How to check if some one is spying on you?

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

How to check if some one is spying on you?

Post by qkken on Mon Oct 08, 2012 2:07 pm
([msg=70034]see How to check if some one is spying on you?[/msg])

hi!
I had this "kid" who i used to play with for a short period some time back. today he contacts me on skype telling me he was watching my screens, both my laptop(backtrack 5) and my desktop(win7). i realized that this is not likely(he was pretty vague), but i got curious and suspicious so i researched it a bit, but did'nt really come up with much. i tried "netstat -n" and CommView in win 7 to see if i could find his IP or something, but with no luck(i think). I allso tried looking at the "airodump-ng" for my "mon0" in backtrack 5 to see if i could "spot" anything strange there, but i am not that experienced with backtrack yet. In the end i basicly said "fuck you, you are now blocked and reported" and did so.
I guess my question is this:
Is it possible to monitor (a) computer(s) in that sense or other? If so, how to detect it and prevent it?

hope this is the right forum for this question.

Thank you in advance.
qkken
New User
New User
 
Posts: 6
Joined: Wed Oct 03, 2012 7:24 pm
Blog: View Blog (0)


Re: How to check if some one is spying on you?

Post by WallShadow on Mon Oct 08, 2012 3:18 pm
([msg=70035]see Re: How to check if some one is spying on you?[/msg])

Is it possible to monitor people?

Yes, in fact, with a good enough connection, you can get real time streaming from someone's screen, but generally they won't do that, and will only do 1 frame per 5 or 10 seconds. And not only screen-monitoring, but also keylogging to steal all your usernames/passwords, and even spoofing things such as placing CP on your computer or using your comp in a ddos attack. Just a world of possibilities.

How to detect it?

You are on the right track with checking "netstat" (btw, if you want to be thorough, use "netstat -a" to show ALL connections). It essentially boils down to this: he has a way to send information to your computer and receive information from your computer somehow through the internet. If he is only receiving info from your computer and he uses UDP, then checking active connections is useless, however, if he is using TCP or is sending info to your computer through TCP or UDP, then you will find an active connection or listening port with 'netstat'.

What is most likely is that he has a two-way TCP connection started by a trojan or worm on your computer which is connected to his remote server. You must somehow find this connection and see what ip it leads you to. You can use just basic tools such as netstat to find this out, or you can use some kind of tcp/udp dumper to listen to your computer's outgoing and incoming traffic and pin point exactly how he is doing it (make sure to close any other applications which connect anywhere, even just an open webpage can intermittently send packets which will lead you off the trail). You can also simply use firewall application to track all connections and check how exactly it happens.

How to prevent it?

Think of it in very simple terms, HE HAS A VIRUS ON YOUR COMPUTER. This virus is stealthy, it only connects to his computer and performs various functions such as screen capture. REMOVE THE VIRUS, and you remove his ability to track you. Scan with your Anti-Virus, and use additional AV's such as Malware-Bytes Anti-Malware or CCleaner or maybe even ComboFix. In case you can't do that, do some manual investigation and removal (be careful not to destroy your system). If that doesn't work, blocking any untrusted communications can stop his monitoring, but it won't remove the virus.

Goodluck!

- WallShadow <3
User avatar
WallShadow
Contributor
Contributor
 
Posts: 624
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: How to check if some one is spying on you?

Post by qkken on Tue Oct 09, 2012 5:53 am
([msg=70051]see Re: How to check if some one is spying on you?[/msg])

awesome reply! didn't expect this good a response, thanks a lot.
i am looking in what kind of options i have for tcp/udp dump in backtrack. it looks pretty good.
qkken
New User
New User
 
Posts: 6
Joined: Wed Oct 03, 2012 7:24 pm
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests