My hacker(s) and I

It appears that we may slowly be (16 March:) still are not developing an understanding.

As the constant freezing of my PC and his unexpected butting in was very disruptive, a week ago or so, I suggested setting a schedule or some general rules. Not rigid rules, more like a guideline.

He seems to like it, but when I am late in the morning, he lets me know that he is very angry by messing up my screen incredibly (controlling the monitor) and rebooting the PC non-stop for about 15 minutes. He can also tell my PC’s fan to gear up. He hacks hardware too, yes.

This morning, he arrived at 8:30, causing my PC to freeze, requiring me to flip the UK-style socket’s power switch, and he appeared to leave my PC at around 9:50. At around 11:15, he seemed to be back, but it is more likely that he’s been logged into my system since 8:30. He can be present without me noticing it, and sometimes believes that he’s tricked me into believing that he’s gone, lol. After 10+ years of this, I have more or less gotten used to it, though on some days, it becomes too much and I yell at the computer and/or at one of the other people involved in this circus.

(He doesn’t want me to post the little video I made. Keeps deleting it.)

My PC sometimes also freezes for other reasons, however, and I am aware of that. The site of The Independent almost always makes my PC freeze.

The more I think about it, after having skimmed a few papers on the topic, the more convinced I am becoming that yes, he has a form of Asperger’s. (16 March: But how would I know? NPD apparently can look exactly the same, and I doubt that Asperger’s goes with taunting.) (19 March: No, apparently, it’s got nothing to do with autism.)

People with Asperger’s too have a problem with theory of mind. This can make them appear to be devoid of empathy, hence make them appear to have NPD and/or psycho/sociopathy. It is hard for him to assess how some of his actions and behaviours affect other people. He seems to see those as independent of himself, the way one would look at a computer problem when a computer is malfunctioning.

He does not think of the “cups of coffee” he throws “into other people’s keyboards”, so to speak. He has a tendency to take over my entire life (also in terms of getting into my head, of course, just like it is hard not to think of water when you just fell into a pond).

As some of you know, the story is a lot more complicated than this, but figuring out individual components is certainly helpful.

I am the one who has to live with this, after all, so I have to do the best I can to make my life as liveable as possible regardless of whatever the hacker’s doing, or any of his associates.

It’s taught me that we don’t all speak the same language. Some of us use music as language, others visual art, and his language is, well, coding, I guess. Or the general way he interacts with software and hardware.

I think I can often tell whether he is in my PC or not by things like how quickly some or all web pages load and refresh (the ones he wants access to, either to control what I get to see or do or to add messages from him), and whether they load once, or two times.

In 2011, I took a photo of the hacker, by the way. I know who he is, what he looks like, roughly where he lives and what is name appears to be.

I also know that he is not doing all of this on his own. There is someone else involved, with a different condition, who sometimes does terrible things, partly to support and perpetuate his own hero role, obscuring what is really going on – like someone who pushes you into the canal so that he can pretend he is rescuing you and who quickly pushes you back when nobody’s looking, and should someone notice, then he’ll use it as proof of how clumsy you are – and partly to try and drive me crazy, to frustrate me and hurt me. At least, that is how it often comes across on the receiving end. Not always.

Someone – mostly the hacker, usually on behalf of the other person, I suspect, or my immediate downstairs neighbour on behalf of them – has also been going into my flat when I am out, for years, until I managed to stop it – AS, 16 April 2019: temporarily, as it turned out later – by installing an extra lock. Sometimes he took something, or he returned something he took earlier. At other times, he moved something, left a note, destroyed something, or hurt an animal. He – or his brother – has also killed animals. His theme is decapitated pigeons, though I also suspect him of having killed all the stray cats here where I live in the past year or so.

The first time I knew for sure that someone had been in my flat was on Good Friday, I think it was in 2015 (I can check), when something had been moved, something relatively heavy. Up to that point, I only sometimes had had a strange feeling, but it had never occurred to me that someone could actually be shimmying the locks and going into my flat.

Neither of them can help doing this. I understand that.

This is part of the story of how I got into bioethics and inclusivity.

I’ve learned a lot from it.

Ha ha ha – hacking is NOT illegal in the UK

https://www.bbc.co.uk/bbcthree/article/81172bfa-58e9-4b12-893c-7e80a731a852

British police does NOT investigate hacking.

The idea that they do is a myth.

People are told to report cyber crime to the national monitor of cyber crime, Action Fraud, but most people don’t realize that this means that the cyber crime is not actually investigated. The name of the agency sounds so nicely “active” that people fall for it and think that this agency actively investigates cyber crime, but it only keeps statistics and only if there is an economic component.

At some point, I even received a (spoofed) e-mail from Hampshire Constabulary stating that hacking, criminal harassment, business sabotage and shimmying the locks to someone else’s apartment are not crimes. I didn’t bother taking that to the police. It would have been a complete waste of my time.

For the record, what police officers sometimes do appear to do, is tick boxes in their computer programs that make it look like something has been investigated when it hasn’t. (I have proof of that, or at least of police stating to third parties that they investigated something while they didn’t, apparently for no other reason than to discredit someone and suggest that the person was psychotic or paranoid – and I have something that backs up the latter as well. It is the kind of unexpected jaw-dropping information you can uncover when you exercise your FOI rights.)

http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/national-cyber-crime-unit

Entertainment

But not just entertainment. This documentary certainly stands out because of the number of female experts in it. That is still rare.

(I seem to remember that North Korea as behind the Sony hack was later disputed or doubted, however. Either North Korean hackers got careless at one point by skipping encryption at some point, I seem to remember, or someone made it look that way.)

Also, the information given about Tor in this documentary is not complete. Your internet provider can still see what you do.

In the earlier days of the internet, there used to be a site where you could track which transatlantic cable your e-mail was using or something like that. I also remember an instance when e-mail broke down for a day or so because there was a problem with one of those cables. In those days, a lot of services were still based in the US, so your message to someone in Germany might even have to go through a server in the US, stuff like that.

How hackers wiped out a restaurant, and a lot more

That particular restaurant got wiped out in a month after having been in business for about two decades. Just for fun. Because hackers didn’t like the restaurant owner. Maybe because the name of the restaurant.

In this video, it’s a hacker who says this. He says that hackers wiped out this business because they didn’t like the owner.

(He also says that there is something really fishy going on with Google’s business listings.)

It probably happens much more often than most people are aware of.

World War Three is being waged in cyberspace

 

File 20171003 30864 1kwu0a1

Dr. Mike Sosteric, Athabasca University

My introduction to advanced communication technology (i.e. the Internet and World Wide Web) came in 1999.

Having grown up in the two-channel universe of the 1960s and ‘70s, I was agog at the power it represented. The technology was nascent at that time — not many web pages yet existed — but I could still see the potential for good. Here was a technology that I felt could really save the world.

I am not ashamed to say that when I first saw the Web, I was filled with schoolboy naivete. I wanted to help, so I did. I created the first electronic sociology journal, did a few more things after that, and with a massive anticipatory grin, watched and waited for utopia.

Unfortunately, utopia didn’t emerge. In fact, my naive grin soon melted away.

The melting began when I learned that researchers at Cornell University, working without ethical oversight and possibly in collusion with the U.S. Department of Defense, were learning how to use Facebook, a technology we keep by our beds, to manipulate mass emotion.

The grin melted even further when I saw fellow scientists had learned to use search engines to manipulate political preferences.

Manipulating Trump supporters

The grin turned to an outright frown when I read in that same study by the Proceedings of the National Academy of Sciences, a multidisciplinary scientific journal, that moderate Republicans, moderate libertarians, male Republicans and the “deplorable” poor — President Donald Trump’s base — were the most susceptible to manipulation.

I became a little worried when the scholars who wrote the study suggested that Google, by manipulating its algorithms, might already have decided a foreign election, in India in 2014, in favour of a right-wing candidate.

Then there was the historic 2016 election of Trump. That’s when my smile turned to a grimace. During that election campaign, Trump called out to Russia to hack the election, which they did. Spewing hundreds of thousands of dollars of fake ads into Facebook, Twitter and probably Google, they attacked America full-on. They didn’t do it with bullets and bombs; they did it with bits and with bytes, and with the help of American CEOs and American technology.

It was certainly an attack, and there were definitely explosions, but they were in cyberspace. Desensitized by Hollywood violence, we are not paying attention to the attack on our minds.

You can argue about whether the Russian attacks were effective, or puzzle if Trump and his family are traitors, but the fact remains — we are under attack, and if something isn’t done, it’s going to get worse.

Annual hacking event

You don’t have to be a prophet to see what’s coming. The battle plan is in plain sight. In the midst of Cyber Security Awareness Month, it’s time to open our eyes.

Consider the Russian company Positive Technologies. This firm holds an annual event known as PHDays, or “Positive Hack” days. At this event, which started back in 2011, the world’s best and brightest hackers get together to train.

It doesn’t sound too threatening until you learn about “The Standoff.” The Standoff is a military hacking competition with a blatant military goal: Take out a city’s telecom, heat, power, oil, and rail infrastructures. The city’s citizens are even offered up as a resource for the hackers. They are easy to exploit, says the rule book. They use “smart gadgets every day.” “They are vulnerable to social engineering.” They are “prepared to share [their] secrets.”

//platform.twitter.com/widgets.js

Sitting back in my chair with a thump, I see it clearly.

There’s a global war going on, and a global arms race to go with it. The arms race is not a race for physical weapons, it is a race to develop cyber-weapons of psychological, emotional, financial and infrastructure attack. By now, the arms race is so far advanced that it makes the leaflet campaigns of the Second World War and the U.S. government’s Operation Cornflake look like toddler’s play.

ISIS and the far-right are using Twitter and other online networks to radicalize our youth, bringing the war to our streets. Russian cyber-marines engage in massive cyber-attacks, going so far as to target our voting machines.

Just recently, the sensitive financial data of almost half the U.S. population was stolen by state-sponsored professionals. There is even, as is becoming increasingly clear as the Mueller investigation into Trump’s Russia connections unfolds, a “highly coordinateed disinformation campaign” — a propaganda campaign, aimed at destabilizing American society.

Wake up and realize we’re at war

If the horrific recent gun violence in Las Vegas, exploding racial tensions and political polarization of Western democracies are any indication, destabilization is proceeding apace.

So what do we make of this?

No. 1: Realize that global war has been declared. It’s a little hard to pin down who fired the first shot right now, but the aggressors are active and engaged.

No. 2: Understand we are all under attack, even Republicans, perhaps especially Republicans, and the poor. There may be short-term financial gain for those who benefit from the destabilization, but only a fool would think the enemy is our best friend.

Finally, if you are a private citizen, you need to start taking the cyber threat seriously. Combatants are trained to see you as easy-to-manipulate resources. You are being viciously manipulated through social media.

Your financial data is stolen and could easily be used against you. Cyber-marines are training to take out the life-giving infrastructure of your cities. Are government and corporate leaders blithely unaware, or engaged in traitorous collusion? Only time will time tell.

The ConversationUntil then, wake up, gather your loved ones, lock down your social media, and batten the hatches — the war for your mind has begun.

Dr. Mike Sosteric, Associate Professor, Sociology, Athabasca University

This article was originally published on The Conversation. Read the original article.

IP addresses aren’t passport photos

I hear it time and time again. If someone is bothering you electronically, such as by e-mail, you can identify them on the basis of the IP address, take that to the police and be done with it. An IP address is like someone’s passport photo, right?

Not so.

Most people make the mistake of assuming that cyber stalkers and hackers behave the same way they do. They think that cyber stalkers and hackers automatically reveal their own IP addresses when they approach a target electronically.

Wrong.

Anyone who’s ever used a torrent stream or tunnelled to access a TV show or some other online content in another country knows better.

Most people haven’t.

Cyber stalkers and hackers aren’t stupid and usually hide behind an electronic wall called a proxy. They can also use a series of proxies. Sometimes, a cyber stalker or hacker gets sloppy and forgets this step. It’s been said that’s what happened in the recent hacking of Sony. Others think that it was just a smart hacker who made it seem that way, though.

How far most people are behind on reality

Read this article on CNET.

The jokes themselves are not the problem. The problem is that just about anything these days can be hacked. The internet of things. People are starting to catch up on that. The realization is slowly sinking in and United Airways appears to be freaking out over it, understandably.

7 out of 10 UK law firms affected by cyber crime in 2014?

The Solicitors Regulation Authority (SRA) has reported that in 2014, nearly 70% of UK law firms reported a cyber security incident.

cyber security guy or hackerRead more: here.

The first half of the article focuses on bogus law firms. The second paragraph under the ad is about how cyber crime affects law firms.

 

Uber Technologies – not a law firm – has billions at its disposal; that allowed it to do some investigating that enabled it to file a John Doe lawsuit after its recently reported hacking incident. Which it discovered about half a year after the fact and then kept silent about for another six months. Give or take a few days.

Data security in the legal profession

ICO, the Information Commissioner’s office, issued a warning last year after several data breaches at law firms.

circuitAccording to the ICO, there were fifteen reported incidents of data breaches in the legal profession within a period of three months.

You can read more about it in this article in the online magazine Computing News and on
this article on the ICO website as well as in this pdf file by ICO.

  • How many legal professionals have ever built a computer from scratch? I have. It worked fine right away, too. (To my own amazement.)
  • How many legal professionals were taught a little bit of computer programming at university? I was.

Loophole in Seagate’s Business Storage 2-Bay NAS products

If you use one of Seagate’s Business Storage 2-Bay NAS products, you will want to hear this. It may concern all versions up to 2014.00319 but certainly

  • Business Storage 2-Bay NAS version 2014.00319
    and
  • Business Storage 2-Bay NAS version 2013.60311
The vulnerability allows unauthorized root access. Seagate knows about it but has kept quiet about it, alleges this article in the Hacker News.

Another mark against Uber

There are many misgivings regarding the app-based taxi company Uber. One of those is a belief that Uber’s databases will get hacked.

Apparently, they already did. Get hacked.

Uber found out four months after the fact and kept quiet about it for months afterward. Last Friday, it finally came clean. In the New York Post, you can read more about Uber getting hacked.

Uber has meanwhile started a lawsuit against the hacker, identifying him or her as John Doe. This is also how you can sometimes take action against anonymous internet trolls as the FindLaw blog explains.

Hard disks can have backdoors

And running Linux or formatting your hard disk won’t help.

How so?

A hacker can build a backdoor on your hard disk by targeting and reprogramming the controller, a tiny computer of its own that makes sure the hard disk works.

First, the hacker needs to gain (remote) access to your computer, and he or she has to be pretty good. That means that you don’t need to lose much sleep over it yet, but when it happens, you’re toast.

Unless, for example, you keep your computer offline afterward and make sure it can’t be accessed via powerline networking either. Would you be able to tell that there is a backdoor on your hard disk?

Read more here.

Source: ArsTechnica

Keeping a PC offline keeps it safe, right?

Wrong.

Cyber crime is much sneakier than most people think. It is not limited to someone accessing your hotmail or Facebook account. it can take over your life. And gobble up your business.

There are various ways to access a computer that is offline. A term sometimes used for an offline computer is ‘air-gapped’, but for starters, a true air-gapped computer should never ever have been connected to the internet to minimise the chance that there is any software (code) on it that shouldn’t be on it. It should be brand-new, out of the box.

Unless you put it in a Faraday cage, some of the information on an offline computer can still be accessed although this is usually merely passive. It concerns information displayed on a screen or entered on a keyboard, for example. This can be accessed but not altered.

Here are a few technical articles for those who want some background:

Here is a really nice old video about it:

And this one, in German and much more recent, is quite clear too:

Here is another one:

In addition to the above, I see at least four more or less regular ways to access a computer and tamper with it:
– via cable or telephone line, directly;
– via cable or telephone line, using unused capacity on the line;
– wireless/wifi network;
– powerline networking.

In the case of powerline networking, there may be a need for that computer to have been hacked before it was taken offline. That also seems to be the case for at least one of the air-gap hopping methods.

It may also be possible to access printer memory via powerline networking and acquire information that way.

A computer does not have to be accessed through its operating system such as Windows, as is often thought. Computers can be accessed at a much more basic level as well, but it depends on the hardware and its settings.

Hackers can also purchase or build scanning equipment that can detect your mobile equipment. Phone hacking and spying software is available from regular retailers and its use has ‘reached epidemic proportions‘ (article in the Independent).

Here are four more articles, in The Independent and the Huffington Post:

If you are really intrigued now, read this article in NewScientist about new bugging devices.

Hacking: What you can do

Hackers can do incredible damage to businesses and contrary to what is often thought, hackers don’t only go after large corporations with vast amounts of credit card data and e-mail addresses. They go after tiny outfits too and after people like you and me. Below are a few things you need to know about hacking.

Picture of me 1-crop4In 2009, British police was given the power to hack into personal computers without a court warrant. It is called remote searching. You can read more about it in this article in The independent. By the way, it ends with this important bit of information:

The European Court of Human Rights has ruled that Britain’s policy of retaining samples from people never convicted of a crime – including children – breaches human rights.

However, there have also been reports that the British police runs hopelessly behind with regard to fighting cyber crime, because it lacks the knowledge and technology (see here). “The police are becoming more aware of the cyber threat, but remain behind in terms of their own technology, knowledge and intelligence”. How does this add up? To police not being able to do much, in practice. Cyber crime investigations are expensive and require the kind of expert knowledge few people possess.

The least you can do?

  • Always cover your web cam when it’s not in use. Read more about web cams and hacking here and here.
  • Never tell anyone you do not really know what computer equipment you have and what software you run. The chances that you are talking with a hacker may be slim, but if you are, particularly if it is someone you have exchanged e-mail with (meaning that the person has your IP address), the person may not even have to use software intended to test computer security (such as Metasploit) to examine your computer from a distance and then use software like MeterPreter to target the vulnerabilities in your equipment.
  • Be aware that any e-mail you receive may be spoofed. Faked. There is no way to tell whether an e-mail is spoofed or not. E-mail that appears to come from a potential new client may contain a link that causes you to download code (and even the mail itself may contain code). Do a web search instead of clicking on the link and call that possible new client instead of e-mailing back.
  • If you are in the habit of filling out online surveys to make an extra few pennies, mail announcing a new survey can be spoofed too. Keep that in mind before you announce to the world (Facebook, Twitter) that you are filling out online surveys. Such an e-mail can then take you to the computer of a hacker who can ask you to tell him or her truthfully what kind of computer equipment you are using and all sorts of other things he or she wants to know.
  • Internet traffic can be redirected with internet port relay software. I don’t know how exactly it works. If you know what a traceroute is and suspect that some of your traffic is being rerouted, run a traceroute and direct its output to your printer (so that you have a hardcopy that cannot be tampered with). A traceroute can be redirected as well, however. Having traceroute results that show tampering is no good for police, but it can tell you that you are not going paranoid after all. That’s worth a lot.
  • If you use Facebook, Skype or anything else that has a chat possibility, use it on one specific piece of equipment, not on your main computer if you want to keep that computer safe. If you use anything with a chat feature on your main computer, it provides a hacker with a direct conduit into your PC. Particularly Facebook seems to be very leaky. If you keep all those social media communications limited to one device that you don’t use for anything else, you can easily reset or reinstall it in the event of a problem (generally without losing any data).
  • If you’ve just had broadband or cable installed and someone calls you claiming to be from your provider asking you any of the numbers on the side of the router or the like, don’t give it to the caller.
  • If you use a mobile phone for business, get several phones and only allow one phone number to be known publicly. That’s like the e-mail address on which you don’t mind getting spam. Use it only to receive calls, from mostly unknown parties. Use a non-published phone number on a different mobile to communicate much more securely with your trusted clients.
  • There is a lot of free and cheap software out there that you really don’t want to know about. Particularly if you have a persistent suitor, ex or an envious competitor, you should be aware, though, that there are all kinds of software that enable someone to modulate his or her voice when they call you or Skype with you, including changing gender. it works well, too.
  • I have no idea how tablets get hacked (Facebook use and hacking of mifi hotspots?), but regularly resetting one’s tablet, always verifying downloads, and backing up or removing personal files regularly is probably a good idea and anyone who tells you that there is not much hackers can do with a tablet still has a lot to learn.
    Below is an example of a tablet hack. You may have to play the (converted) video a few times and watch the tablet screen at the beginning to see that the tablet screen is filling up all by itself. There were pages and pages and pages of the stuff. The original recording is 7 seconds long and is continuous but has a bit rate of 64 kbps; the converted file seems to consist of only three images.

In spite of what most people think, though, many hackers are good for society and some may even help you on occasion.

IP addresses aren’t passport photos

I hear it time and time again. If someone is bothering you electronically, such as by e-mail, you can identify them on the basis of the IP address, take that to the police and be done with it. An IP address is like someone’s passport photo, right?

Not so. <!–more–>

Most people make the mistake of assuming that cyber stalkers and hackers behave the same way they do. They think that cyber stalkers and hackers automatically reveal their own IP addresses when they approach a target electronically.

Wrong.

Anyone who’s ever used a torrent stream or tunnelled to access a TV show or some other online content in another country knows better.

Most people haven’t.

Cyber stalkers and hackers aren’t stupid and usually hide behind an electronic wall called a proxy. They can also use a series of proxies. Sometimes, a cyber stalker or hacker gets sloppy and forgets this step. It’s been said that’s what happened in the recent hacking of Sony. Others think that it was just a smart hacker who made it seem that way, though.

“You have no idea”

A British hacker was arrested on Friday because he allegedly hacked into thousands of American databases, including many government systems, such as the Army’s, the US Missile Defense Agency’s, and NASA’s.

In one of his chats, he apparently wrote “You have no idea how much we can fuck with the US government if we wanted to.”

This one surely fits the tag “stuff you didn’t want to hear”. If you do want to hear, you can read more about it here.

Source: ArsTechnica