| T O P I C R E V I E W |
| icy1 |
Posted - Feb 08 2008 : 4:19:36 PM
Hi...I just found your website and I'm hoping to get some answers. I have a problem that I wonder if someone can give me some advice, or just some education as to know how this is done...but here is my story:
A year and a half ago I noticed that emails I had been sending out to people were being changed. So yes it was a hacker accessing my email account, thru Shaw Cable internet. It was around then that I decided to go to cable telephone, again thru Shaw Cable. I never noticed any problems with the phone service up until a few months after I subscribed. Certain people were finding out personal information that was only discussed over the phone, so now I figure my phone is being tapped. What also was happening was that this "person" was somehow managing to make prank calls to people, but using my number somehow. I even had some of the calls show up on my bill. After searching thru all the cable wiring, I could find nothing, so therefore gave up on it. A little while after that I decided to switch both my phone and internet over to Telus, as I figured that changing ISP's would get rid of this "person". Well, I am not sure if my email is being hacked at all still, but my telephone still is. I have now had to give my cell phone number to those that call me frequently as I fear using the phone.
Now, how can somebody tap both Shaw Cable phone and Telus phone?
Is it possible that there is malicious software installed on my computer? I opened up the computer and nothing seemed out of the ordinary. I have searched for bugs and have checked both cable wiring and telephone wiring to no avail. I need some answers to my situation as my right to privacy is being invaded and I am getting sick and tired of having to change numbers, etc. |
| 15 L A T E S T R E P L I E S (Newest First) |
| Aaron Cake |
Posted - Mar 15 2008 : 10:31:44 AM
Ah, I thought you were referring to listening while the phone was in use, not on hook. |
| bsecurity |
Posted - Mar 11 2008 : 06:34:08 AM
Aaron,
Thanks for your comments to my posting.
quote:
You mean there are phone taps that don't? How else would the audio be available other then using the microphone in the phone handset?
Fair enough. I used to be under the impression that a tapped phone had to be picked up and spoken directly into before they could hear a voice on the other line. But, apparently, this is not the case. With the phone on the hook conversations are still heard. |
| Aaron Cake |
Posted - Mar 10 2008 : 10:12:37 AM
quote:
Originally posted by bsecurity
icyl,
You said that people know things that are only said over the phone. There is a type of phone tap that actually uses the phone receiver as a microphone.
You mean there are phone taps that don't? How else would the audio be available other then using the microphone in the phone handset?
quote:
If you are concerned that your email has been compromised you might want to ditch the free email services and go for an email service that logs all access to their servers. This way you can check the access logs to see what days/times and IP numbers have been used to access your email.
Most ISPs will not give you records as to how and when your account has been accessed. There may be web based mail services that do this but if the machine is compromised then it's not going to help.
quote:
You might consider doing all web browsing and email using a linux live CD. This way viruses and key loggers can't be installed on the operating system.
That's not true. There is nothing about a live CD that prevents viruses/keyloggers/whatever from being run. It is highly unlikely that such a thing will happen, but it's not impossible.
quote:
If you are concerned about keeping your IP number masked you might give something like the Incongnito Live CD a try.
http://anonymityanywhere.com/incognito/
You can't "mask" an IP address. TOR will only prevent the other end from seeing your true IP, which won't help in this case.
|
| bsecurity |
Posted - Mar 08 2008 : 8:45:35 PM
icyl,
Sorry to hear about your problems.
I am beginning to think that with the rapid advancement of technology Big Brother type surveillance is much easier to do than it once was.
You said that people know things that are only said over the phone. There is a type of phone tap that actually uses the phone receiver as a microphone.
http://www.spy-nexus.com/bugguide/infinitybug.htm
(I have NO IDEA if that particular link leads to a decent company with good products or not...I just did a google search for "infinity device".)
Do people know what is going on in your house? Are they aware of conversations in the house? You might consider keep mental track of exactly what is said in the house, and only in the house. Wait and see if they know these things.
Remember, as they determine you are figuring things out they will be more careful in revealing specific knowledge. They don't want you to figure out the exact points of their surveillance.
If you are concerned that your email has been compromised you might want to ditch the free email services and go for an email service that logs all access to their servers. This way you can check the access logs to see what days/times and IP numbers have been used to access your email.
Of course, there are other ways to read what is being typed on your computer! Seeing an access log to email is a beginning. Determining the exact points of surveillance will probably be difficult for you to sort through.
You might consider doing all web browsing and email using a linux live CD. This way viruses and key loggers can't be installed on the operating system.
If you are concerned about keeping your IP number masked you might give something like the Incongnito Live CD a try.
http://anonymityanywhere.com/incognito/
Is your house/apartment physically secure? Do you live alone, or with with others? If you live with others, this is an obvious point to consider. If you check email from a computer that is attached to a local network, sniffing network traffic can be used to swipe your passwords.
You said that you are paranoid. If someone is doing these things to you it can be used to their advantage for you to be this way. Being paranoid causes us to be distrustful, nervous, and extremely distracted. But the thing is, when dealing with your situation these behaviors will be counter productive. They can destroy your ability to resolve the issue - or to attack the situation in a logical, calm fashion. You need a clear and clam mind so that solutions and ideas will present themselves. Do not let this ruin you. |
| Aaron Cake |
Posted - Mar 02 2008 : 10:16:40 AM
It's unlikely that you Yahoo! and HotMail accounts were "hacked". If someone else is accessing the account they probably got the password easily by guessing or by using the password recovery feature of those websites. What makes you think that someone else is accessing the accounts?
If this is the case, then setting up the account on someone else's machine is not going to help.
There is a possibility that they are using keylogger software on your machine. In which case as soon as you log on using you computer, you are compromised again.
However, the details in your post have been very vague so most of the replies are nothing more then guesses. It will take a lot more detail to figure out what is going on here.
I've been doing computer work for more then 10 years now, and everyone seems to think they have been "hacked". |
| icy1 |
Posted - Feb 24 2008 : 4:55:57 PM
Those are all interesting points.
Now, I know for a fact that both my Hotmail and Yahoo mail and chat log have been hacked. If I were to create a new profile whether in Hotmail or Yahoo on, say, a friend's computer, can a hacker still access the accounts IF I only use those accounts on my friend's computer? |
| cirvin |
Posted - Feb 23 2008 : 7:56:02 PM
As far as the PGP system goes, nobody but you can sign as you, since you use your personal decryption key that only you have to sign your messages, and people use your public key to verify that it was actually you who sent the message.
Email is like a postcard. That's why Zimmerman created PGP. It's not that hard to use the system, there's plenty of information about it on the internet and if someone is in the situation like that above, I'd think they'd put for the effort to learn the system and tell others to use it.
Best option would be to not use any electronic means for important communication. |
| Aaron Cake |
Posted - Feb 23 2008 : 10:24:12 AM
Even signing and encrypting doesn't help that much.
Anyone can also sign their email as someone else, and most people don't even know how to decrypt scrambled messages much less know how to determine if the proper key was used. 
I was once told that email should be considered a post card in the sense that anything you write is easily read by almost everyone at the post office and along the way. |
| cirvin |
Posted - Feb 18 2008 : 2:17:57 PM
quote:
Originally posted by Aaron Cake
quote:
Originally posted by icy1
In answer to your first statement, what had been happening was the tapper hacked my email account and "posed" as me and sent all my friends nasty emails. I had a lot of explaining to do. I don't think that the other scenarios are viable. Since I switched to Shaw, people are still knowing my personal business that I have only discussed on the phone, so I know it's still happening. Oh, and there's no chance that someone is gossiping, as many of my friends do not know each other.
It is so easy to send mail as another person that it could be considered trivial. Literally, within 10 seconds, I could send mail as anyone I want. You, anyone on this forum, billg@microsoft.com, president@whitehouse.gov, it's easy and requires absolutely no knowledge of anything on the person's computer whos email you are "borrowing". Any person with even a passing knowledge of computers can do this as it's just one change in their email program.
If you are using web mail and not standard SMTP/POP3 mail, then they could have simply guessed the password or used the tools the service provides to recover it.
One of the many reasons why you should sign, and or encrypt all of your email! |
| Aaron Cake |
Posted - Feb 18 2008 : 09:50:36 AM
quote:
Originally posted by icy1
In answer to your first statement, what had been happening was the tapper hacked my email account and "posed" as me and sent all my friends nasty emails. I had a lot of explaining to do. I don't think that the other scenarios are viable. Since I switched to Shaw, people are still knowing my personal business that I have only discussed on the phone, so I know it's still happening. Oh, and there's no chance that someone is gossiping, as many of my friends do not know each other.
It is so easy to send mail as another person that it could be considered trivial. Literally, within 10 seconds, I could send mail as anyone I want. You, anyone on this forum, billg@microsoft.com, president@whitehouse.gov, it's easy and requires absolutely no knowledge of anything on the person's computer whos email you are "borrowing". Any person with even a passing knowledge of computers can do this as it's just one change in their email program.
If you are using web mail and not standard SMTP/POP3 mail, then they could have simply guessed the password or used the tools the service provides to recover it.
quote:
I have run spyware scans and antivirus scans and it turns up clean every time. I use AVG as an antivirus. I did a reformat of my computer yesterday, so hopefully that has had some positive effect.
None of these programs will find a rootkit. You need to have the system examined by someone who knows what they are doing.
quote:
Telus supplies their customers with a combination modem/router. I'm far from expert, but routers make it difficult for somebody to break into a computer, correct? What is the likelihood of somebody bypassing the router to install malware?
Routers will protect you from Intenet borne worms like Sasser or Slammer. They will offer no resistance to viruses, malware, phishing, etc.
|
| Hadrollo |
Posted - Feb 15 2008 : 11:49:17 AM
Emails are easily cracked, hacked and scammed. I've done some of this myself when I was younger. As for someone being in your email, the methods that spring to mind are that someone:-
- guessed your password,
- answered your secret question (often undetectable if you often use the same password),
- phished you,
- tricked you into downloading a keylogger.
As for your telephone, there are other methods. There are sites that you can subscribe to and send people an email or SMS with the sender set as any other address or phone number you choose. There could possibly be similar sites that can do the same with phone calls.
As for people knowing your personal details, ask yourself who? If you tell Bob a secret and suddenly Bill knows it, either Bob is a tattertale or Bill is a creepy stalker. Look for patterns, look out for someone who knows everything you say or look out for the person who's not keeping their mouth shut.
Also, all of these things take a great deal of effort for little reward. Far too much effort and far too little reward to just do for the fun of it. Perhaps you should look at who you've pissed off and try to make amends. |
| cirvin |
Posted - Feb 13 2008 : 8:20:18 PM
Sign and Encrypt your Email.
http://www.gpg4win.org/
PGP is a widely accepted and reliable system for email encryption. It will allow you to communicate privately through email and also sign your messages electronically so that people you contact can be sure that the email is coming from you. If this person tampers with any of your signed/encrypted mail, the recipient will know about it, and if someone sends you email back, you can be sure it's actually them (if they're using the encryption too, which they should definitely be).
Also, if by any chance this person were to gain access to your computer and somehow discover your pass phrase for the encryption (which you should never write down or ever discuss with anyone) and gain access to your decryption key, you can easily issue a revocation of your encryption key and start over again.
|
| icy1 |
Posted - Feb 13 2008 : 11:43:22 AM
Well, I just had a little something strange happen. I get a hang-up call on my landline, and right directly after that I get a hang-up call on my cellphone. Caller ID and the cell both say "restricted number" (of course), and the cellphone number I had changed about 2 weeks ago. So what do you make of that? |
| icy1 |
Posted - Feb 10 2008 : 10:20:36 PM
Hi Aaron, no this is not VOIP....and I am not using a cordless phone.
[quote]
There are several scenarios, from most likely to most unlikely.
1. Someone was just sending out spam with your address as the return address. Happens all the time.
2. Your machine was infected by a virus that was sending out email using your account. The virus would have came via email or an infected program, not a person actually "hacking" the account.
3. Someone guessed your password.
4. You were phished. [quote]
In answer to your first statement, what had been happening was the tapper hacked my email account and "posed" as me and sent all my friends nasty emails. I had a lot of explaining to do. I don't think that the other scenarios are viable. Since I switched to Shaw, people are still knowing my personal business that I have only discussed on the phone, so I know it's still happening. Oh, and there's no chance that someone is gossiping, as many of my friends do not know each other.
[quote] It's certainly possible, and highly likely as well. Almost every home computer that comes through our shop is running some kind of malware. Have you run any scans? With what software? What antivirus are you running? [quote]
I have run spyware scans and antivirus scans and it turns up clean every time. I use AVG as an antivirus. I did a reformat of my computer yesterday, so hopefully that has had some positive effect.
Telus supplies their customers with a combination modem/router. I'm far from expert, but routers make it difficult for somebody to break into a computer, correct? What is the likelihood of somebody bypassing the router to install malware?
|
| Aaron Cake |
Posted - Feb 10 2008 : 10:41:46 AM
quote:
Originally posted by icy1
A year and a half ago I noticed that emails I had been sending out to people were being changed. So yes it was a hacker accessing my email account, thru Shaw Cable internet.
There are several scenarios, from most likely to most unlikely.
1. Someone was just sending out spam with your address as the return address. Happens all the time.
2. Your machine was infected by a virus that was sending out email using your account. The virus would have came via email or an infected program, not a person actually "hacking" the account.
3. Someone guessed your password.
4. You were phished.
quote:
It was around then that I decided to go to cable telephone, again thru Shaw Cable. I never noticed any problems with the phone service up until a few months after I subscribed. Certain people were finding out personal information that was only discussed over the phone, so now I figure my phone is being tapped. What also was happening was that this "person" was somehow managing to make prank calls to people, but using my number somehow. I even had some of the calls show up on my bill.
Is this VOIP?
If so, there are several ways to intercept VOIP traffic but all are nontrivial. It is easy to steal your VOIP authentication info from your box and "clone" your ATA if you used a weak password of they had physical access to the box.
quote:
After searching thru all the cable wiring, I could find nothing, so therefore gave up on it.
It would not be on the television cable, but on the phone line.
quote:
A little while after that I decided to switch both my phone and internet over to Telus, as I figured that changing ISP's would get rid of this "person". Well, I am not sure if my email is being hacked at all still, but my telephone still is.
Why do you think so? What indications are that your phone is "hacked"? Is this a VOIP phone or a standard landline?
Are talking on a cordless phone? Maybe one of your neighbours has a scanner and is just listening in...
quote:
Now, how can somebody tap both Shaw Cable phone and Telus phone?
It's very unlikely.
quote:
Is it possible that there is malicious software installed on my computer?
It's certainly possible, and highly likely as well. Almost every home computer that comes through our shop is running some kind of malware. Have you run any scans? With what software? What antivirus are you running?
quote:
I opened up the computer and nothing seemed out of the ordinary.
There will be no physical device in the computer, and even if there was you would not recognize it.
quote:
I have searched for bugs and have checked both cable wiring and telephone wiring to no avail.
Do you know what you are looking for and where to look?
quote:
I need some answers to my situation as my right to privacy is being invaded and I am getting sick and tired of having to change numbers, etc.
If you are really concerned, hire a private security firm. |
|
|
