is compromised and it’s just (!!!) a matter of run-of-the-mill malware, work through “Seven Steps to a Clean PC”.
- If you believe your computer is compromised and there is a hacker involved, call a competent consultant.
- If you’re not sure which of the above applies, and if your time is more important than the cost, go with #2 straight off. Otherwise try #1 first.
- When you are sure you are working with a clean computer, ensure that it stays that way into the future by working through The Hacker’s Nightmare and following the recommendations therein, because…
Staying clean and secure is a lot cheaper, a lot more efficient and requires a lot less time than having to periodically get clean again. Not to mention the risks to your data, privacy, finances and general peace of mind.
{ 6 comments… read them below or add one }
On sensitive topics like this people sometimes wish to comment but not do so publicly. Although blog comments are anonymous, in that you can use any name you like and no one can see your e-mail address except me, they are concerned that some part of what they have to say may make them identifiable to others who know them.
While I would never violate such a confidence, sometimes their comments or my response will have relevance to other readers, so the general gist of the exchange is worth reporting for the benefit of others.
One lady who has been a victim of cyber harassment wrote to tell me that she had even taken her new computer to a different location (and thus different Internet connection) to “safely” download the applicable Microsoft patches and updates.
In reply I pointed out that you don’t need to take a new computer to a new location. In fact there’s really not much point in doing that.
That’s where a router comes in. The sequence of events should be:
1. Purchase new computer or have existing computer thoroughly cleaned;
2. INSTALL A ROUTER;
3. Then, and only then, connect to the Internet.
A NAT router of the type described in The Hacker’s Nightmare is the single best precaution you can take against intrusion. But the router MUST be properly configured with all the appropriate security settings for it to do its job properly.
From a security perspective a NAT router is definitely NOT an optional item. Every home should have one and every business should have their network protected by one (at least).
I just wish that computer retail staff were better educated in this regard and would attempt to include a router in every new computer sale. For an extra fifty bucks or so they’d be doing their customers a significant service as well as adding to their employers bottom line.
Great article!
I’m a PI and I specialize in cyberstalking investigations. I’m going to put a link to this article on my site and blog.
great work.
Thanks Ed — it’s always gratifying to hear that an article is appreciated.
Readers, I don’t know Ed, other than having had a good look at his website, but in the context of this article it’s worth mentioning that Ed Opperman is president of Opperman Investigation Inc. His company offers services that may be of interest to anyone who feels they need help escaping any form of “digital oppression”. The website is located here: http://www.emailrevealer.com
I have been reading your posts lately, just want to say thanks for all informative stuff i have found here, helped me learn alot lately.
Much Regards, Mark
Just want to say thanks for all the great info found on your blog, even helped me with my work recently
keep it up!
nice post. I would love to follow you on twitter.