Hi all,

I am positive that some severely obsessed dude, whose identity I am certain of, has managed to hack into my mother's and sister's accounts to read my emails to them (which either never arrive or arrive open before they've actually read them) somehow also has access to at least the titles of my (several) email accounts and to my activity log on facebook, amazon and other sites.
 
He's also managed to do weird things like remotely getting my current housemate to subscribe to his best friend's facebook profile, for instance - if this doesn't sound too clear, her fb wall shows she subscribed to his best friend's fb profile in March, which she never did, nor does she recall ever receiving or accepting an invitation to become friends with him. He seems to still be enabled to follow my visits on the internet in spite of my 'clearing' of cookies, and there's a chance he might be reading this.
 
I have strong suspicions that he has also managed to hack into my work computer after an unexplainable series of emails and documents disappearing unexplainably (now this certainly doesn't tend to happen to me, and definitely not on the scale it recently has).
 
He is an IT professional and his computer knowledge is obviously more advanced to that of most people.
 
My initial questions are, what tools/means allow him to do what I mention above, is there a way (other than paying a computer specs to do it) to identify the computer from which he is doing this so I can get some tangible evidence, and what would you advise, technically speaking, in the meantime?

Seems like someone forgot to:
- Log out of facebook at a public place including any school, job, café, etc.
- Choose strong passwords (at least 8 ciphers, containing lower- and upper-case letters, numbers and at least one special character, and of course none of it should relate to: Years, Places, Towns, Cities, Zipcodes, Personal things, Names, and Birthdays, or any other known word that can be found in a dictionary or book.)
- Even MORE important is to make up a secret question and answer, that has absolutely no relation to you or only you know. Something you have never told anyone, otherwise even the best password won't protect you, if the "I forgot my password"-question is weak, which it usually is. The secret question(s) and answer(s) are just like your passwords, and they should be equally strong.
- NEVER use the same password across several websites. Use at least different passwords for: E-mail, your computer, social networking sites such as facebook, and especially at work or school.

- Never open attachments in e-mails, unless you are 200% sure you know who the sender is.
- Never open e-mails or allow scripts and images in them to be loaded, if you do not know the sender.
- Use an up2date firewall and antivirus program
- Never use anyone else's USB keys, avoid using your USB key in other computers than your own if possible.
- Don't allow people to use your computer if you don't trust them fully.
- Never log into facebook, your e-mail, etc., at a computer you don't know the security of. The attacker could've compromised this in case it's a school, workplace, etc. The attacker could also be eavesdropping on traffic on public networks.

- Always use WPA2/TKIP on a wireless network with a strong password. If you can, avoid using wireless networks, especially public ones.
- Avoid browsing to links you have no idea what contains, a lot of e-mail spam recently contains links to infected websites that automatically infects your computer.


If you follow all these guidelines, you should generally be quite safe.

Furthermore, you may have to reinstall your computer or just Windows in case you suspect this has been infected.

Last but not least, keep in mind, that if your e-mail gets compromised, everything it's attached to, facebook, twitter, etc., is potentialyl compromised as well, as an attacker can just use the "I forgot my password" feature then, just like you would if you had lost your password.


It's a lot of things to remember, but most of it is common sense and can be every day use quite easily if you're just willing to do so.
Naturally you should try to use "HTTPS" everywhere you can.