Cyber Security Myths and Tips

Advertise with us
shop deals on amazon
Shop deals on ebay
This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
N

New_2_Chronic

Gone Baby Gone
Joined
Jun 14, 2008
Messages
966
Reaction score
1,002
I am an IT professional with over 15 years of Technology experince. I build and secure networks wordwide. I also conduct e-discovery and forensic data retrieval and wanted just to throw out some info on the myths I have been seeing here.

First of all do not get paranoid. The NCSD ( National Cyber Security Division) is about the only agency worldwide with the resources and abilities to track you down in cyber space. They however spend most of thier time combating virus outbreaks and attacks that threaten the stability of the Internet and worldwide communications. And of course tracking down terrorists!:ignore:

Local and federal agencies do not have the equipment or resources to pinpoint your location via the internet. Let me quantify that,,,,,

The most common way for people to get busted on the internet is to reveal thier true identity or identifying information somewhere and it is found by a local agency and they come a knockin,,,most likely with warrant in hand for your computers and stroage media. This is how they get the rest of the information to carry a case. (The odds of this happening are highly unlikely)

The second most common way for people to get busted or identified is to be investigated for other charges, they come get your computer, and boom your busted for something totally unrelated. (This is more common)

Internet Browsing:

First and foremost your internet browser habits are pretty safely confined within your computer. You can be hacked and monitored, but this is highly unlikely as in todays Hacking Trends Hackers are targeting businesses and corporations rather than individual homes. Again it will be a hacker that gets you, not the LEO....

If your browsing is a concern to you and you really want to take another measure then use a PROXY SERVER - Proxys mask your IP (internet protocol) address and lets you surf the net worry free. If anyone tries to track you IP they just go back to the free proxy server.

If you want to see if anyone is connected to your computer you could do this:

click start button
click run
type "cmd" (little black box appears)
in the box type netstat -n

this will output all currently connected IP addresses. If you see a wierd one that doesnt go with the rest of them (youll be able to tell) then there is something outside connected to you.

Spyware and viruses can make some connections as well so it may not be someone connected to you, but it might be something on your computer such as a virus or a spyware making an outgoing connection.

The fact that most people are on broadband connections makes tracking someone down via IP harder as well. With connections such as cable or dsl there is two things happening.

1. There is a lease on your IP address defined by your Internet Service Provider, for example 3 days is mine. That means every 3 days the IP address I have expires and I am issued a new one.

2. Your IP address is actually Natted through your ISP.
This means that the IP address you are getting is on thier local network and outside thier network your IP actually is represented as an public IP address. This complicates things more.

LEOS GOT YOUR COMPUTER>>>>>>NOW WHAT?

This is what happens when they come get your computer. They have a warrant to search the contents of the computer for anything "incriminating". They will do a basic search opening files and looking at historys and pictures. They will not be doing any "Forensic" looking at this point.

9 times out of 10 if they find nothing in this "look see" that will be the end of it and it will go no further. WHY?

Well because local law enforcement does not have the equipment to do a "bit level" investigation of the drive contents, They have to send it to a company to look at the drive at the "bit level". These companies charge very heavily for these investigations. The kicker is that they get paid wether they uncover 1000MB or none at all. Thats why the LEO agency has to weigh the importance of it. (Example: The last drive i sent to a forensic data recovery company cost me 9,000.00. and I got 1 file recovered)

If anything is found on the "look see" there is a high probability of them incurring the cost to dig deeper. The weight of the case also has alot to do with it... If there is no sales or distribution, or conspiricy involved then the cost would not be worth it to the state,,,,

The whole point of this is calm down, have fun, grow and POST. Dont worry about LEO's monitoring the site because thats about all they can do. Do not give out any personal information or identify yourself in any way and you can pretty much say anything you want safely.

I would keep a good regimen of computer housekeeping as well. Regualarly clean out your temporary internet files. Take pictures off your computers (the ones that could be damaging to you) and keep them on CD somewhere, instead of your computer.

If anyone has any tech related questions please feel free to ask me.

Hope this helps......:p
 
New_2_Chronic said:
I am an IT professional with over 15 years of Technology experince. I build and secure networks wordwide. I also conduct e-discovery and forensic data retrieval and wanted just to throw out some info on the myths I have been seeing here.

First of all do not get paranoid. The NCSD ( National Cyber Security Division) is about the only agency worldwide with the resources and abilities to track you down in cyber space. They however spend most of thier time combating virus outbreaks and attacks that threaten the stability of the Internet and worldwide communications. And of course tracking down terrorists!:ignore:

Local and federal agencies do not have the equipment or resources to pinpoint your location via the internet. Let me quantify that,,,,,

The most common way for people to get busted on the internet is to reveal thier true identity or identifying information somewhere and it is found by a local agency and they come a knockin,,,most likely with warrant in hand for your computers and stroage media. This is how they get the rest of the information to carry a case. (The odds of this happening are highly unlikely)

The second most common way for people to get busted or identified is to be investigated for other charges, they come get your computer, and boom your busted for something totally unrelated. (This is more common)

Internet Browsing:

First and foremost your internet browser habits are pretty safely confined within your computer. You can be hacked and monitored, but this is highly unlikely as in todays Hacking Trends Hackers are targeting businesses and corporations rather than individual homes. Again it will be a hacker that gets you, not the LEO....

If your browsing is a concern to you and you really want to take another measure then use a PROXY SERVER - Proxys mask your IP (internet protocol) address and lets you surf the net worry free. If anyone tries to track you IP they just go back to the free proxy server.

If you want to see if anyone is connected to your computer you could do this:

click start button
click run
type "cmd" (little black box appears)
in the box type netstat -n

this will output all currently connected IP addresses. If you see a wierd one that doesnt go with the rest of them (youll be able to tell) then there is something outside connected to you.

Spyware and viruses can make some connections as well so it may not be someone connected to you, but it might be something on your computer such as a virus or a spyware making an outgoing connection.

The fact that most people are on broadband connections makes tracking someone down via IP harder as well. With connections such as cable or dsl there is two things happening.

1. There is a lease on your IP address defined by your Internet Service Provider, for example 3 days is mine. That means every 3 days the IP address I have expires and I am issued a new one.

2. Your IP address is actually Natted through your ISP.
This means that the IP address you are getting is on thier local network and outside thier network your IP actually is represented as an public IP address. This complicates things more.

LEOS GOT YOUR COMPUTER>>>>>>NOW WHAT?

This is what happens when they come get your computer. They have a warrant to search the contents of the computer for anything "incriminating". They will do a basic search opening files and looking at historys and pictures. They will not be doing any "Forensic" looking at this point.

9 times out of 10 if they find nothing in this "look see" that will be the end of it and it will go no further. WHY?

Well because local law enforcement does not have the equipment to do a "bit level" investigation of the drive contents, They have to send it to a company to look at the drive at the "bit level". These companies charge very heavily for these investigations. The kicker is that they get paid wether they uncover 1000MB or none at all. Thats why the LEO agency has to weigh the importance of it. (Example: The last drive i sent to a forensic data recovery company cost me 9,000.00. and I got 1 file recovered)

If anything is found on the "look see" there is a high probability of them incurring the cost to dig deeper. The weight of the case also has alot to do with it... If there is no sales or distribution, or conspiricy involved then the cost would not be worth it to the state,,,,

The whole point of this is calm down, have fun, grow and POST. Dont worry about LEO's monitoring the site because thats about all they can do. Do not give out any personal information or identify yourself in any way and you can pretty much say anything you want safely.

I would keep a good regimen of computer housekeeping as well. Regualarly clean out your temporary internet files. Take pictures off your computers (the ones that could be damaging to you) and keep them on CD somewhere, instead of your computer.

If anyone has any tech related questions please feel free to ask me.

Hope this helps......:p
Click to expand...

Thanks for the information, very informative, way to much info for one read through...I am going to have to re read that post a few times......good on ya...

Peace
 
Great post New 2 Chronic, I'm very much handicapped when it comes to computer stuff. You have answered a lot off questions for me, thank you.
Dexter
 
are ya saying my hacking tools is way powerful than police stations have?
if so I can hack them?
 
Nice read it will definetly help clear up many misconceptions for the technically less inclined. Good post. Also another way to decrease the chances of leaving incriminating traces on your computer are to us a browser like firefox with the stumbler addon installed. With it your browser can easily be swtiched between normal and a safe mode where no cache pictures or history of your browsing habits is stored. You could also install one of the TOR plugins and use the tor onion network which lets you browse in the most anonymous way possible.
 
papabeach1 said:
are ya saying my hacking tools is way powerful than police stations have?
if so I can hack them?
Click to expand...

Your standard Linux distribution comes with more hacking tools than regular LEO has. :)

BSD's even better. BeOS reigns supreme (too bad it's old and outdated.) If you are the cutting edge geek type and can code x86 assembler, you should check out MinuetOS, which fits on a floppy and is so well-made it's virtually bulletproof.
 
Further Information

Q: Can what is said on the internet be used against me in any way?

A: Absolutely. It is called Public Information and can be obtained without a warrant. It can also be used to further any investigation into any illegal operations. Anything you post on a forum is fair game.

That being said here is the catch-all.... they have to prove it was you on the other end of the computer posting the information.... This would be near impossible for them to do. If they spent a small fortune they might be able to prove the connection came from your house but that is not enough. A good explanation for that would be " I have a wireless network that is wide open at my house someone else could of got on it and did that"

I hear lots of stories of people that were busted and thier computers sealed thier fate...Buit it wasnt there computers that got them there,,,, It was something else...

Your computer can be a dagger in any investigation. Lets take for instance your growing and you get caught with 4 plants.... They want to prove you are growing for sale, the prosecution is just not worth it otherwise,,,If they look at your computer, get some cached pages from your history and see where you mentioned you sold a quarter to your friend....ooops:holysheep: ....doesnt matter its the only time youve done it...they got the cherry they were looking for. Your computer has just escalated your pain immensly......

Myth:

I keep hearing where people are saying this is safe forumn because the server is in holland.

That is true....to an extent.... The server that hosts this forumn is in another country where they may have different or more aggressive privacy laws but that doesnt make it immune.

The simple fact that is resides in another country and is not subject to the Patriot Act makes things much harder for any US prosecutions to gain any information from the company hosting the server. They have to have proof already, basicly a case, to support subpoena of any information from the server. This is not the case in the US where they can go on a "fishing expedition" and get any informatiuon they need without proof, although they still need a warrant, a federal warrant....

Another point to make is that this also means they will be limited to the user in question and not "carte blanche" to all users records.

So the basic point is " Can the US or any other country for that matter gain access to the information on this server?"

the answer is basicly YES they can, will they? not unless your Don Corleone or something.......

As an IT professional I can tell you I feel better knowing the server is in another country......YOU SHOULD TOO....
 
Your standard Linux distribution comes with more hacking tools than regular LEO has. :)

BSD's even better. BeOS reigns supreme (too bad it's old and outdated.) If you are the cutting edge geek type and can code x86 assembler, you should check out MinuetOS, which fits on a floppy and is so well-made it's virtually bulletproof.
Click to expand...

You are correct Linux\UNIXis a powerful tool and used greatly amoung the hacking community as standard. But having the software is not enough. You have to know HOW to use them. You need to be able to know how to use packet sniffers, and Brute Force attack tools.

They simply do not have the expertise for cyber investigations.... Anyone can download Linux or Unix flavors, the key is knowing what to do with them once you get them.

This is my main point..... The cost of Cyber investigations far exceeds the retun on the investment for LEO agencies.
 
New_2_Chronic said:
You are correct Linux\UNIXis a powerful tool and used greatly amoung the hacking community as standard. But having the software is not enough. You have to know HOW to use them. You need to be able to know how to use packet sniffers, and Brute Force attack tools.

They simply do not have the expertise for cyber investigations.... Anyone can download Linux or Unix flavors, the key is knowing what to do with them once you get them.

This is my main point..... The cost of Cyber investigations far exceeds the retun on the investment for LEO agencies.
Click to expand...

Most tools come with plain-english instructions on how to use them, nowdays. Aircrack? Netstumbler? Samspade? All have directions that takes about 10 minutes to read and understand.

Nowdays, you don't need to know how to use the tools - there's scripts out there that will do the work for you.

That'd be absolutely hilarious, LEO turns into a bunch of script kiddies. Real hackers would chew them up!
 
Yeah thats funny..... I went to a class called Ethical Hacking and Countermeasures. This class basicly tought you hacking so that as a security engineer you would know the tactics and how to protect against them.

There is alot more to it than just "reading the instructions" or everyone with a internet connection would be hacking. You have to understand networks/security and how they work, otherwise it would be a lesson in futility.....

This thread is more of an informative thread on how computer investigations are conducted, how to protect yourself, and to put peoples mind at ease about enjoying the experince of this forumn.
 
Spyware, ADware and Virus threats

Id like to give you all some pointers and tips to protecting yourself against different threats and cleaning them once you get them. First are the necessities.

1. Firewall - It is my reccomendation that everyone with a internet connection has a firewall. First let me describe a firewall:

A firewall is basicly a GATE for your internet connection. You control when and how the gate is open. The firewall also makes your connection transparent on the internet. Basicly noone will know you are there..

Hackers use all sorts of tools to hack but first they have to find you. The way they do this is basicly scanning IP addresses on the internet. If they get an answer they will investigate further and you could be hacked. without a firewall its almost certain if they find you they will.

A firewall will not answer any requests and therefore basicly wont answer the phone when it rings.

Firewalls can be hardware or software, for home I would reccomend a hardware Router/Firewall combo or a software firewall which can be downloaded. I would goto somewhere that sells computer software and actually purchase one with a subscription. They arent expensive 20.00-40.00

2. Antivirus Protection - This goes without saying and most already know this. Get virus protection and keep it current,

Getting these two things can drasticly reduce the amount of viruses or spyware/adware that infects your computer.

3. Adware/Spyware protection - This is becoming a necessity as the internet and advertising mechanisims evolve. ADware/Spyware infects your computer from a internet site that is infected or a crazy link you clicked on. Some typical behavior may include

1. your computer runs slower than normal. This can be caused by many things but thesedays spyware infections are more common cause.

2. You get popups constantly while surfing the internet. this could be an indication of an adware infection.

Spyware can be a program that is remotely executed on your computer and runs in the background. This can cause a variety of issues including disabling your antivirus or firewalls, slowness, blue screen errors, programs not working right.

To clean this use a spyware/adware remover. There are alot of free ones out ther but I would highly reccomend LavaSoft Ad Aware. its a free download, has real time updates, and very effective.

Be careful about downloading just any spyware remover, spyware and adware infections can be delivered in this fashion. Use an industry standard version to avoid this.
 
Most people use their home computers to talk to their families and friends. I would guess that 80% of people have an e-mail address with their name on it. Well as you may experience from SPAM some websites can pick up your IP address and send you crap. Sometimes they even know your name! How do they know your name? Because of your IP address! Because the info is free!! They can get your info for free. The internet is also regulated by the government. Proxy servers work against spammers!! Well most of them anyways. There is a way to completely mask your IP. If you log into an open band or wifi connection that does not necessarily belong to you then it is not really your IP except those are usually within a few blocks of your surrounding area.

I'm sorry after rereading this post I can see why it is a little confusing. There are third parties that will give your information out for free with collaboration of other business. If you use your e-mail with your name on it then that is one way they can get your name but if you login to a site sometimes they can scan your IP and send you crap directly to your e-mail. That one is tricky because I really don't know how they do it but a lot of nasty sites like porno and really just iffy bad crap have extensive scanners to make sure that the people who log into their sites are not suspicious to them. If you give out your information on the internet anyways for catalogs or free stuff then they will give your info to third parties. So Sorry if that post was weird but I hope that was some clarification of what I wrote. The IP address is what they will trace and most internet providers will collaborate with the the government because if they don't they risk their business. It makes sense to me.
 
Allow me to disspell the myths.....

Most people use their home computers to talk to their families and friends. I would guess that 80% of people have an e-mail address with their name on it. Well as you may experience from SPAM some websites can pick up your IP address and send you crap. Sometimes they even know your name!
Click to expand...
The IP address is in the header information embedded in the email, well actually its not YOUR IP it is the IP of the sending mail servers for instance if i send an email through yahoo the header would have the yahoo mail servers IP address.

How do they know your name? Because of your IP address! Because the info is free!! They can get your info for free.
Click to expand...
Spammers dont get your IP and send you crap. They get you email address. Since most people have thier names in thier email addresses they can get your name as well. The ads are basicly form ads that they just fill in your name and send to your address in thier database.

The internet is also regulated by the government.
Click to expand...

This is a common misconception....It is monitored by thousands of agencies but not regulated. You are free to post whatever you want whenever you want...You can also be held accountable for your actions....

Proxy servers work against spammers!!
Click to expand...
Proxys have nothing to do with spammers.... Again spammers use email addresses.

There is a way to completely mask your IP.
Click to expand...

This is the function of Proxy's

If you log into an open bad or wifi connection that does not necessarily belong to you then it is not really your IP except those are usually within a few blocks of your surrounding area.
Click to expand...

this was suggested in my earlier post to use as an excuse.
 
KaliKitsune said:
Your standard Linux distribution comes with more hacking tools than regular LEO has. :)

BSD's even better. BeOS reigns supreme (too bad it's old and outdated.) If you are the cutting edge geek type and can code x86 assembler, you should check out MinuetOS, which fits on a floppy and is so well-made it's virtually bulletproof.
Click to expand...

I use fedora 9, and even the MP does use fedora 9, how did I know that??
they uses aphce something

thank you, I feel lot better knowing leos cant mess with me..
of course I have lot of live distro cds, and they serves their own purposes for my needs...nice distro cds on the big shelf I have..:rolleyes:
 
Thank you so much for this post it answered many many questions I had and alleviated some of my paranoid concerns. :D

Thank you!
 
Although I have a hardware firewall (wireless router with encryption enabled) I've long been a fan of ZoneAlarm, a free software firewall.

Everyone might not like ZoneAlarm, though, because it tells you about each and every incoming and outgoing internet traffic, so it takes awhile to "teach" zonealarm what's ok and what isn't.

Because of my router, I never see any incoming alerts, but I do see a lot outgoing ones! You would be surprised how much stuff on your computer accesses the internet that you didn't know about. Things like spyware calling home, a few standard microsoft processes.... In any event, ZA will let you know and you can decide.

New_2_Chronic said it well and one thing bears repeating clearly IMO: anyone with a computer plugged into a broadband connection without a router or good firewall (or both) is going to get hacked.
 
WONDERFUL INFORMATION! saved me time explaining it all.

<-- IT guy.
 
ArtVandolay said:
Although I have a hardware firewall (wireless router with encryption enabled) I've long been a fan of ZoneAlarm, a free software firewall.

Everyone might not like ZoneAlarm, though, because it tells you about each and every incoming and outgoing internet traffic, so it takes awhile to "teach" zonealarm what's ok and what isn't.

Because of my router, I never see any incoming alerts, but I do see a lot outgoing ones! You would be surprised how much stuff on your computer accesses the internet that you didn't know about. Things like spyware calling home, a few standard microsoft processes.... In any event, ZA will let you know and you can decide.

New_2_Chronic said it well and one thing bears repeating clearly IMO: anyone with a computer plugged into a broadband connection without a router or good firewall (or both) is going to get hacked.
Click to expand...

Good call Art. I use the Z/A Security Suite. It has a firewall, antivirus, and antispyware in an easy AIO package... A quick google should find an easy torrent.
 
You must log in or register to reply here.

Similar threads

NukeHeads
I am Cody Oebel owner of NukeHeads seed bank
2
Replies
33
Views
5K
Jan Borrego
Jan Borrego
burnin1
Why Marijuana Legalization Hasn’t Ended Reefer Madness: The Los Angeles “Hash Oil Factory” That Isn’
Replies
0
Views
928
burnin1
burnin1
hollowpoint
Flying With CBD? TSA Says It’s Cool
Replies
4
Views
3K
JimmyDozen
JimmyDozen
burnin1
Texas County Prosecutors Dismiss Hundreds of Marijuana Misdemeanors
Replies
0
Views
574
burnin1
burnin1
burnin1
Police: Legalizing CBD in Texas May Bring More Problems, Confusion
Replies
1
Views
1K
The Hemp Goddess
T

Latest posts

Back
Top