Mad cracker following my every move on the web

[axm80]

Hi all,

I am positive that some severely obsessed dude, whose identity I am certain of, has managed to hack into my mother's and sister's accounts to read my emails to them (which either never arrive or arrive open before they've actually read them) somehow also has access to at least the titles of my (several) email accounts and to my activity log on facebook, amazon and other sites.
 
He's also managed to do weird things like remotely getting my current housemate to subscribe to his best friend's facebook profile, for instance - if this doesn't sound too clear, her fb wall shows she subscribed to his best friend's fb profile in March, which she never did, nor does she recall ever receiving or accepting an invitation to become friends with him. He seems to still be enabled to follow my visits on the internet in spite of my 'clearing' of cookies, and there's a chance he might be reading this.
 
I have strong suspicions that he has also managed to hack into my work computer after an unexplainable series of emails and documents disappearing unexplainably (now this certainly doesn't tend to happen to me, and definitely not on the scale it recently has).
 
He is an IT professional and his computer knowledge is obviously more advanced to that of most people.
 
My initial questions are, what tools/means allow him to do what I mention above, is there a way (other than paying a computer specs to do it) to identify the computer from which he is doing this so I can get some tangible evidence, and what would you advise, technically speaking, in the meantime?

[sil]

My suggestion is to file a stalking and harassment report with your local authorities. They will (theoretically) be in a better position to assist you. Anything anyone does will likely tamper with potential evidence should you want to go to the legal system so if your ultimate goal is to that (somehow seek prosecution), then literally call the cops.

Because there is so much that could be done to remotely take over your machine, anyone can write a booklong response which will likely leave a non-technical person confused. If you don't seek to go the legal route, hire someone to figure out how the investigatory work. Your best best, copy any information you deem "sacred/holy/worthy" onto a storage device and rebuild your machine. This ensures you have a clean machine. Apply patches,etc., then change your passwords to something worthwhile.

[MaXe]

Seems like someone forgot to:
- Log out of facebook at a public place including any school, job, café, etc.
- Choose strong passwords (at least 8 ciphers, containing lower- and upper-case letters, numbers and at least one special character, and of course none of it should relate to: Years, Places, Towns, Cities, Zipcodes, Personal things, Names, and Birthdays, or any other known word that can be found in a dictionary or book.)
- Even MORE important is to make up a secret question and answer, that has absolutely no relation to you or only you know. Something you have never told anyone, otherwise even the best password won't protect you, if the "I forgot my password"-question is weak, which it usually is. The secret question(s) and answer(s) are just like your passwords, and they should be equally strong.
- NEVER use the same password across several websites. Use at least different passwords for: E-mail, your computer, social networking sites such as facebook, and especially at work or school.

- Never open attachments in e-mails, unless you are 200% sure you know who the sender is.
- Never open e-mails or allow scripts and images in them to be loaded, if you do not know the sender.
- Use an up2date firewall and antivirus program
- Never use anyone else's USB keys, avoid using your USB key in other computers than your own if possible.
- Don't allow people to use your computer if you don't trust them fully.
- Never log into facebook, your e-mail, etc., at a computer you don't know the security of. The attacker could've compromised this in case it's a school, workplace, etc. The attacker could also be eavesdropping on traffic on public networks.

- Always use WPA2/TKIP on a wireless network with a strong password. If you can, avoid using wireless networks, especially public ones.
- Avoid browsing to links you have no idea what contains, a lot of e-mail spam recently contains links to infected websites that automatically infects your computer.


If you follow all these guidelines, you should generally be quite safe.

Furthermore, you may have to reinstall your computer or just Windows in case you suspect this has been infected.

Last but not least, keep in mind, that if your e-mail gets compromised, everything it's attached to, facebook, twitter, etc., is potentialyl compromised as well, as an attacker can just use the "I forgot my password" feature then, just like you would if you had lost your password.


It's a lot of things to remember, but most of it is common sense and can be every day use quite easily if you're just willing to do so.
Naturally you should try to use "HTTPS" everywhere you can.

[DragonGorge]

Personally, I don't think it's worth the effort to hunt down evidence proving this person's guilt. Sure it's an invasion of privacy and a serious nuisance, but I would think the authorities have higher priorities than prosecuting unauthorized facebook friending.

Unless this crosses over into monetary theft, bullying, or you're a celebrity, I doubt the police would be of much help.

As for tools this person may have used? Could be any number of things, up to an including absolutely nothing. Take the hacker who was recently busted for hacking into Scarlet Johanssen's phone and stealing/posting nude photos of her. As I understand it, the majority of his hacking came from simple guesswork on usernames and passwords.

Cleaning up your systems (system restore to factory defaults if necessary) and changing all of your local and online passwords (mother's & sister's too) is probably your best bet.