Spying

A

ashlee

New Member
Hi,
I have joined this forum because I have a problem with internet security at home.

I was informed yesterday that everything I've emailed or written on Facebook, Friends Reunited etc has been read by someone I live with. And there is now plenty of evidence. I don't doubt this has happened.

The details of why are not important. I want to know how. Not specifics (I really am not a would-be hacker). I just want an idea of how this might be done.

I have different passwords for everything with only marginal overlap. The easiest one was something like "workforce8" and the most complicated something like "jhn9@STAH". They are NEVER written down. Even the most difficult ones have been discovered, and private messages read.

We share the same network. These passwords cannot all be guessed, and I'm sure some sort of "spying" program must be involved.

What are the most likely methods that my "friend" uses?
Should I continue with internet banking under these circumstances? I feel nothing is safe. Of course, I'm fairly sure I could take legal action, but it is not that serious, at the moment.

I'm not good with computers, so please do not use too much technical jargon.

Thanks

Ashlee
 
It's easy to "sniff" passwords off a network. Those people don't even need to log on your pc or anything. I could say the name of the program, despite it being open source... but meh... I would be encouraging you to do the same
 
Thank you for your reply, patrickv!

So I guess that is how it's done :confused:

I have since discovered that emails at my work account (and others) seem to have been retrieved from the bin/trash/deleted section.

This seems impossible to me :eek:

Is this easy too? I know this could sound naive, but I thought this would be impossible. At the moment it all seems like some crazy party trick....just waiting for a rabbit to appear out of a top hat now!

Thanks for your help.

Ashlee
 
Download and run Malwarebytes and HiJackThis. Post the logs in the security section and ask for JohnB35, He'll help you out with anything nasty in the logs.

I would not use internet banking or anything private on that computer. Go to a local internet cafe and change all your passwords, also notify your bank that someone may have unauthorized access to your online banking.
 
ashlee said:
Thank you for your reply, patrickv!

So I guess that is how it's done :confused:

I have since discovered that emails at my work account (and others) seem to have been retrieved from the bin/trash/deleted section.

This seems impossible to me :eek:

Is this easy too? I know this could sound naive, but I thought this would be impossible. At the moment it all seems like some crazy party trick....just waiting for a rabbit to appear out of a top hat now!

Thanks for your help.

Ashlee
Click to expand...

It's very easy really. If they have access to your network it's just a matter of time.

When you connect to the internet you send packets of information to web sites and they send packets back. The way to get passwords is to capture these packets and through programs that I'm not gonna name you can find out information such as user names and passwords.

p.s. your "friend" is a dick.

Gooberman said:
Maybe this person installed a key logger on your computer
Click to expand...

I'm going to side with patrickv. It's a lot easier than a keylogger.
Wikipedia said:
Keystroke logging (often called keylogging) is the practice of tracking (or logging) the keys struck on a keyboard
Click to expand...
 
Do a virus scan and post a log of it. There are people here who would help you clean it if is infected. :)
 
Hi all, I just want to say thanks for your help.

I have access to the internet at work, where people do not spy (or they would be sacked), so I'll use that in future.

Thanks again.

Ash

PS linkin, thanks for that, but it's a Mac operating system, so no use, I'm afraid (I assume :confused:).
 
Do they have physical access to your computer? If you want to sit down and try a few things I can probably tell you how they did it, and how to safe guard it from happening in the future, but if this person has physical access to your Mac, then there is not much you can do. Physical access trumps all security.

Most social networking sites send passwords over HTTPS as do most web mail accounts these days, so I highly doubt they sniffed it out over the network. They probably either created their own account and rooted your machine or they have a keylogger installed.

If this person lives at the same house you do, I would have serious talks with them, or lock up your computer so they can't touch it, or just kick their ass.
 
tlarkin said:
Do they have physical access to your computer? If you want to sit down and try a few things I can probably tell you how they did it, and how to safe guard it from happening in the future, but if this person has physical access to your Mac, then there is not much you can do. Physical access trumps all security.

Most social networking sites send passwords over HTTPS as do most web mail accounts these days, so I highly doubt they sniffed it out over the network. They probably either created their own account and rooted your machine or they have a keylogger installed.

If this person lives at the same house you do, I would have serious talks with them, or lock up your computer so they can't touch it, or just kick their ass.
Click to expand...

Hi tlarkin,

Yes, they had access to the machine. But it is my belief that they didn't touch it or install anything. I can remove their access though, if I find this to be the case.

So, I've been using mobile broadband lately for sensitive stuff. What you are saying is that this will not help? Will putting my own account on the machine (password protected) help?

It would be good if you could tell me how to know if they have tampered with the machine.

Thanks in advance,

Ash
 
And here's how it's done....

....armed with the knowledge given to me by tlarkin (which combined with the courage of my conviction, became a serious force to be reckoned with) I have now had a confession. I'm fairly shocked. It goes something like this (correct me if I'm wrong):

You can actually BUY software (PC or Mac versions) that when installed on your computer, sits there and emails everything you type to you (passwords, the lot!!). It goes undetected. It can't be seen or wiped off! (OK so you lot knew this existed, I said I was naive ;)).

So I've decided to rebuild the Mac from scratch after I retrieve some photos and personal stuff.

The only trouble is....

apparently......

accepting an innocent-looking email can put the software back on. WITHOUT having to open the dodgy-looking attachments. (Either that software or similar, I'm not too sure - still reeling with the shock of all this so didn't take it all in). :(

So, once the Mac becomes pristine (and locked away) how do I keep it safe, and still read email?

Or have I got this bit wrong?

Thanks in advance for any advice. :)
 
ashlee said:
....armed with the knowledge given to me by tlarkin (which combined with the courage of my conviction, became a serious force to be reckoned with) I have now had a confession. I'm fairly shocked. It goes something like this (correct me if I'm wrong):

You can actually BUY software (PC or Mac versions) that when installed on your computer, sits there and emails everything you type to you (passwords, the lot!!). It goes undetected. It can't be seen or wiped off! (OK so you lot knew this existed, I said I was naive ;)).

So I've decided to rebuild the Mac from scratch after I retrieve some photos and personal stuff.

The only trouble is....

apparently......

accepting an innocent-looking email can put the software back on. WITHOUT having to open the dodgy-looking attachments. (Either that software or similar, I'm not too sure - still reeling with the shock of all this so didn't take it all in). :(

So, once the Mac becomes pristine (and locked away) how do I keep it safe, and still read email?

Or have I got this bit wrong?

Thanks in advance for any advice. :)
Click to expand...

Well, this depends....

First thing you do is get your data backed up, and wipe and reload OS X. Then copy your data back over. When creating your new user account use a very strong password. Also, if anyone else has an account on your computer ensure it is a limited account, as if they are admins they can install software on the machine that can do this. It sounded to me like a keylogger of sorts and it is in a sense.

Accepting an email will not install itself on your system. Depending on how the software was written, depends on the level of access it needs. If it just runs under your user in your home directory then, it technically would not need admin access and it could sit there undetected in your home folder I suppose. You would just have to manually monitor for it, and look at certain things.

At this point I would not grant those people access to your Mac again, as it sounds to me like they can't be trusted. Them having physical access really trumps any security you could put on it with the right knowledge, and with the right googling of certain key words. This holds true for all computers though, if I had physical access to your windows machine, I could root it in a matter of seconds by booting off a utility disk and hacking it. That is easy to do when you have physical access to a system.

A good old fashioned upper cut to the chin may give him the idea too, to stop spying on your computer.

Oh and it can be detected and removed if you know what you are looking for, did you already wipe your machine? If not perhaps we can take samples of the process to know what to look for in the future.
 
Hi tlarkin,

Thanks again for your help.

Everything is backed up now. And I'm "7 pass" erasing the hard drive that was used for the Mac back-up ("Time Machine") as this will contain the malicious software too. "7 pass" erasing of this disk takes more than a day, but I've started it now, so I'll leave it doing it. Then will come the re-installing and secure account set-up, I guess. And putting everything back. :rolleyes:

So, no, the Mac HD is not erased yet. That will be in a couple of days as I want my back-up drive clean as a whistle first, if this is making sense ("Time Machine" is not something I've needed to use before, is not something I'm familiar with and tends to takeover as soon as it's plugged in, so I'm taking no chances :rolleyes:). The only files I've removed so far are a load of personal stuff (I think, unless it was hidden in something I thought I didn't need again).

I'd LOVE to know what to look for in the future. And to "look the culprit in the eyes" so to speak. If you do know how, that would be great.

I really doubt this will ever happen again. A few things will change now.

Thanks again,

A rather tired, bemused and peedled-off Ash!
 
Well, if you feel comfortable at the command line, log in the account being spied on, and open up terminal.app from /Applications/Utilities. You will now be at a command prompt.

type the following command:
Code: 
launchctl list | grep -v "apple"

You can just copy and paste that, then copy and past the results on the forum. This basically lists every non Apple launch daemon. I have to assume the spying app is a launch daemon and is always running and monitoring things. Do you know the name of the app?
 
Hi tlarkin,

Ebalster, I think.

May do as you suggest if I feel brave enough.

Thanks again, your help is very much appreciated,

Ash
 
OK easier method then

1 - log in and launch activity monitor from /Applications/Utilities

2 - organize by alphabetical order

3 - select Eblaster with your mouse

4 - click on inspect (the magnifying glass icon)

Then copy/paste that info here.
 
Hi there,

I did that, but Eblaster is not showing at all.

It would be between "EAgent" and "Finder", but it's not there.

I think this software is designed to remain hidden?

I have to log out now, but I'll return when I can,

Thanks,

Ash
 
ashlee said:
Hi there,

I did that, but Eblaster is not showing at all.

It would be between "EAgent" and "Finder", but it's not there.

I think this software is designed to remain hidden?

I have to log out now, but I'll return when I can,

Thanks,

Ash
Click to expand...

Finder is from Apple, EAgent not sure what that is, but it could be a launch agent that I was referring to earlier, if you want to run that command still.
 
Hi tlarkin,

Just to keep you informed.....I have practised that command now (at work :o) and nothing bad happened (:rolleyes:) and I feel confident (:D) that I will try this at home later (:cool:).

:good:

Ash
 
You must log in or register to reply here.
Back
Top