We received an email today from someone who is concerned
that they are being harassed by someone online.  The 
individual was asking the Handler's group for help in 
finding someone to help her track down an online 
attacker.  

I wanted to address this issue here. I have investigated 
similar claim in the past.  Without getting into much 
detail about the particular incident (to protect the 
identity of both the innocent and the guilty) I want to 
discuss my response to those who are concerned about 
Cyber Harassment and Stalking.  

Is it possible that someone could accomplish this? 
Absolutely. Is it likely?  - Not under normal 
circumstances.  

A lot of things could be happening behind the scenes. 

* You may have spyware or viruses on your computer that 
are allowing certain confidential information to leak 
out. 

* You may have given someone more information that you 
should have in a chat room or email.  

* You may have an unprotected computer with lack of 
sufficient protection (firewall,anti-virus program, 
operating system updates, etc). 

In the case that I investigated - the "victim" claimed 
that they knew who the people were that were 
responsible.  There was no evidence that anyone had done 
anything to the computer.  Nothing more than the 
installation of the normal - run of the mill spyware and 
adware was found.  

It is highly unlikely that this type of activity is 
taking place.  What is more than likely taking place is 
what we see evidence of everyday at the Storm Center and 
elsewhere on the Internet.  Take a look at the Internet 
Storm Center - you will see referenced the Survival Time 
and a link to the Survival Time History. The Survival 
Time right now - today is 23 minutes. That means that a 
computer - unprotected with no firewall, anti virus, 
spyware/adware protection will likely become infected in 
just 23 minutes. That is all the longer it takes to 
compromise a brand spanking new computer - out of the 
box.  Now take a look at the History link.  You see that 
we had less than 10 minutes in May 2004 and less than 5 
minutes in August 2004 (Blaster).

Take a look at the Top 10 Ports and you will see that 
there is continuous port activity. That is the nature of 
the Internet with 65,565 ports available you are bound 
to see some of them alive doing things like pop mail 
(110), web (80), DNS (53), etc.

So what can you do to protect yourself and your 
computer? 

Here is a link to the Survival Guide.  This document 
will help you put the things in place to minimize the 
potential for someone to break into your computer.

http://isc.sans.org/presentations/xpsurvivalguide.pdf

What do you do if you think you are being harassed?

Don't jump to conclusions.

Contact your local Police Department or your local FBI 
office.  They can investigate your issues and if they 
suspect that you do have a problem they can conduct a 
full investigation.

Don't give out personally identifiable information 
either online or by telephone if you did not initiate 
the contact.  Use caution when sharing information with 
others - even if you did initiate the contact.  Give 
only the information that is essential to complete the 
transaction or enquiry.

Only you can protect yourself and your identity.

Updates:

Luis Muñoz kindly translated this diary entry into Spanish. You may download the Spanish text here.

Sue Gray sent us a note about the Working to Halt Online Abuse website, which the persons who find themselves abused online may find useful: http://www.haltabuse.org.