Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Are you being harassed or stalked online? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Are you being harassed or stalked online?
We received an email today from someone who is concerned
that they are being harassed by someone online. The
individual was asking the Handler's group for help in
finding someone to help her track down an online
attacker.


I wanted to address this issue here. I have investigated
similar claim in the past. Without getting into much
detail about the particular incident (to protect the
identity of both the innocent and the guilty) I want to
discuss my response to those who are concerned about
Cyber Harassment and Stalking.


Is it possible that someone could accomplish this?
Absolutely. Is it likely? - Not under normal
circumstances.


A lot of things could be happening behind the scenes.


* You may have spyware or viruses on your computer that
are allowing certain confidential information to leak
out.

* You may have given someone more information that you
should have in a chat room or email.

* You may have an unprotected computer with lack of
sufficient protection (firewall,anti-virus program,
operating system updates, etc).


In the case that I investigated - the "victim" claimed
that they knew who the people were that were
responsible. There was no evidence that anyone had done
anything to the computer. Nothing more than the
installation of the normal - run of the mill spyware and
adware was found.


It is highly unlikely that this type of activity is
taking place. What is more than likely taking place is
what we see evidence of everyday at the Storm Center and
elsewhere on the Internet. Take a look at the Internet
Storm Center - you will see referenced the Survival Time
and a link to the Survival Time History. The Survival
Time right now - today is 23 minutes. That means that a
computer - unprotected with no firewall, anti virus,
spyware/adware protection will likely become infected in
just 23 minutes. That is all the longer it takes to
compromise a brand spanking new computer - out of the
box. Now take a look at the History link. You see that
we had less than 10 minutes in May 2004 and less than 5
minutes in August 2004 (Blaster).


Take a look at the Top 10 Ports and you will see that
there is continuous port activity. That is the nature of
the Internet with 65,565 ports available you are bound
to see some of them alive doing things like pop mail
(110), web (80), DNS (53), etc.


So what can you do to protect yourself and your
computer?


Here is a link to the Survival Guide. This document
will help you put the things in place to minimize the
potential for someone to break into your computer.

http://isc.sans.org/presentations/xpsurvivalguide.pdf

What do you do if you think you are being harassed?


Don't jump to conclusions.


Contact your local Police Department or your local FBI
office. They can investigate your issues and if they
suspect that you do have a problem they can conduct a
full investigation.


Don't give out personally identifiable information
either online or by telephone if you did not initiate
the contact. Use caution when sharing information with
others - even if you did initiate the contact. Give
only the information that is essential to complete the
transaction or enquiry.


Only you can protect yourself and your identity.
Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!