Hello everyone,

My father, a (potentially) former NSA cracker, has been hacking my laptop computer ever since I left for college this year. I do not, however, have any concrete evidence or proof. From conversations that we have had, I am 99.9% certain that he has access to my computer (he set up an SSH on my computer, which I think that I have effectively disabled, but as I know almost nothing about SSH servers and how they work, I am not sure) through who knows how many programs and backdoors. I just installed the professional trial of eEye and ran a scan which showed that I have 5 high risk, 5 medium risk, and 14 low risk security issues. Here are the descriptions of a few of these:

Microsoft Windows contains a vulnerability in the SSL and TLS protocols when renegotiating session handshakes that could allow man-in-the-middle attackers to inject arbitrary data into encrypted TLS/SSL sessions.

The current MS RAS (Remote Access Server) is not encrypting data transfers. It is recommended to encrypt all transfers between client and server.

The current MS RAS (Remote Access Server) is not logging connections. It is recommended to log all RAS connection information.

It is recommended to enforce MSCHAP V2; this forces the server to drop any VPN (Virtual Private Network) connections that do not use MSCHAP V2 authentication.

By default, users are permitted to make RAS connections without any sort of authentication. It is recommended that you require users to authenticate themselves.

ICMP Timestamp request is allowed from arbitrary hosts.

Structured Exception Handling Overwrite Protection (SEHOP) is disabled on the target system. SEHOP is a mitigation that attempts to prevent an attacker from using the Structured Exception Handler (SEH) overwrite exploitation technique.

NTFS has the ability to support backwards compatibility with older 16 bit apps. It is recommended not to use 16-bit apps on a secure server since it could allow attackers to bypass access restrictions for files with long file names.

POSIX and OS2 should not be enabled. Enabling the POSIX or OS/2 subsystem can allow a process to persist across logins.




Can anyone help, please?

There are a couple of solutions:
A) Buy a new harddisk and replace the old physically with the new one. Then install an operating system fully up2date. (Install a good firewall and anti-virus system too like Kaspersky, Symantec Norton 2010, or similar.)

If you're into computers, install Linux and configure it in a secure way.


B1) Your father may have installed a rootkit which does not get wiped by a regular Windows re-format. If you're not going for a new harddisk to be sure you don't got a hard2remove rootkit installed, get a "harddisk eraser" from IBAS or similar. (It's just a special magnet messing up the bits on the magnetic harddisk, in case it's not an SSD disc.)

B2) Perhaps, if there is a rootkit on your computer, a simple re-partitioning and format of the harddisk in Linux may erase everything. You can get LiveCD's in case you're not familiar with the linux console, and such a tool could be QTParted or GParted. I'm not sure how well Norton Partition Magic would work in this case.

B3) Do one of those Government Clearing of your harddisk where the data is wiped +5 times. (Depending on the method you choose, one of them will erase the data more than 30 times on your harddisk. It's a quite cool tool but I forgot the name unfortunately.)

C) Your father may have installed a rootkit in the BIOS, if so you need to replace the BIOS chip if possible. Otherwise buy a new motherboard or get a new computer. (Since it's a laptop, there isn't very much you can replace.)



Anyway, when you've done that and installed an Operating System do a FULL DISC ENCRYPTION!

Install TrueCrypt, and do a full disc encryption and set a good, long password with mixed upper and lower-case letters, numbers and symbols.

When you've done that set a password in the BIOS and make sure it is not possible to boot up on anything besides the harddisk. (Set the harddisk to be the first device in the boot order.)

Then you could set a password for booting up the computer as well.

There is however a reset jumper on most computers nowadays, which is able to reset the BIOS password. If you want to disable that functionality you need to do some hardware modifications to the motherboard in your laptop which I cannot recommend.


But if you follow most of what I wrote above, you'll be fine.

When you've installed your operating system and a firewall and an anti-viral system, don't visit websites your father suggests you   (He may be a rogue hacker too.)

Avoid using instant messaging programs except IRC.

Use HTTPS (ssl) whenever it is possible and encrypted protocols as well.


Now we're on the paranoid path, but depending on how well you want to hide everything from your father and anyone else, you're getting pretty close.



If you just want to confirm whether he's spying on you or not, do the following:
1. Set up a LAN where NAT is enabled. (A simple network with local ip-addresses, a router and another computer.)
2. Set up the second computer to log all communication from your computer to the Internet.
3. Don't use the laptop for anything but browse to a few websites you visit and then check the second computer if there's traffic that shouldn't be there.

This is NOT something that's easy, but it's fun  


Good luck and have fun  


PS: This reply was quite "brief" in how to do the above suggestions and these do not reflect my entire view on the possibilities on confirming whether your father has hacked your computer or not nor does it confirm how many ways there is to lock your computer down entirely. (In short, there's more to it than what I just said.)

Windows - SDelete, Eraser
Unix based OS - shred command should do

I have to agree with some of what the others said.

1) download Ubuntu work from that for a while. See if your dad still knows things you don't think he should.

2) buy a second cheap box, run linux on it, get an old school hub (not a switch), and then look at the traffic going out of your network.

Depending on where you go to school, you might be able to find someone to do it for you. For the price of a 6pack or 2.

*edit:

Or you could just ask him about your concerns.

Reading comprehension ftw:

So the computer has RAS enabled so dad can help out when he's not around...  he doesn't need to be an NSA cracker.  He doesn't even need to be able to hack his way out of a paper bag.  He has access to the machine.  Full disk encryption won't fix that.  It won't even help.

If you are worried about him on the computer, get tech support somewhere else.

Edited:  fixed copy paste error induced by writing response from my droid....

reformat and be done with it.

simple and effective.

p.s. if your dad was a NSA cracker, you're screwed.