Monitoring personal internet activity/pc spying - what's possible?

I know there's corporate spyware, and ways to detect and eliminate spyware, but I'm wondering about government monitoring.

I type tons of things into text windows like this - personal thoughts on a variety of things in places like DU and Yahoo chat, into the address bar, into Word, registering, always registering.

Can the best the government has see what is typed, as its typed? Even before its "posted?"

Can they, whoever they may be, see other files on my computer when I'm online. Is it possible someone is going thru my documents or pics right now?

Is where I actually physically live knowable ( assuming I don't just spell it out)?

We know emails are read, and websites monitored, but monitoring actual individual activity of ...citizens, let's say, what is possible?

I'm a computer science student and depending on whether you have an "always on" computer connection, if someone put a worm on your system, it could be logging your keystrokes and sending them back to "Big Brother"

Like my pathetic dialup connection.

there are programs that can be installed that are hidden. They can record all your keystrokes, even passwords, and the powers that be can have it mail files based on a schedule or keyword to another personal email, say an investigative agent.

Anderson Consulting (now Accenture) wanted us to test something like this in a 160 system computer lab I used to run at a university. I wouldn't let it be installed and caused a stink with administration. They wanted to do what Anderson wanted because they thought they'd get enough money to name the business college after them. I wouldn't let them do it because it would have tracked every student's SSN that came into that lab. Approx. 3000 kids over the course of a week. Since then, we're doing away with SSN/pin logins.

I went to a conference once where Beaver College out of PA was talking about having a staff of people that mainly observed web logs to make sure kids weren't "getting into what they were'nt supposed to".

they can tell where you go, how often, how long you stay per visit, what you do there and what your thoughts are from your blogging and email.

our only hope is to over whelm them, literally.

peace

Just as spyware can be installed onto a PC inadvertently that records keystrokes, and then send that info out -- there is no evidence that we've fallen into such dire straits that the FBI would do so as it would be absolutely illegal. Now, I realize that we all harbor at least "some" paranoia over what the FBI does, the truth is they don't have the manpower to implement and monitor such things.

The FBI struggled for years with software, called carnivore, that was designed to spy on internet info transfers of specific accounts, which required a Court Order, and which they ended up scrapping it a few months ago after investing millions of dollars and untold hours.

What we post publicly is likely monitored to some degree, but even that requires enormous personnel resources. Anyone who runs a website can place a minor file that wards off the various bots scurrying around the net gathering info for search engines, called robot.txt. This means that their site won't come up in websearches. Mix in foreign languages and foreign alphabets, and it's nearly impossible to monitor someone who doesn't want to be monitored.

One must know the URL or IP Address of the server in order to reach it and if it's been made secure, it might require authentication to get into the site. A whole lot goes on unseen and requires specific knowledge to access.

However, I do try and live my life as an open book. It's easier on me and if I feel that I don't want something to come back and haunt me, such as making threats, I simply don't do it. Otherwise, I'm just another boring dissenter.

"there is no evidence that we've fallen into such dire straits that the FBI would do so as it would be absolutely illegal. Now, I realize that we all harbor at least "some" paranoia over what the FBI does, the truth is they don't have the manpower to implement and monitor such things."

More research needed here. I disagree with your premise.

Check out a program called "Neo-Trace". Much of the funding for this program came from the FBI. They have an updated version that is so secret and powerful you can't even get a copy of it. But you can pull a copy of the original shareware version, free. I can send you a piece of e-mail and the program will send with it a trailer that follows it back to it's sender and reports back to me co-ordinates that when super imposed on the map provided tells me within three hundred feet of you front door.

I'd also direct your attention to the attack on peace-net that killed 3000 computers. The attack was traced to the secret service. You might also ask yourself WHY does the secret service maintain jurisdiction over computer security. You'll find Treasury can't be busted or investigated. The unfortunate truth is they ARE funded, WELL, and are quite active and not limited to FBI.

I had a site for three years on my service called antiwar.com one of the biggest anti-war sites in the world. We were doing 250-300k hits per day and repukes couldn't stand it. I'm sure they'll still have the documentation posted there were I was able to trace the attack to computers in the German military. What's worse the sophistication of the attack required access to RIPEnet the European equivalent to our InterNic, the registration and routing data based accessed by all routers to get routing info every time you send a piece of mail or pull a page. This would not be easy and almost certainly would require insiders at RIPEnet. Today antiwar.com is sitting behind the kind of security you'd normally use for an international banking site. In fact that server has 13 sites, 12 of them are banks and antiwar.com

Everyone should take security as serious matter. Don't believe the common misnomers that they don't have the funds or the expertise and the law is on our side for privacy. It just isn't so.

all public knowledge. Given a few easily purchased hacking tools a
"script kiddy" can find out everthing and monitor you ever keystroke unless your well protected. Almost noone is well protected.

http://www.msnbc.com/news/660096.asp?0na=x21017M32&cp1=1
Nov. 20, 2001 — The FBI is developing software capable of inserting a computer virus onto a suspect’s machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as “Magic Lantern,” enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. The best snooping technology that the FBI currently uses, the controversial software called Carnivore, has been useless against suspects clever enough to encrypt their files.
MAGIC LANTERN installs so-called “keylogging” software on a suspect’s machine that is capable of capturing keystrokes typed on a computer. By tracking exactly what a suspect types, critical encryption key information can be gathered, and then transmitted back to the FBI, according to the source, who requested anonymity.
The virus can be sent to the suspect via e-mail — perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect’s computer and insert Magic Lantern, the source said.
Magic Lantern is one of a series of enhancements currently being developed for the FBI’s Carnivore project, the source said, under the umbrella project name of Cyber Knight.

http://www.theregister.co.uk/2001/11/27/av_vendors_split_over_fbi/
Antivirus vendors are at loggerheads over whether they should include in their software packages detection for a Trojan horse program reportedly under development by the FBI.

A keystroke logging Trojan, called Magic Lantern, will enable investigators to discover break PGP encoded messages sent by suspects under investigation, MSNBC reports. By logging what a suspect types, and transmitting this back to investigators, the FBI could use Magic Lantern to work out a suspect's passphrase. Getting a target's private PGP keyring is easy in comparison, and with the two any message can be broken.
<snip>
And antivirus vendors are mulling over the rights and wrongs of putting Magic Lantern on their virus definition list.

Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.
<snip>

http://www.wired.com/news/conflict/0,2100,48648,00.html
Since Network Associates (NETA) makes popular security products, including McAfee anti-virus software and Pretty Good Privacy encryption software, reports of a special arrangement with the U.S. government have drawn protests and threats of a boycott.

The flap started last week, when news reports began to appear about an FBI project code-named "Magic Lantern." Details are sketchy, but Magic Lantern reportedly works by masquerading as an innocent e-mail attachment that will insert FBI spyware inside your computer.

In the past, the FBI has said publicly that agents have been flummoxed by suspects using encryption, something that software such as Magic Lantern could circumvent by secretly recording a passphrase and secret encryption key, then forwarding the confidential data to the feds.

An Associated Press article then reported that "at least one antivirus software company, McAfee Corp., contacted the FBI ... to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect."

college, and a guy that runs a security company. That is why you never want to threaten to kill someone,and need to really think about what your putting in hard copy that will last forever.

I once had a hacker give me someone's name, address, telephone number and all of the above info for a few of her neighbors in less than five minutes given no information whatever other than her e-mail address.

In general, regardless of what kind of anti-virus, spyware killer and/or firewall you have, it's wise to assume that anyone and everyone can see everything you say and everywhere you go and everything you buy when you're online. Best advice is never to say or do anything on the Internet that you wouldn't want announced to your mother, grandmother, girl/boyfriend and boss during next Sunday's church service.

I can tell you that it's not safe. I tell my clients to think about the net like the radio. Don't do or say anything you would not say or due right in front of your friendly local law enforcement agent. Basically most everything you do on a network is designed to distribute that information. There should be no reason for worries about security as your talking on the radio disseminating as far and as wide as you can get it. If right wing cops want to read it go ahead, your not doing anything wrong.

As far as the question about seeing your key strokes, yes this is called a back door. If you are logged on, this info can be transfered in real time. If you are not logged on, the back door will usually log that info to a file and transfer next time you log on. All of the programs that do this are some form of virus, Trojan, or worm. The firewall and virus scanner will stop this activity before it is implemented. Be advised that even the pentagon is broken into 20-30 times a day while over 2000 try. The point being that no matter how diligent you are, there is no such thing as fail safe. So things will slip through by design of the virus (spy) writer. That's where your spyware cleaner comes into play.

In the case of non-speech issues where security does matter like say stock trading or on-line ordering with credit cards your looking for SSL or Secure Socket Layer. Any service that collects financial info will have an SSL in place. These are 128 bit encrypted.

It is no longer sufficient to just maintain an adequately updated virus scanner like two years ago. Today you want three pieces to your security package. A good virus scanner, a firewall, and a spyware cleaner. You can use an all in one package like PC-Cillin to make this easy. You can do all this for free but each of the three packages are separate programs and therefore a little more hassle to download and set up. All of the packages I know of that contain all three components are paid software and run anywhere from 39.99 - 79.99. I would suggest a full paid package if you got the funds. But if you don't have the funds at this time that should be no excuse, use the free packages.

I have a nice tutorial at http://spambegone.org

Look for the big red "security bar" to get the free setup info. To get a full package that I could recommend go to http://antivirus.com which will take you to Trend Micros PC-Cillin for 39.99 per two year setup.

One of two things is going to happen eventually. Microsoft will, by public pressure fix the insecurities, totally do-able, OR the security of the InterNet will totally collapse and everyone will be forced to go to total 128 bit encryption for everything that is transfered. Encrypting everything would be restrictive on contacts to unknown persons cause you have to have the key to decrypt it. But at the rate we're going we may have no choice in the not too distant future.

Waihopai, INFOSEC, Information Security, Information Warfare, IW, IS, Priavacy, Information Terrorism, Terrorism Defensive Information, Defense Information Warfare, Offensive Information, Offensive Information Warfare, National Information Infrastructure, InfoSec, Reno, Compsec, Computer Terrorism, Firewalls, Secure Internet Connections, ISS, Passwords, DefCon V, Hackers, Encryption, Espionage, USDOJ, NSA, CIA, S/Key, SSL, FBI,Secert Service, USSS, Defcon, Military, White House, Undercover, NCCS, Mayfly, PGP, PEM, RSA, Perl-RSA, MSNBC, bet, AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN, 3B2, BITNET, COSMOS, DATTA, E911, FCIC, HTCIA, IACIS, UT/RUS, JANET, JICC, ReMOB, LEETAC, UTU, VNET, BRLO, BZ, CANSLO, CBNRC, CIDA, JAVA, Active X, Compsec 97, LLC, DERA, Mavricks, Meta-hackers, ^?, Steve Case, Tools, Telex, Military Intelligence, Scully, Flame, Infowar, Bubba, Freeh, Archives, Sundevil, jack, Investigation, ISACA, NCSA, spook words, Verisign, Secure, ASIO, Lebed, ICE, NRO, Lexis-Nexis, NSCT, SCIF, FLiR, Lacrosse, Flashbangs, HRT, DIA, USCOI, CID, BOP, FINCEN, FLETC, NIJ, ACC, AFSPC, BMDO, NAVWAN, NRL, RL, NAVWCWPNS, NSWC, USAFA, AHPCRC, ARPA, LABLINK, USACIL, USCG, NRC, ~, CDC, DOE, FMS, HPCC, NTIS, SEL, USCODE, CISE, SIRC, CIM, ISN, DJC, SGC, UNCPCJ, CFC, DREO, CDA, DRA, SHAPE, SACLANT, BECCA, DCJFTF, HALO, HAHO, FKS, 868, GCHQ, DITSA, SORT, AMEMB, NSG, HIC, EDI, SAS, SBS, UDT, GOE, DOE, GEO, Masuda, Forte, AT, GIGN, Exon Shell, CQB, CONUS, CTU, RCMP, GRU, SASR, GSG-9, 22nd SAS, GEOS, EADA, BBE, STEP, Echelon, Dictionary, MD2, MD4, MDA, MYK, 747,777, 767, MI5, 737, MI6, 757, Kh-11, Shayet-13, SADMS, Spetznaz, Recce, 707, CIO, NOCS, Halcon, Duress, RAID, Psyops, grom, D-11, SERT, VIP, ARC, S.E.T. Team, MP5k, DREC, DEVGRP, DF, DSD, FDM, GRU, LRTS, SIGDEV, NACSI, PSAC, PTT, RFI, SIGDASYS, TDM. SUKLO, SUSLO, TELINT, TEXTA. ELF, LF, MF, VHF, UHF, SHF, SASP, WANK, Colonel, domestic disruption, smuggle, 15kg, nitrate, Pretoria, M-14, enigma, Bletchley Park, Clandestine, nkvd, argus, afsatcom, CQB, NVD, Counter Terrorism Security, Rapid Reaction, Corporate Security, Police, sniper, PPS, ASIS, ASLET, TSCM, Security Consulting, High Security, Security Evaluation, ElectronicSurveillance, MI-17, Counterterrorism, spies, eavesdropping, debugging, interception, COCOT, rhost, rhosts, SETA, Amherst, Broadside, Capricorn, Gamma, Gorizont, Guppy, Ionosphere, Mole, Keyhole, Kilderkin, Artichoke, Badger, Cornflower, Daisy, Egret, Iris, Hollyhock, Jasmine, Juile,Vinnell, B.D.M.,Sphinx, Stephanie, Reflection, Spoke, Talent, Trump, FX, FXR, IMF, POCSAG, Covert Video,Intiso, r00t, lock picking, Beyond Hope, csystems, passwd, 2600 Magazine, Competitor, EO, Chan, Alouette, executive, Event Security, Mace, Cap-Stun, stakeout, ninja, ASIS, ISA, EOD, Oscor, Merlin, NTT, SL-1, Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time, MSEE, Cable & Wireless, CSE, Embassy, ETA, Porno, Fax, finks, Fax encryption, white noise, pink noise, CRA, M.P.R.I., top secret, Mossberg, 50BMG, Macintosh Security, Macintosh Internet Security, Macintosh Firewalls, Unix Security, VIP Protection, SIG, sweep, Medco, TRD, TDR, sweeping, TELINT, Audiotel, Harvard, 1080H, SWS, Asset, Satellite imagery, force, Cypherpunks, Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit, FLAME, Pornstars, AVN, Playboy, Anonymous, Sex, chaining,codes, Nuclear, 20, subversives, SLIP, toad, fish, data havens, unix, c, a, b, d, the, Elvis, quiche, DES, 1*, NATIA, NATOA, sneakers, counterintelligence, industrial espionage, PI, TSCI, industrial intelligence, H.N.P., Juiliett Class Submarine, Locks, loch, Ingram Mac-10, sigvoice, ssa, E.O.D., SEMTEX, penrep, racal, OTP, OSS, Blowpipe, CCS, GSA, Kilo Class, squib, primacord, RSP, Becker, Nerd, fangs, Austin, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, ANC, zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation, Wackenhutt, EO, Wackendude, mol, Hillal, GGL, CTU, botux, Virii, CCC, Blacklisted 411, Internet Underground, XS4ALL, Retinal Fetish, Fetish, Yobie, CTP, CATO, Phon-e, Chicago Posse, l0ck, spook keywords, PLA, TDYC, W3, CUD, CdC, Weekly World News, Zen, World Domination, Dead, GRU, M72750, Salsa, 7, Blowfish, Gorelick, Glock, Ft. Meade, press-release, Indigo, wire transfer, e-cash, Bubba the Love Sponge, Digicash, zip, SWAT, Ortega, PPP, crypto-anarchy, AT&T, SGI, SUN, MCI, Blacknet, Middleman, KLM, Blackbird, plutonium, Texas, jihad, SDI, Uzi, Fort Meade, supercomputer, bullion, 3, Blackmednet, Propaganda, ABC, Satellite phones, Planet-1, cryptanalysis, nuclear, FBI, Panama, fissionable, Sears Tower, NORAD, Delta Force, SEAL, virtual, Dolch, secure shell, screws, Black-Ops, Area51, SABC, basement, data-haven, black-bag, TEMPSET, Goodwin, rebels, ID, MD5, IDEA, garbage, market, beef, Stego, unclassified, utopia, orthodox, Alica, SHA, Global, gorilla, Bob, Pseudonyms, MITM, Gray Data, VLSI, mega, Leitrim, Yakima, Sugar Grove, Cowboy, Gist, 8182, Gatt, Platform, 1911, Geraldton, UKUSA, veggie, 3848, Morwenstow, Consul, Oratory, Pine Gap, Menwith, Mantis, DSD, BVD, 1984, Flintlock, cybercash, government, hate, speedbump, illuminati, president, freedom, cocaine, $, Roswell, ESN, COS, E.T., credit card, b9, fraud, assasinate, virus, anarchy, rogue, mailbomb, 888, Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone, BATF, SGDN, Nike, Atlas, Delta, TWA, Kiwi, PGP 2.6.2., PGP 5.0i, PGP 5.1, siliconpimp, Lynch, 414, Face, Pixar, IRIDF, eternity server, Skytel, Yukon, Templeton, LUK, Cohiba, Soros, Standford, niche, 51, H&K, USP, ^, sardine, bank, EUB, USP, PCS, NRO, Red Cell, Glock 26, snuffle, Patel, package, ISI, INR, INS, IRS, GRU, RUOP, GSS, NSP, SRI, Ronco, Armani, BOSS, Chobetsu, FBIS, BND, SISDE, FSB, BfV, IB, froglegs, JITEM, SADF, advise, TUSA, HoHoCon, SISMI, FIS, MSW, Spyderco, UOP, SSCI, NIMA, MOIS, SVR, SIN, advisors, SAP, OAU, PFS, Aladdin, chameleon man, Hutsul, CESID, Bess, rail gun, Peering, 17, 312, NB, CBM, CTP, Sardine, SBIRS, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut, SONANGOL, Flu, &, Loin, PGP 5.53, EG&G, AIEWS, AMW, WORM, MP5K-SD, 1071, WINGS, cdi, DynCorp, UXO, Ti, THAAD, package, chosen,
PRIME, SURVIAC,UFO.

Brother Buzz

PS: Memo to FCC - Shit, Fuck, God Damn!

over us. The more that speak up and the louder we do the less control they have.

Harder to track something when there are MULTIPLE TRAILS.

:evilgrin: