• NudeCelebForum has been moved from the vBulletin to the XenForo platform.
    For additional information, see: NCF Moved To XenForo
  • New threads will not be visible until approved by a moderator.

  • Welcome to the forum!
    You must activate your account in order to post and view all forum content
    Please check your email inbox & spam folders for our activation email, then follow the link to validate your email address.
    Contact Us if you are having difficulty posting or viewing forum content.
  • You are viewing our forum as a guest, with limited access.
    By joining you will gain full access to thousands of Videos, Pictures & Much More.
    Membership is absolutely FREE! Registration is FAST & SIMPLE.
    Register Today to join the first, most comprehensive and friendliest communities of nude celebrity fans on the net!

Hi Jack This

Preferred User

Engorged Member
Joined
Jun 22, 2005
Messages
659
Reaction score
554
Got a client who has a stalker. This guy has tapped her phone, put a homing device on her car, etc. Real weirdo. She wants me to look at her computer and make sure there are no key-logger/GPS type things on there.

I'm thinking with Hi Jack This I can see absolutely everything that's starting at boot up, and with their little ADS scan that checks for hidden data streams I can see anything else that is hiding in there.

This is not my area, am I right or naieve?
 

mindido

Respected Member
Joined
Dec 3, 2004
Messages
1,830
Reaction score
702
Preferred,

HJT should find any spyware on a machine but I'm not sure about the keylogger. From what I know about them it depends.

First off. What kind of assets does the weirdo have at his disposal? If he tapped her phone (completely illegal, by the way, unless he's a cop of some sort) and put a GPS on her car, he must have some resources and/or capability.

Keyloggers can be software but they can also be hardware. I've only seen pictures of them but they can be very small (about the same size as the filters that are used on a DSL line) but must be inline.

I think if I were you, I'd do a couple of things. Repartition and reformat the HD. Its the only way you can guarantee that the machine will be clean when she gets it back. Second, you'll need to physically check the telephone line from the pole to the computer. The most logical place for the tap is either at the house box or the pole so both have to be checked. And remember, you'll have to physically check the telephone line the entire length and pay the most attention to areas where a small inline item could be hidden. Pain in the ass but if she's really that concerned it will have to be done.

Lastly, since a phone tap can only be done legally with the consent of a judge, do you really know what is going on here? If your sure her story is legit, and it can be proven he tapped her line, I'd head straight for the cops and get a restraining order against him.

*Edit*

Preferred,

Just found this:

http://www.securityfocus.com/infocus/1829

It gives a pretty good explanation of the software keyloggers (make sure you read this). Will keep looking for more on the hardware type.

*Edit*

A little about the consequences of installing a keylogger on someones machine:

http://www.spywareguide.com/articles/keyloggers_do_they_violate_wir_81.html

This site has a photo of a hardware keylogger that would be easy to find:

http://www.spyarsenal.com/spy-software.html
 

Preferred User

Engorged Member
Joined
Jun 22, 2005
Messages
659
Reaction score
554
I'll check your links, but to answer your questions:

1. She has a cable modem. Someone else is cleaning the phone lines. I'm just cleaning the computer.
2. Yea this weirdo does have resources ($'s)...lots of 'em.
2. She'd like to be able to clean it without all the time/$'s/hassle of reformatting.
3. She does have a restraining order.
 

mindido

Respected Member
Joined
Dec 3, 2004
Messages
1,830
Reaction score
702
Preferred,

Check those links as I've added a few more. Since the guy seems to have a lot of resources (and seems willing to use them), from what I've reread today, I don't think your going to have a lot of choices about the repartition and reformat. Some of the more expensive keyloggers load themselves at kernel level so, basically, if he's willing to spend the cash for such a thing, you don't have a choice.

I guess I would just add that you should keep good records of what you find as it could be used in court. If you find a keylogger, and can clearly demonstrate that the info was going to him, that would probably be a clear infraction of the restraining order. If fact, you probably wouldn't want to get rid of the keylogger as it would be more valuable to her in a court case if it was still intact.
 

mindido

Respected Member
Joined
Dec 3, 2004
Messages
1,830
Reaction score
702
Preferred,

"1. She has a cable modem."

This guy doesn't work for the cable company, does he? If he doesn't then no big deal. But if he does, it is possible for some of the cable network techs to view all of the traffic from a particular IP. They could just add a sniffer and grab anything from the IP.

Just found this:

http://neworder.box.sk/newsread.php?newsid=6791

I think its a kid bragging about how he wrote a keylogger that defeats at least one of the better known anti-keylogging apps. Not good.
 

Preferred User

Engorged Member
Joined
Jun 22, 2005
Messages
659
Reaction score
554
OK, I was naive. The first link taught me a lot. Esp your point about keyloggers at the kernel level.

So I think I tell her there are a fair amount of scans and/or checks I can do for many keyloggers, but there are no guarantees. Looks like the three common examples they talked about would all show up in a HiJackThis Run log. But the preferred route is to reformat/repartition and start over. And it looks like even a good SPI firewall might just see it as normal port 80 traffic.

No, the guy doesn’t work for Time/Warner. But he did get her email password somehow. Makes me pretty suspicious. She travels a lot so uses web mail in Europe where she’s plugging in her email password.

As for devices, seems like I only have to check back to the cable modem. Once it’s in the coax I would think it’s pretty clean. It’s a Sony VIAO laptop so it’s very hard to believe he could have snuck a piece of hardware into the case.

You bring up a good point about finding stuff and documenting. I might even be considered negligent if I just delete any evidence.

Thanks for the tips min. I wasn’t taking this seriously enough at all.
 

mindido

Respected Member
Joined
Dec 3, 2004
Messages
1,830
Reaction score
702
Preferred,

After pondering this, I think the best thing to do is try all you can think of to find out if there is a keylogger on the machine (I would get her OK first). If you find one, tell her, and have her tell her attorney. Then you figure out where its sending the data. If its to him, she probably has a real good reason to have him jailed (at least for a while). I wouldn't get rid of the keylogger for now as it would be good evidence for a court.
 

mindido

Respected Member
Joined
Dec 3, 2004
Messages
1,830
Reaction score
702
Preferred,

One last point about the rules of evidence. Its doubtful that a hardware keylogger was used but just in case. If you do find one, DON'T TOUCH IT, and don't touch the keyboard plug. They may have fingerprints.

Also, since this guy apparently has lots of resources. Make sure its actually her computer, and not an identical model that he could have replaced and screwed around with. I know, I know, this is way out in left field but, crazy people with money have been known to do stranger things.
 

Preferred User

Engorged Member
Joined
Jun 22, 2005
Messages
659
Reaction score
554
He is crazy. But she's a pretty good chip head with a lot of stuff on there. Hard to believe he could make the switch without her knowing it.

Thanks for the tips. I'll let 'cha know what I see tomorrow.
 

mindido

Respected Member
Joined
Dec 3, 2004
Messages
1,830
Reaction score
702
Preferred,

"Hard to believe he could make the switch without her knowing it."

Yeah, I know, but crazies with money can do some pretty idiotic things. The reason I asked is that, knowing a bit about the intricacies (and fallabilities) of law, it could be a bit of a problem if he could demonstrate in a court that the machine was actually his (and came up with some fallacious excuse that he had leant it to her). Again, I know this is way out in left field but it may be worth checking the serial # just in case. You definitely want to cover all your bases.
 

Pemolis

Senior Member
Joined
Feb 22, 2005
Messages
9
Reaction score
1
Keyloggers are inherently not illegal and not considered a virus (to my knowledge). So most antiviruses won't spot them (actually they'll spot something, but won't be able to identify it).

You are going to have to reformat it. I wouldn't rely on trying to clean it.

Most hardware keyloggers would be plugged into something (serial, parallel port, usb port, something). He'd have to rip the case open to put something internal on the machine, so if you don't see it, its probably not a hardware thing.

If you have proof of the phone tap.. thats a federal crime. BUt if he has $.... the lawyer will bypass most of the legal issues.

I am assuming you don't have a supercomputer with ya or mass resources...
Do this.


Bit image the hard drive (duplicate the entire hard drive as a image). Make a MD5 hash of it (so you preserve integrity). Basically back the entire thing up.

Secondly, install ethereal on it. Start logging ALL the traffic that passes in and out of the computer (ask her not to download or use it very often, just keep it on, check her email once and a while, type out something silly).

After a day or 2, analyze the ethereal logs. Look for suspicious packets and note down there IP. That should be the Server the Keylogger is communicating with (so you can track down the bastard that sold him the keylogger also).

If the server is US based... call the FBI cyber crime lab and see what they say. If its international... well they won't do too much due to international law.


If you are going to use this as evidence of a crime, DD the driver. Else just format the entire thing. Rename its workgroup, clear out the router table (make sure it is pointing to the correct DNS servers), call your isp and change your IP address if you have a static address. Change your email addresses (if you are not entrenched to that address, just pick a new one and change the password). If you have friends who need the email address, tell them not to use outlook express (cause if he has you keylogged, he's probably sent the damn thing to your friends too).


WHen you format the hard drive, make sure you format it ALL. Format the master boot record (some viruses live in there). Format hte slack space, wipe out the entire thing, delete the partitions, Hell if you can Zero the Drive.

Reload your computer Bios, and Reset the configuration of the Cmos.


FORMAT THE THUMB DRIVE.

.....

I am rambling on.


Tell her to buy a big dog, and a can of mase, and also release his name to the national enquirer and try to wreck his name (american media is all over the world).

Say he slept with a horse or something.




If you want to see if something is going to/from the computer, put a computer inbetween her's and the internet connection and Log all the traffic going in/out of it. You can also use Ethereal that I mentioned earlier. It will grab every single bit and log it, the type, its construction, what sent it, where it is going, how large, when, etc etc.
 

mindido

Respected Member
Joined
Dec 3, 2004
Messages
1,830
Reaction score
702
Pemolis,

Good info! Although I wonder about one thing. Given that there are potential significant legal issues here, it seems to me that if Preferred does find a keylogger it would probably be best to leave the keylogger as is and just remove the HD and install another (if she is willing to go after this guy). Since this is not Preferred's specialty, it would seem best to have the original HD in its present state as it is pretty good evidence of a violation of the restraining order. I don't think he wants to get involved in possible evidence tampering.
 

Preferred User

Engorged Member
Joined
Jun 22, 2005
Messages
659
Reaction score
554
Permolis,

Good advice on Ethereal. I’ve just used it enough to be dangerous, but I know why you counsel to let the computer sit and do almost nothing. You just go to one little site and you can have 10 entries to slog through.

I agree with Mindido (who’s Badgers should cruise against NW today), the smart move is to buy a new drive and rebuild that. However, she called and cancelled on me yesterday. The wacko just got served the restraining order Thursday, and I think that put him into overdrive. I think she’s pretty scared and intimidated, which is exactly what the wacko wants. I don’t know what’s going to happen with it now.
 

mindido

Respected Member
Joined
Dec 3, 2004
Messages
1,830
Reaction score
702
Preferred,

Sorry about the cancellation but you should make sure she knows whats up with the HD. It could be valuable evidence.

Situations like this really suck. I had a similar situation a few years ago where a girl just wouldn't let go. She finally did but I still have all of her letters and my phone tapes stored just in case she ever shows up again. So do make sure the client understands the potential evidence value of the HD.

As far as the Badgers go, the defense really stunk up the joint today, I really hate those dog gone spread offenses. I'll go find a good place to cry now. :)
 
Top