Guys _ I'm a long time member and any help you can provide would be greatly appreciated. Let me give you some history. I am dating this incredible gal who has a verbally abusive ex husband. He is a control freak and it has spread to me. I am computer savvy and think I am moreso than him but he got me and got me good. He has a connection with law enforcment (local) and said he and a friend hacked on to my computer with some high tech fed program and that I can't trace it. (Even if I could I really can't prosecute him becasue then he goes to jail and my girlfriend doesn't get child support. So here are the facts:

I have DSL
Had briefly an unprotected wifi network while setting up new router
no firewall.
Security log shows typical smurf and sniffing - see below for today's log and surprisingly whatever I locked down has taken away all the smurfs I was getting...

Virus scan showed no real backdoor virus

What we know:

He has read my email and still is even after the router firewall and 128 wep encryption is activated.

My MAC addy is the only one allowed on the network

It appears he can only or has only read my outgoing emails

He says he has seen porn on my machine - ok well there was that one movie - but he could be bluffing

He says he has seen all of the photos from a trip I took with his ex wife - some of which were very private (intimate) - he acted like he saw all of the photos but again he could be bluffing

So given this what does he really have access to and how to protect myself?

What can I do to get him to back off without calling the law?

How to catch him?

Here is my security log from today and yes he accessed it today becasue he read one of my mails back to my GF to gloat about it -

01/05/2006 22:26:36 192.168.2.2 login success
01/05/2006 22:00:55 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 22:00:55 DHCP Client: Domain name = zoomtown.com
01/05/2006 22:00:55 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 22:00:50 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 20:00:50 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 20:00:50 DHCP Client: Domain name = zoomtown.com
01/05/2006 20:00:50 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 18:00:50 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 18:00:50 DHCP Client: Domain name = zoomtown.com
01/05/2006 18:00:50 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 17:01:00 NTP Date/Time updated.
01/05/2006 16:00:49 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 16:00:49 DHCP Client: Domain name = zoomtown.com
01/05/2006 16:00:49 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 14:00:49 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 14:00:49 DHCP Client: Domain name = zoomtown.com
01/05/2006 14:00:49 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 12:00:49 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 12:00:49 DHCP Client: Domain name = zoomtown.com
01/05/2006 12:00:49 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 11:00:59 NTP Date/Time updated.
01/05/2006 10:00:47 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 10:00:47 DHCP Client: Domain name = zoomtown.com
01/05/2006 10:00:47 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 09:54:00 sending ACK to 192.168.2.2
01/05/2006 08:00:47 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 08:00:47 DHCP Client: Domain name = zoomtown.com
01/05/2006 08:00:47 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 06:00:47 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 06:00:47 DHCP Client: Domain name = zoomtown.com
01/05/2006 06:00:47 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 05:00:57 NTP Date/Time updated.
01/05/2006 04:00:46 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 04:00:46 DHCP Client: Domain name = zoomtown.com
01/05/2006 04:00:46 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 02:00:46 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 02:00:46 DHCP Client: Domain name = zoomtown.com
01/05/2006 02:00:46 DHCP Client: Send Request, Request IP=72.49.162.16
01/05/2006 00:00:46 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/05/2006 00:00:46 DHCP Client: Domain name = zoomtown.com
01/05/2006 00:00:46 DHCP Client: Send Request, Request IP=72.49.162.16
01/04/2006 23:00:56 NTP Date/Time updated.
01/04/2006 22:00:44 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/04/2006 22:00:44 DHCP Client: Domain name = zoomtown.com
01/04/2006 22:00:44 DHCP Client: Send Request, Request IP=72.49.162.16
01/04/2006 20:27:26 sending ACK to 192.168.2.2
01/04/2006 20:00:44 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/04/2006 20:00:44 DHCP Client: Domain name = zoomtown.com
01/04/2006 20:00:44 DHCP Client: Send Request, Request IP=72.49.162.16
01/04/2006 19:00:24 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=7204
01/04/2006 19:00:24 DHCP Client: Domain name = zoomtown.com
01/04/2006 19:00:24 DHCP Client: Send Request, Request IP=72.49.162.16
01/04/2006 17:00:54 NTP Date/Time updated.
01/04/2006 17:00:28 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/04/2006 17:00:28 DHCP Client: Domain name = zoomtown.com
01/04/2006 17:00:28 DHCP Client: Send Request, Request IP=72.49.162.16
01/04/2006 17:00:23 DHCP Client: Send Request, Request IP=72.49.162.16
01/04/2006 15:00:23 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/04/2006 15:00:23 DHCP Client: Domain name = zoomtown.com
01/04/2006 15:00:23 DHCP Client: Send Request, Request IP=72.49.162.16
01/04/2006 13:00:23 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
01/04/2006 13:00:23 DHCP Client: Domain name = zoomtown.com
01/04/2006 13:00:23 DHCP Client: Send Request, Request IP=72.49.162.16
01/04/2006 11:00:38 sending ACK to 192.168.2.2
01/04/2006 11:00:38 sending OFFER to 192.168.2.2
01/04/2006 11:00:28 NTP Date/Time updated.
08/01/2003 00:00:00 DHCP Client: Receive Ack from 72.49.80.1, 'Lease time'=14400
08/01/2003 00:00:00 DHCP Client: Domain name = zoomtown.com
08/01/2003 00:00:00 DHCP Client: Send Request, Request IP=72.49.162.16
08/01/2003 00:00:00 DHCP Client: Receive Offer from 72.49.80.1
08/01/2003 00:00:00 DHCP Client: Domain name = zoomtown.com
08/01/2003 00:00:00 DHCP Client: Send Discover

My guess he is bluffing, but I could be wrong.

The best way is to let us see the movie and pics and he will have no ground for blackmail.

J/K!! :p

Just change all you passwords and the encryption to something longer ,w/ numbers, and funky symbols. Also you could try to trace the ip and report him to his isp.

Good luck w/ this.

He is definately not bluffing - and I could bust him with all the gloating he has done. I just read the sticky on securing the network and upped my encrytion to WPA as instructed.

To get him back I could send an email out with a lovely virus - plenty on Limewire and call it vacation photos - do not open at work - .exe And let him run it which he most certainly would. Any recommendeations? Or backdoor his home PC and ping his butt. But I'm not a hacker nor need to go there. But maybe I should covertly?

I think the key clue is that he can only see my outgoing emails - does that mean anything to anyone?

is it possible to stop using wireless access altogether?

Disable the admin share on your PC.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver\parameters]

"AutoShareWks"=dword:00000000

Do you have any shares? If so, make sure simple file sharing is not enabled and require passwords.

For outgoing mail, iirc, SMTP is plain text, no encryption. That may have just been between mail servers though, I can't completely recall.

I believe you are right about email having no encryption. I believe something like PGP would fix that. My bro says you can set this up for free

http://en.wikipedia.org/wiki/PGP

Change your email passwords.

Could it be that he's reading the received email of your GF, or has the passwords or access to her account? Did you mention the pictures or vacation information in any messages to her?

Some services have "remind me of my password" questions that are rather easy to answer if you know the person well... he may have used one of them to get your GF's password without her knowing, or it may be saved on her computer somewhere. If he has access to her computer, then it's very likely he can read through it easily.

I would say it's unlikely that he's hacked your network, it's probably privileged access to a system somewhere that he's leveraging to spook you with other informaiton gained from it. You could attempt to test this by sending your GF an email with not-obvious fake information, and see if he finds out about it. Send another message, containing more fake details about the same fake event to someone else... if he knows that additional information, then you know he's not limited to her inbox.

In all of my dealings with police, and RCMP (Canadian Feds) around here, they really don't know much about technology, nor do they care. At work we've brought several obviously very illegal items to their attention, and they just seem to fluff it off every time. I really doubt that 'just another cop' has access to super secret computer programs that track what you do. They can request information from your ISP, but they require probable cause and paperwork.

If your router has a list of DHCP leases, check that list, it'll give you a good idea of anyone has connected to your network. If you are really afraid, disable your wireless, but I highly doubt that it's anything this complex.

I started to post a similar response as Su's but got called away from the keyboard, the dog and some other stuff, SU is prolly right. Your 'security logs' imo, look as though they are legimate dhcp requests every 2 hours from your router/ pc on your lan. zoomtown.com looks up to an ISP in OH, perhaps your ISP based on your sig location. So really he hasn't 'hacked' you, more along the lines of what SU said, and common knowledge between your GF and her X.

Su root took the words right out of my mouth. The guy was married to your GF, he could have passwords, and insite into password hints.

Hacking into someone's email is illegal, and a 'buddy' in local law enforcement would know better. Also, local law enforcement is very weak in computer crimes, it nearly always gets handed over to federal juristictions if it is sever enough to proceed with an investigation. Local law enforcement would not have the skills or equiptment, even in a big city municipal police force.

He is definately not bluffing - and I could bust him with all the gloating he has done. I just read the sticky on securing the network and upped my encrytion to WPA as instructed.

To get him back I could send an email out with a lovely virus - plenty on Limewire and call it vacation photos - do not open at work - .exe And let him run it which he most certainly would. Any recommendeations? Or backdoor his home PC and ping his butt. But I'm not a hacker nor need to go there. But maybe I should covertly?

I think the key clue is that he can only see my outgoing emails - does that mean anything to anyone?

<click over there

Thanks for the ideas guys. He definately is getting to read my email somehow. He has access to her machine but I have only sent emails to her office becasue of that.

Is there a way someone can have every email I send out copy itself to another recipient?

Or perhaps it is he is simply logging on to the web access email and using that to read my stuff? Then he would have to know someone at my ISP to give him access to the password. Like he could have called and acted like me and got them to reset the password for him. I agree it is simple but what he has access to I am PO'd about.

Is there a way someone can have every email I send out copy itself to another recipient?

Or perhaps it is he is simply logging on to the web access email and using that to read my stuff?
It is possible on some email systems to blind copy all of someone's emails, but you have to be the email server admin to do it, and it's a big breach of security (not to mention illegal).

Change your password. If you are paranoid, rotate them every few days.. if he's calling your ISP with the "Remind me of my password" routine, this will get very obvious to them, very quickly. Or, call them up. If they are a big ISP, they'll have a call log... have them read it back to you. If they're a small ISP, then there's gonna only be a few people answering the phones.

If your GF does work from home, it's very possible that she's saved her email password in her browser or right in her email program. It's also likely that she uses the same password for work & personal, and he just has to look through her bookmarks to find the office's webmail login.

I'd get a few friends together. Find where that ahole lives & drive him blindfolded out into the middle of nowhere and leave him there with nothing but his underwear. But that's just me, I can't stand jerks like this. Especially if their the kind that hangs the law over peoples heads to make sure they won't retalliate.

Just FYI, if he was on your wireless network (that is up to you to determine the chance of that) he could have read your e-mails very easily. If you use POP if he used a packet sniffer POP transmits e-mails and even e-mail PASSWORDS in plain text format. I've tested it on myself and yes it works. Now the thing is he would have had to be on your network when you checked but it is a possibility. From the sounds of it though more than likely he knows your GF's password or something and is just reading her e-mail. That is just my oppinion

At work we've brought several obviously very illegal items to their attention, and they just seem to fluff it off every time.

How does an ISP such as yours monitor illegal activity? I mean it's good that you do but I'm curious about the method when you have millions of customers going across your wires.

Also I'd have to agree with SU. Change passwords or don't share anything via e-mail with her if you think it's going to be seen by someone else, just call her. I think the best advice is to not get caught up in his stupid little game.

How does an ISP such as yours monitor illegal activity? I mean it's good that you do but I'm curious about the method when you have millions of customers going across your wires.
The company I work for primarily does web hosting and colocation, so we run into different problems than ISPs.

We generally do not monitor our users for illegal activity (it requires way too much time & effort). We do monitor for gross overages in bandwidth and space usage, and take a look at what is taking up all the space or bandwidth. We scan emails sent through web forms (these get spammed constantly, and we can't stop customers from renaming them and uploading them with insecure or no configurations, so when a form gets too many spam hits, we warn them then take the form offline). We also have an IDS monitoring the environment, not necessarily to monitor for illegal activities, but to monitor for anything that is out of the norm.

Besides that, we rely on abuse complaints. It's hard to find an illegal activity that won't take up a whole lot of space, bandwidth, CPU, or set off our IDS, so the only real abuse complaints are usually for infected colo's customers that are hemmoraging spam through one of our colo's servers.

Thanks guys - I agree - the best thing is to not get involved. He is simply trying to hurt her through me.

With your help I talked to my ISP and confirmed that a PW was reset on the 7th. I actually think that was me doing that though. They said email forwarding is NOT on - interesting - did you know someone could turn that on at the web level and you'd never know?

Whatever PW that existed was not one I could remember and that was very odd. It also had been changed on my computer Outlook.

The ISP guy said there is no way - he is 99% sure that no-one is reading my email via them.

There is the possiblity that someone has accessed her work email from the inside. But I'm still thinking something is up...

Hmmm...how to catch a rat.

Aha! This statement provided me the ultimate clue:

"If your GF does work from home, it's very possible that she's saved her email password in her browser or right in her email program. It's also likely that she uses the same password for work & personal, and he just has to look through her bookmarks to find the office's webmail login."

I forgot that she occasionally checks her work email from home!!! He had installed a keylogger - we knew that. So the only thing is I know she is pretty anal about deleting email once it has been read at work. Not sure if that leaves them still up on the web access version though - Except the ones with photos attached! What do you think???

They said email forwarding is NOT on - interesting - did you know someone could turn that on at the web level and you'd never know?
You would know... you would stop getting mail.. it would get forwarded instead of delivered.

She may have deleted it, but in most mail clients, "deleted" mail just gets moved to the trash bin & sticks around for a week or so until it's deemed old enough to expunge.

You both could get a neutral email host, say GMail, which you two would log into to exchange messages. Yes, other emails would still be at risk at your default accounts, but he isn't interested in them so much. Still, having some "throw away" GMail addresses that he doesn't know about might do the trick.

Log in from computers that you can trust. The home computer that she has is already considered compromised... perhaps somehow he got to the work computer too? Perhaps some sort of spyware or virus that cannot be detected because it is not widespread?

Try to isolate if he is reading off "keylogger" emails or if they are actual messages that he is intercepting. Both of you should write an "email" to each other in Word and NOT save it, in other words that message actually doesn't exist, except it was typed in the keyboard. If he gloats that message back to you then you proved it was a keylogger. If it is not a keylogger then the GMail idea should work.

Well you have to do a few things.

1. Format and reinstall on any computers that the X husband has had any kinbd of access to.

2. Change all passwords (Yours and hers) and hint questions to stuff that would be impossible for him to know. ( use a question he knows the answer to but use a different answer )

3. have her file a report with the police dept. and try to get a restraining order against him

4. If you can not keep hoim away from her computers then nothing you do will keep him out. Physical security of her computers is the first and most important step.



5. She needs to tell her work that her email has been compromised. This is a huge security risk for her employer and they need to know about it.

Well, if your webmail password got changed, your Outlook uses the same password for access... so he isnt on your computer.

Kinda reminds me of those pimple faced teens who threaten you saying that they hacked your computer and are going to mess it up so bad it will never work again. For fun you ask them what local IP your computer uses on your network, and they bluff thier way around the fact that they dont know what an IP is :D

Personally I would call the guy and idiot, and taunt him about his preschooler antics. Maybe he will do something stupid and get himself in trouble.

...or

If you have proof of his claimed antics, register a complaint with the police about him, that his is stalking you, or to really get him in crap, call the FBI, tell them that this guy has gained access to your private documents and claims to have been assisted by the local law enforcement. A call from the FBI would not be a nice start to his day :D

Simple thing here that I use could be allowing him to read her e-mails. When I'm on the road I go to my isp to read my e-mails, this leaves them on their server so if I want to save something it'll still be available when I get home. If your gf is doing this thenhe could also be accessing her mail but a simple password change on her end for both the mail and the internet account should resolve the problem if there's no keylogger on her computer.

I can't thank you guys enough - my GF and I figured it out with your help. Accessed her webmail recovered deleted files to deleted folder and had everything! Amazing!

So he was getting all his info from the GF webmail? It is possible that might have been only one of his sources. After you change the password and password reset question he might still be able to get information. However, congrats on fixing all/part of the problem. I'm glad everyone here was able to help.

Call the feds, say he's hacking you.

Anything, hacking is hacking. Trying to protect yourself from hackers is one thing, trying to protect yourself from a person you know is hacking or trying to hack you, is not smart at all.

Well you have to do a few things.

1. Format and reinstall on any computers that the X husband has had any kinbd of access to.

2. Change all passwords (Yours and hers) and hint questions to stuff that would be impossible for him to know. ( use a question he knows the answer to but use a different answer )

3. have her file a report with the police dept. and try to get a restraining order against him

4. If you can not keep hoim away from her computers then nothing you do will keep him out. Physical security of her computers is the first and most important step.



5. She needs to tell her work that her email has been compromised. This is a huge security risk for her employer and they need to know about it.
This is definitely good advice.

I did not read all of this so I don't know if this has been said but with wireless he could have just downloaed a program that scans for a network and sat in frount of your house and got on that way.. its really easy even a 9year old could do it.

very nice everyone...i just have one thing to say that it seems everyone forgot. Make sure (since we know the X is a very mean person) that your gf is safe and SHE isn't giving out the info. I am not say that she is the problem but if the X has in the past made her give him information then it is posible that he may still be doing this. Make sure she is okay and that this hasn't happend.

You can protect the computer all you want, but if the pw are still getting out keylogger or not then everything is pointless. Take care :)

What about Dynamic IPs? If he can't keep getting your IP address if it renews every so often, like monthly, may be daily.

In that case, may be it is wireless.

What about Dynamic IPs? If he can't keep getting your IP address if it renews every so often, like monthly, may be daily.

In that case, may be it is wireless.

Was it not determined that he was recovering emails from the webmails deleted folder? (just checking :shrug: )

Call up the station he works at and report it to his supervisor. Let his supervisor know you will not press charges if he stops. Get a restraining order from the judge. This is a nutjob you are dealing with and it could escalate into lethality (new word?). If you talk to his sup, he can make the problem go away. If they balk, mention the FBI and the newspaper and the nightly news might want to know about this and then confirm his sups name. That would be the easiest safest way to go about it. Seriously get the restraining order.

Some people just dont know when to quit...

just an fyi, for anybody sending e-mail that is not encrypted, it is about as secure as sending a message on a postcard... it is text and can be read easily...

Call up the station he works at and report it to his supervisor

I am sure thats going to be more than enough to stop him. Try that, and be a free man again! Seriosly, it will take you 10 minutes, and I am sure that guy will stop bothering you.

How about tailing this guy for awhile while armed with a video camera. Seeing how he's a f up, he'll screw up, and then you can send the video to the news to show what a loser this punk is.

My first thought was to beat the giant $#1^ out of him, but that would get you in trouble, and his miserable existence isn't worth it.

Just thinking, if some apparently legitimate law enforcement official asked for access to your account and records at your ISP, under the new "anti terrorist" laws, they have to hand it over without subpoena and they are also not allowed to tell you the user they did it. :/

Don't mean to make you paranoid, but reassurances from your ISP end don't mean much in this day and age. I hope you got it figured out though. I'd be inclined to put something on record with his higher ups though, in case it escalates.

another tip: use peerguardian. it is an ipblocker with updated lists of law enforcement and government computers. absolutely get it. then activate the accept and deny logs and keep an eye on it.

http://phoenixlabs.org/

Just curious but how does her ex-husband have access to her machine ?
Sorry this is hitting close to me I recently lived through some similar stuff and I am just curious.

Am I the only one who thinks it is funny that instead of settling matters in person, like the used to in the good ol' days, these guys are having battles over the internet?

What is this world coming to?

(not trying to be disrespectful, and I understand the situation...just thought it was funny)