Saturday, August 23, 2003
A big howdy to my faithful readers, and to all those looking for lapdancers, ways to kill fruit flies and constipation remedies. I just spent an hour at my undisclosed location filing another incident report with a federal agency. When I went to electronically submit it, the hackers took over and it went to something I've seen before called blue icarus which has about 100 recipients. Some of these have problems with their e-mails. I saw it the other day when I couldn't send another federal incident report I spent an hour on. So you end up with messages like "Your message could not be sent because so-and-so could not download music on 8/23" or something bizarre like that. I didn't want to send the private information to 100 people anyhow. I guess they can hack me wherever I go. Or maybe more computers are just being hacked. Or maybe computers just act up and I really am getting paranoid. Is this the Crying of Lot 49? What's happening to my life?
The good news is that my brother and my daughter now believe I'm sane. By the way, I found out from Blogpatrol today that if you look up "logon process Rasman" in Google you not only get this blog, but you get an entire explanation of how they run their logon scripts.
My brother and daughter have had to apologize and eat crow because they saw the manifesto. I wish I could reproduce it here, but they did something so I couldn't save it to disc or CD. Instead I had to copy it by hand, since they disabled my printer. I thought I'd share some of these ravings with you. A little goes a long way. I don't want to lose the readers I have left. Any computer afficiandos who want the whole thing can e-mail me. I don't use my old e-mail but I still read it.
This was written in reply to my terse note that they'd better clear out by last Thursday at noon or lose all their files. I found it in the files, which I frequently go through to see what's new, since it's about all I have left to do on my computer, under "Review Your System's History," which had been something from Dell I think.
Here goes:
"Loads files to memory for later printing. Automatic Local System Protocal Storage (they like the caps) provides protected storage for sensitive data, such as private keys to prevent access by unauthorized services, processes or users." (Isn't that ironic? They're worried about security. Give me a break! "Automatic Local Services (ALS) (they never abbreviate or not capitalize anything) Qos RSVP (don't ask me) provides network signaling and local traffic control setup functionality for QoS aware programs and control applets. Disabled LS Remote Access Auto Connection Manager creates a connection to a remote network whenever a program references a remote DNS or Net BIOS name or address. Disabled LS Remote Assistance will be unavailable. Before stopping this service see the dependencies tap of the properties dialog box. Disabled LSR procedure call RPC provides the end point mapper LS routing and remote access offers routing service to businesses in local area and wide area network environment. (Say what? These are business people hacking me?) Disabled LS secondary Logon enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. (That would be my f**king point kids.) If this service is disabled, any services that depend on it will fail to start." (That would break my heart.) Now dig this, they're in the security business, "Started Automatic Local System Security Accounts Manager Stores Security information for local user accounts. ALS Serial Keys Manual LS server supports file, print, and named-pipe (sic) sharing over the network for this computer. If this service is stopped, this computer will not support legacy reader."
And it goes on. And on. All the services that will fail to start if I stop my computer from being in their network. But they make some interesting allusions about being in the security business. And there's this whole thing about smart cards. And they're very into Microsoft. Some of the names they use are Microsoft Terminal Services, Microsoft Windows Network and Web Client Network. They won't let me touch these files. And some of you may recall the post I did about MS sucking out personal info through the Windows Update downloads. I used a scientific article from something called Tec Channel. The hackers found it somewhere and posted it on my desktop with a note letting me know that it was from a journal put out by Linux. So they are very protective of Microsoft. Could they be former MS employees? They sure know their stuff. They certainly knew exactly where Windows was vulnerable. They didn't just go for the easy port 135. They got fancy and exploited the vulnerabilities in the Microsoft remote procedure call interface.
Anyhow my brother believes me now. I also shared some of my notebook of other signs of computer compromise that I have collected for the authorities that I am waiting for. My daughter believes a worm couldn't have written the above. So now I am ready to pull the plug. Perhaps I can get back to normal life and blogging soon.
So What Do YOU Think? COMMENTS
The good news is that my brother and my daughter now believe I'm sane. By the way, I found out from Blogpatrol today that if you look up "logon process Rasman" in Google you not only get this blog, but you get an entire explanation of how they run their logon scripts.
My brother and daughter have had to apologize and eat crow because they saw the manifesto. I wish I could reproduce it here, but they did something so I couldn't save it to disc or CD. Instead I had to copy it by hand, since they disabled my printer. I thought I'd share some of these ravings with you. A little goes a long way. I don't want to lose the readers I have left. Any computer afficiandos who want the whole thing can e-mail me. I don't use my old e-mail but I still read it.
This was written in reply to my terse note that they'd better clear out by last Thursday at noon or lose all their files. I found it in the files, which I frequently go through to see what's new, since it's about all I have left to do on my computer, under "Review Your System's History," which had been something from Dell I think.
Here goes:
"Loads files to memory for later printing. Automatic Local System Protocal Storage (they like the caps) provides protected storage for sensitive data, such as private keys to prevent access by unauthorized services, processes or users." (Isn't that ironic? They're worried about security. Give me a break! "Automatic Local Services (ALS) (they never abbreviate or not capitalize anything) Qos RSVP (don't ask me) provides network signaling and local traffic control setup functionality for QoS aware programs and control applets. Disabled LS Remote Access Auto Connection Manager creates a connection to a remote network whenever a program references a remote DNS or Net BIOS name or address. Disabled LS Remote Assistance will be unavailable. Before stopping this service see the dependencies tap of the properties dialog box. Disabled LSR procedure call RPC provides the end point mapper LS routing and remote access offers routing service to businesses in local area and wide area network environment. (Say what? These are business people hacking me?) Disabled LS secondary Logon enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. (That would be my f**king point kids.) If this service is disabled, any services that depend on it will fail to start." (That would break my heart.) Now dig this, they're in the security business, "Started Automatic Local System Security Accounts Manager Stores Security information for local user accounts. ALS Serial Keys Manual LS server supports file, print, and named-pipe (sic) sharing over the network for this computer. If this service is stopped, this computer will not support legacy reader."
And it goes on. And on. All the services that will fail to start if I stop my computer from being in their network. But they make some interesting allusions about being in the security business. And there's this whole thing about smart cards. And they're very into Microsoft. Some of the names they use are Microsoft Terminal Services, Microsoft Windows Network and Web Client Network. They won't let me touch these files. And some of you may recall the post I did about MS sucking out personal info through the Windows Update downloads. I used a scientific article from something called Tec Channel. The hackers found it somewhere and posted it on my desktop with a note letting me know that it was from a journal put out by Linux. So they are very protective of Microsoft. Could they be former MS employees? They sure know their stuff. They certainly knew exactly where Windows was vulnerable. They didn't just go for the easy port 135. They got fancy and exploited the vulnerabilities in the Microsoft remote procedure call interface.
Anyhow my brother believes me now. I also shared some of my notebook of other signs of computer compromise that I have collected for the authorities that I am waiting for. My daughter believes a worm couldn't have written the above. So now I am ready to pull the plug. Perhaps I can get back to normal life and blogging soon.
So What Do YOU Think? COMMENTS
Thursday, August 21, 2003
STILL HACKED OFF
I just have a minute but I'm so touched that you are still coming even though I can't be here every day. I'm busy doing research. Tonight, ten minutes ago, I found the answer myself. (I finally got ahold of Microsoft tonight but they wouldn't help me unless I was sitting in front of my computer which is no good because my only phone there is bugged.) The answer for how they got in is that they exploited the vulnerability in the RPC interface. And, of course, there's good old port 135 hanging open like a barn door. Thank you Bill Gates.
I found a computer property deal filled out yesterday with me listed as a "temporary variable." Nice, huh? I was touched that they still list me as administrator until I found that they list one of themselves as "owner." Whatdoyouknow?
They wrote me a manifesto tonight in reply to my ultimatum that they be out today by noon or I was re-formating and re-installing. I will try and share some of it with you tomorrow when I have more time. All I can say is think uni-bomber.
Gotta run. I did something you're not going to believe of MsRefusnik. I'm so hacked off I filed a grievance with Homeland Security and told them I'm being terrorized by terrorists. Well, I am. Never thought I'd be turning to them but I bet they jump on it.
Thanks for listening, really.
I just have a minute but I'm so touched that you are still coming even though I can't be here every day. I'm busy doing research. Tonight, ten minutes ago, I found the answer myself. (I finally got ahold of Microsoft tonight but they wouldn't help me unless I was sitting in front of my computer which is no good because my only phone there is bugged.) The answer for how they got in is that they exploited the vulnerability in the RPC interface. And, of course, there's good old port 135 hanging open like a barn door. Thank you Bill Gates.
I found a computer property deal filled out yesterday with me listed as a "temporary variable." Nice, huh? I was touched that they still list me as administrator until I found that they list one of themselves as "owner." Whatdoyouknow?
They wrote me a manifesto tonight in reply to my ultimatum that they be out today by noon or I was re-formating and re-installing. I will try and share some of it with you tomorrow when I have more time. All I can say is think uni-bomber.
Gotta run. I did something you're not going to believe of MsRefusnik. I'm so hacked off I filed a grievance with Homeland Security and told them I'm being terrorized by terrorists. Well, I am. Never thought I'd be turning to them but I bet they jump on it.
Thanks for listening, really.
Tuesday, August 19, 2003
SOMETIMES PARANOIDS ARE RIGHT
And I'm going to prove it no matter what I have to do. I just sent an e-mail to the FBI. That's how upset I am. I want these a-holes. I'm pissed. I'm pissed at the hackers who stole my computer out from beneath me. And I'm pissed at the people in my life who listen to my story and then ask, "Are you still taking your medication?" That really fries me.
I called my brother because he knows a little about computers and I usually value his opinions in most things. He listened for a while, and then said it was over his head. I said fine and thanked him anyway. The next thing I know my daughter is on the phone saying that I have to "admit it's just a worm" because my family is freaking out and they think I need to go to the hospital. He had to call my 17-year-old daughter to share these fears. I don't think she needed that regardless. I knew I was too mad to call him the next day to even tell him off, but he made the mistake of calling me. I gave it to him but good.
Before all is said and done I am going to prove that I was hacked or die trying. I can't stand for my honesty and sanity to be questioned like this. I mean don't we hear about computer security every day? Don't we all have firewalls? What's the big surprise? What's so unbelievable? I'm not a bank or a big business, but I think all they wanted was a new computer, preferably Windows xp with that open back door of vulnerability, that had a lot of storage space.
Anyhow, I don't want you all to get sick of me going on about this. In case you ever wonder if this is happening to you, here are some ways you can see differences between losing your mind and signs that your system has been compromised: These are from CERT, a federally funded organization which provides all kinds of good education and information.
Examine log files. I told you the other day the wild things I find in the event viewer. All the strange log in names and procedures all entered as "successful audits" under security. The 200x a minute message about a plug and play discovery center device stopping and starting to keep me from seeing any other error messages in the system. I did get to see some messages about lots of corrupt data and metadata and refiltering the documents and stopping and starting the index and volume of C: which is where all their files are. They have now done away with the search feature which is how I found their files. It is, I learned today by going to computer components, called "query the catalog" but I can't make it work yet. Check your firewall logs. Of course I not only ignore McAfee but block its access since they have its codes. I now use Zone alarm. The intercepted attempts in the log begin the minute I am logged in. They favor Win32, AOL instant messanger, Windows Explorer, things that sound innocent enough. Then you click the details button and find it is some dll program that is unknown in origin. Check the system logs. Check the task manager. Yesterday I found 40 programs, most of them I'd never heard of, running in the task manager when actually the only thing I was running was the task manager.
Check your user and password files. Are any accounts turned on that shouldn't be? Check for unauthorized services.
Look everywhere for hidden and unusual files. Go to files and folders and clear the box for hide system folders. I found they frequently called their folders by names that sounded like Dell, Microsoft, or sys on the surface. The other thing they do is that when the cursor hovers over the file the data will read something like February 23, 1999, which is years before I got the computer. Then when you go to properties you find the file was actually created July 22, 2003. They did this over and over.
Examine all machines on the local network. Check your local connections. Check your internet connections. Look at anything that asks if you want to share. I have menu choices that I can't change. I can click and click that I don't want to share something but all the clicking in the world won't change it. The cursor is powerless.
There's more, but that gives you an idea.
I've got to run. My underground computer place is closing. I did get them back a little. I found their files on how to use the AOL MusicNet I had just subscribed to but can't enjoy now. I cancelled it yesterday. I am still trying to cancel Broadband DSL but you're on hold forever--that's if I even have the real AOL. i Found files for "dial tones" and "phone recordings." These people are pros. I sometimes think they are the big nest for the blaster worm. They bring the stolen booty to unsuspecting people's computers who have lots of memory, and, unfortunately, I was one.
And I'm going to prove it no matter what I have to do. I just sent an e-mail to the FBI. That's how upset I am. I want these a-holes. I'm pissed. I'm pissed at the hackers who stole my computer out from beneath me. And I'm pissed at the people in my life who listen to my story and then ask, "Are you still taking your medication?" That really fries me.
I called my brother because he knows a little about computers and I usually value his opinions in most things. He listened for a while, and then said it was over his head. I said fine and thanked him anyway. The next thing I know my daughter is on the phone saying that I have to "admit it's just a worm" because my family is freaking out and they think I need to go to the hospital. He had to call my 17-year-old daughter to share these fears. I don't think she needed that regardless. I knew I was too mad to call him the next day to even tell him off, but he made the mistake of calling me. I gave it to him but good.
Before all is said and done I am going to prove that I was hacked or die trying. I can't stand for my honesty and sanity to be questioned like this. I mean don't we hear about computer security every day? Don't we all have firewalls? What's the big surprise? What's so unbelievable? I'm not a bank or a big business, but I think all they wanted was a new computer, preferably Windows xp with that open back door of vulnerability, that had a lot of storage space.
Anyhow, I don't want you all to get sick of me going on about this. In case you ever wonder if this is happening to you, here are some ways you can see differences between losing your mind and signs that your system has been compromised: These are from CERT, a federally funded organization which provides all kinds of good education and information.
Examine log files. I told you the other day the wild things I find in the event viewer. All the strange log in names and procedures all entered as "successful audits" under security. The 200x a minute message about a plug and play discovery center device stopping and starting to keep me from seeing any other error messages in the system. I did get to see some messages about lots of corrupt data and metadata and refiltering the documents and stopping and starting the index and volume of C: which is where all their files are. They have now done away with the search feature which is how I found their files. It is, I learned today by going to computer components, called "query the catalog" but I can't make it work yet. Check your firewall logs. Of course I not only ignore McAfee but block its access since they have its codes. I now use Zone alarm. The intercepted attempts in the log begin the minute I am logged in. They favor Win32, AOL instant messanger, Windows Explorer, things that sound innocent enough. Then you click the details button and find it is some dll program that is unknown in origin. Check the system logs. Check the task manager. Yesterday I found 40 programs, most of them I'd never heard of, running in the task manager when actually the only thing I was running was the task manager.
Check your user and password files. Are any accounts turned on that shouldn't be? Check for unauthorized services.
Look everywhere for hidden and unusual files. Go to files and folders and clear the box for hide system folders. I found they frequently called their folders by names that sounded like Dell, Microsoft, or sys on the surface. The other thing they do is that when the cursor hovers over the file the data will read something like February 23, 1999, which is years before I got the computer. Then when you go to properties you find the file was actually created July 22, 2003. They did this over and over.
Examine all machines on the local network. Check your local connections. Check your internet connections. Look at anything that asks if you want to share. I have menu choices that I can't change. I can click and click that I don't want to share something but all the clicking in the world won't change it. The cursor is powerless.
There's more, but that gives you an idea.
I've got to run. My underground computer place is closing. I did get them back a little. I found their files on how to use the AOL MusicNet I had just subscribed to but can't enjoy now. I cancelled it yesterday. I am still trying to cancel Broadband DSL but you're on hold forever--that's if I even have the real AOL. i Found files for "dial tones" and "phone recordings." These people are pros. I sometimes think they are the big nest for the blaster worm. They bring the stolen booty to unsuspecting people's computers who have lots of memory, and, unfortunately, I was one.
