| Date: Thu, 11 Mar 2004
07:21:31 EST Subject: very good anti hacking advice from Tom Bearden
John,
Yes, if one is active on
the internet and does not have spyware defense on one's computer, one
seriously needs it these days. For one added benefit, it will almost
100% eliminate the silly but nefarious "pop-ups" that are so rampant
these days, and that literally drive one up the wall otherwise.
I personally use Spy
Sweeper, which has proven ideal for my own needs. I'm behind a
hardware router, a firewall (Black Ice), intensive antivirus checking
(Two Norton suites), and intensive spyware checking (Spy Sweeper).
And when I installed Spy Sweeper and did the first system sweep, I
really got a shock. My computer was in fact infested with a dozen or
more very sophisticated spies, plus many dozens of the standard
nondamaging but irritating type. The program found and eliminated them
immediately, and by continuously checking in the background these
days it has very successfully fended off most of them since. But one
has to do a sweep check of one's system for spies, periodically, the
same way one has to do a sweep check for viruses etc. One also has to
continually download and install spysearch updates, similarly to the
way one does for antivirus software updates.
And by the way, it isn't
only the "bad guys" who are into everyone's computers these days. Some
other "legitimate" folks are into very wide spying on the net, which
can be very surprising. Much of this is legal under some new laws and
regulations, and some of it is illegal because of the identity of the
folks not authorized but doing it anyway. These folks also
continuously scan the net (sorta like a continuous set of google
searches) for certain words or arrangements of words. Simply repeating
a news item with these word combinations can sometimes attract some
very strong and undue attention from these surreptitious folks. Since
I use such words of interest frequently, obviously my machine became a
favorite target. About three years ago, the main Bell South technical
internet engineer, charged with action against hacking and external
interference, did take on a task to root out some of these piranhas
attacking my machine, and he did the job, much to my relief. He also
was tied into the "superhacker" community, and had no great problem in
doing that job. These days, many large companies actually hire
superhackers of their own, since they have found that for some things
that is the only way to have parity with, or hopefully an advantage
over, the criminal hacker community.
Further, many of the
viruses and Trojans etc. are now made deliberately by
counter-information warfare specialists in foreign nations. In
essence, there are miniature "information wars" or "information war
games" of sorts going on continuously, where each "side" continually
tries out its techniques etc. against the other side, etc. Sorta like
young fellows these days having gone ga-ga over paint gun wargames. A
strange kind of information "cold war" is thus ongoing, partially in
dead seriousness and partially as some kind of "gaming".
Fortunately a good spyware
program is also continually updated, so one can keep it up to date for
a small annual subscription fee.
Nothing gives 100%
defense, but sufficient barriers and determined updating as well as
persistent checking can get one to 99.99% or so. It is also absolutely
mandatory that one keep frequently downloading and installing security
updates from Microsoft etc. and/or the other major software
manufacturers. There are certain websites, e.g., where experts will
freely examine the security of one's system for open ports, etc. and
give one a direct report on their examination results. The very
Microsoft software itself also has serious exploitable loopholes,
which Microsoft is now giving very urgent attention to, after taking
lots of flack on their rather sloppy security programming initially.
To their credit, Microsoft seems to now be strongly searching,
finding, and fixing these bugs as rapidly as it can. However,
Microsoft also gets lots of inappropriate flack because of things like
3rd party drivers etc. which do not properly mesh with Microsoft's
software and cause lots of bugs and crashes of the fundamental
Microsoft software, to prevent undue damage to that primary system
software. Much of the crashing of Windows, e.g., is actually due to
bad drivers and ancillary programs from other manufacturers, etc.
rather than to the modern Microsoft software with applied changes and
updates.
Also, at one time
after destruction of two hard drives, and continuing massive attacks,
I had to request informal "back channel" help from some real
superhackers (the good guys who love the art with a passion but also
thoroughly detest those weasels who misuse it to damage computers and
private property such as files, etc.) That was a real education. What
many of those "supercats" can do in and on computers, has not yet been
written in the textbooks and will not be for some years. They very
kindly and very graciously did solve a formidable problem I had, and
in record time. I refused to ask what really happened to the attacking
consortium of computers. For my purposes, those hostile machines and
their hacking simply disappeared from any further attacking of my
machine.
If a "particularly tough"
problem does arrive, most substantial universities have formal or
informal groups who study the art of computer hacking in more depth,
and there are usually some of these groups who do come to the
assistance of others as needed. The best part is that they also have
informal but direct contact with the real "superhackers", some of whom
are never mentioned anywhere in any publication, but who are literally
living legends in that "underground" world. And so a rather nebulous
but real pipeline does exist whereby with some sustained and
persistent effort one can request and get assistance from the real
world experts, if such a critical need arises.
In *****'s case, the real
"spooks" might mess with direct computer hacking a bit, since legally
they will have all the "back doors" used in building the software
itself. But for real sustained work they will just establish a site
down the road from him a bit, where they will detect all his targeted
computer's emanations by Tempest techniques (standard practice in the
EM countermeasures game). So they will have computers and a team
there, where on a computer screen there continually appears a direct
imaging and duplicate of the targeted computer's functioning, as Myron
works, with good accuracy. In that case, they simply read what one
writes as soon as one writes it, and record it as desired. Much of
that is automated to a high degree. Several other foreign nations --
particularly the Russian FSS/KGB and some former iron curtain
countries -- use these Tempest techniques also.
The real mess is usually
made by those brilliant but misguided idiots who get their jollies
from penetrating and damaging private computers and files slyly. There
what is really needed are some much more stringent criminal laws and
much stronger law enforcement. One cannot go down the street attacking
and mutilating private parked cars with impunity, and one should not
be allowed to also attack and damage private computers and their
information with near impunity. One cannot design and build bombs to
destroy cars and buses, and one should also not be allowed to
willy-nilly build viruses and trojans etc. to degrade and misuse
targeted systems and persons.
Best wishes,
Tom Bearden
|