[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hair raising experience with apparent hacker attack



PureBytes Links

Trading Reference Links

I am wondering if there is a connection between purchasing Black-Ice
software and the intrusion attack. I am probably paranoid (one more
strength to my personality would not change much) but someone could monitor
purchases of Black-Ice software and if you are the purchaser then you have
something valuable on the computer to protect, and you are interesting
target for the intrusion.

One way to check my hypotheses to sample reports of the people before and
after buying the Black-Ice. That could be done with the Black-Ice
cooperation. If the hypotheses turns out to be correct that would help them
to "catch the mole".

Paranoid Alex.

At 07:43 PM 12/14/99 +0000, Fred wrote:
>I just had a hair raising experience.  It turned out to just be an big
>inconvenience, but it sure woke me up to the disaster it could have
>been and how little I could do about it.
>
>Executive summary: If you are connected to the internet for long
>periods of time, such as using it for your data feed or some other
>purpose, .get an intruder monitor.  
>
>The story behind this conclusion  is long so come back to it when you
>have time to relax and perhaps have a chuckle at my expense.
>
>I use a cable modem/fixed IP address for my internet connections which
>are on 24/7.  However, the import of my experience should apply to
>anyone who is on the internet for long periods of time since even if
>you use a dial-up account once you are connected, your IP address
>stays the same until you are disconnected.
>
>I have three ISP accounts, one for each computer.  They are all
>networked via a hub which is also connected to the cable modem.  I
>didn't want to turn off file sharing because that would defeat the
>purpose of having my computers networked..   Consequently I had been
>concerned about hacker/intruders because the warnings specifically
>directed cable modem users.  So, Sunday Dec 5th after some research I
>purchased and installed Black-ICE (previously mentioned on this list
>by others)
>
>I was quite taken aback by the scans for weaknesses done by hackers
>that Black-ICE reported, by danger levels, and prevented.  (Black-ICE
>let me turn OFF file sharing for the internet but leave it on for my
>LAN).  There are hacker programs that will simply scan millions of ISP
>addresses looking for an opening.  Most of the time these are benign
>unless you already have a virus designed to let them in.
>
>This Monday Dec 13th, someone who had done a port probe or scan on the
>8th and 9th hit me non-stop on one of my trading computers.  Black-ICE
>went wild!!  (so did I!!---I have my brokerage accounts and do
>electronic banking on this machine).  I could tell by the lights on my
>hub which computer it was attacking so I simply pulled it's network
>cable out of the hub.  But, the moment I put the plug back in Black-
>Ice would show non-stop attack.  Right now I get my RT market data
>from BMI via the AMC channel, but I use the internet to place my
>trades.  If I am not connected to the internet I don't trade, since my
>back-up connection is to emergency exit trades not to initiate them.
>What would I have done if I was getting my data from the internet?
>
>The lights on the cable modem showed that the intruder was still
>trying even though the victim-computer was removed.  My ISP's response
>was "not our problem" which of course makes sense since they don't
>have the wherewithal to pull the hacker's account.  I called the
>intruder's ISP in Colorado.  The said they would ask the intruder to
>stop. At 4 PM it was still happening.  I had to leave then, and when I
>got back at 9 PM it had stopped.  HoRAY!! I'll be able to trade
>Tuesday.  WRONG.  Tuesday morning it started again, and I un-hooked
>again, called Colorado again.  They hadn't yet gotten a hold of the
>intruder yet, but were working on it.  Since I couldn't trade I
>thought I should do something productive--such as finding out what my
>recourse might be against this intruder.  Not much.  The harshest
>thing the perpetrator's ISP will do is kick them off, IF IT HAPPENS
>AGAIN!!  There are no government agencies that can or will help you
>out in such a situation.  You must first "get hurt".   What are you
>going to do, paper trade and sue for the gains made if you could have
>traded that day?  This scenario only applies if you know your being
>hacked and have at least kept them out of your critical personal data.
>Very few of us have installed intruder alert programs, so it makes
>sense that this must happen more than we are aware of.  The Colorado
>ISP told me they couldn't tell me who it was without a subpoena.  In
>trying sleuth how I might get some help in this I asked him which
>government agencies had he received subpoenas from.  He wasn't sure,
>but he would go back through them and let me know.  He gets them from
>all  over the place!  So obviously it has been bad enough for some
>that they had to engage an attorney to take action.
>
>I did eventually find out who the intruder was and the attack turned
>out to be innocuous.  Since this post is plenty long and in case you
>have had enough of this I will give you that part of the story in
>another post with the subject: Squawking Intruder.
>
>Fred