Escaping A Targeted Intrusion - Private Investigator

[TeranceH]

I have experienced a targeted intrusion onto my computers for the last 5 years. There has been no effective escape.

 

This is not a random intrusion. I have been targeted by a private investigator, as that private investigator works with local law enforcement, there has been no assistance, investigation or prosecution for the intrusion/remotes control/surveillance/redirection.

 

Initially it started as WebWatcher by Awareness Technologies. I still have the appcompat file which they installed through windows mail in an email which did NOT need to be opened. The software deployed as soon as the email was delivered to the machine.

 

Since that time I have watched them update their program as they watched me expose it. There is no way to prevent a targeted installation such as this. They have the power to filter the web, and to disable avas programs. I have watched them disable all of the major programs. It seems the simplest method has been to install a junction or symbolic link which prevents a scan from ever completing.

 

The programs have been exposed on Linux, and Windows installations. Again, I have watched the installation programs download with me powerless to prevent it. I have attempted to work with it however the ability to control email and web access has made it necessary to confirm any information I receive. They are using me as their R&D department and updating their programs to circumvent/prevent my actions from being succesful.

 

The current version runs from a BIOS initiation, creating a virtual disk from whioh to load the program. As it them runs from virtual memory it has been difficult to nail down. But the clues are there that i am running a version of windows inside their window. Basically there are hardware issues which cannot be addressed while stuck in their window.

 

Numerous programs have indicated the presence of the surveillance/remote control/filtering program, but none can remove it. At best, I have watched protection work for a few hours, maybe a few days, and then become useless.

 

I have been lucky only because when I detected the initial intrusion in 2007, I pulled all hard disks from all computers. This has prevented them from placing incriminating files on my computer and then accusing me of responsibility for them. I immediately recognized the possibility/probability of this type of action.

 

You may be asking WHY? The initial install was by my wife, on my business computers as she planned a divorce. Once detected she and her lawyer hired the private investigator to cover the federal crime. The private investigator is former FBI and works directly with the county managing their informant program and also surveillance (without search warrants). This involvement with law enforcement has prevented law enforcement from taking any action, as they risk exposing thier own methods.

 

I have tried everything I can think of. 20+ years in IT and I have used everything I ever learned about computers and Internet and IP tracking.

Do you have any advice? I am under constant assault by the attorneys who have manipulated law enforcemetn into inaction. The lawyers have done the same with the courts. Once one judge was manipulated, 8 subsequent judges in the divorce have been forced to further the injustice in violation of laws and procedures. Most of the legal battle is documented on www.work2bdone.com/live It's not a whining divorce site. It documents a terroristic high tech divorce which has destroyed a family for goin gon 6 years.

 

Any Help or advice would b greatly appreciated. If you do contact me, i assure you I will respond. Remember, they control the computers. They also control the cell phone. Effective communication has not been easy. But here are work arounds, and once initial contact is made, they do not interefere as much.

 

Please help.

Terance Healy

[ritchie58]

Unless a judge approved a court order authorizing the electronic surveillance you described what this PI is doing is completely illegal! You should contact your own attorney about this as your rights to privacy are being criminally violated. Also, contact your state's Attorney General's Office and tell them what's going on. Make sure to have the necessary evidence and substantiated facts ready for them to view if requested. They'll have to have something to go on and not just your word. It's their job to investigate abuse of power allegations like this. If the AG doesn't want to get involved you always have civil court. Sue them for emotional distress, invasion of privacy or something! The F.B.I.'s cybercrime unit would be another consideration. Contact the newspapers, tell them the story. Perhaps they might get intrigued enough with the story to launch their own investigative journalism. The more people who know about your situation the better in my opinion. No one should be above the law. That said, if something like that happened to me I would format my Windows Operating System with a brand new install using a new hard drive I just purchased (I wouldn't trust just re-formating the old drive as remnants ready to replicate itself into a fully functional program could be deliberately left intact), consider using a good proxy service to mask my IP address while on-line, change my email address using a different email client, use a complex password to access my new email account (at least 9 characters of random numbers and letters, this will make it very difficult to hack into your email account) and wouldn't give my email address to anyone I don't completely trust and perhaps even change my ISP provider if need be. I don't think I would trust the built in Windows Firewall either. I would install a good third party firewall such as Comodo Internet Security (using the Firewall & Defense+ features) which gives you much greater control over inbound and, most importantly, outbound connections. Use a good anti-virus and keep it up to date (Immunet Free and Plus has Monitor Program Install and Blocking Mode features which will help prevent malicious programs from being installed. Immunet Plus will also monitor your email client for malicious activity and has rootkit detection/removal.) Then to be on the safe side I would install a behavior analysis/blocker program like Emsisoft's Mamutu to detect and quarantine anything suspicious (Comodo's Defense+ has H.I.P.S. like features as well). This is a excellent program at what it does and would highly recommend using it. Also I would use a complex BIOS password (if the motherboard supports that feature) to be able to boot up my system in the first place, just to be sure that no one messes with the PC while it's off and unattended. Then use the Windows password logon to load the OS as well. It would be a bit of a pain to use two passwords to get Windows to load but that's two passwords someone else would need to figure out. While going on-line I would also use a Guest account and not the Administrator account. That makes it a lot tougher to permanently install malware on the system. An even better solution would be to install a virtual system like Returnil, which creates a clone or mirror image of your OS. No permanent changes to the original OS can take place during a virtual session so that makes your system virtually malware proof! If your business uses a server environment with numerous endpoints perhaps Sourcefire's enterprise security solution is what you're looking for, it's called FireAMP. A few things to look into anyways. All is not hopeless in my view. You just need to get really aggressive with your security considerations and stick with it Terance! Regards, Ritchie... P.S. - the URL you posted doesn't seem to work. I got a message: Server Not Found

[ritchie58]

Here is some info about Webwatcher I found on the net. It's mainly legitimately used by law enforcement agencies, educational, institutional and business facilities and parents to keep tabs on their children's computer activities. That's why a lot of AV vendors don't include it in their scans. However it has been used by disgruntled employees, vindictive spouses, a suspicious significant other and numerous other reasons it wasn't intended for including downright criminal activity (identity theft). This program has root-kit like qualities. In that it's very, very good at hiding. It installs itself in multiple places on the system including the boot sector (startup program) and registry. If some files do get deleted it will replicate itself to fully functional again. You won't see it as a running process and all files are hidden. In fact the only thing you might notice is a small drop in system performance. I could see where this so called legitmate spyware could be used very easily for nefarious purposes! I read an article that supposedly Malwarebytes in "Chameleon" mode will detect and remove Webwatcher. Of course the person who planted it on your PC will now know of your attempt at removing it. There's other ways to remove it too. Click here.

[TeranceH]

You understand the situation. They see everything I do and can compensate. There is no escaping it when there are so many ways it has corrupted the system. Partial files, rootkit, certificates, group policy, you name it IT HAS BEEN INFILTRATED. I have tried everything, but there is no way out. No software to stop it. And I have been through every level of law enforcement, including numerous calls/visits to the FBI. They won't even look at it. After 6 years of trying, it is obvious they can't reveal the illegal actions of the County. The web link above should work, unless they are redirecting. Try searching for the words TERRORISTIC DIVORCE.

 

The good news is IMMUNETS approach. They can't sem to disable it completely... well, not yet. 19 rootkits detected so far.

 

Please spread the word... Every word of my story is TRUE.

[TeranceH]

The law does not apply to the people behind this intrusion. They have ignored the law from the very beginning.

 

The methods you indicate don't work, because they can see what I am doing and circumvent the programs/techniques. IMMUNET has something with the cloud approach.

 

They won't stop. They have no incentive to stop. But there is no escaping them until they are exposed/prosecuted.

 

Please help spread this story. I assure you every word on my web site is true.

 

www.work2bdone.com/live

[ritchie58]

If you say all the things I suggested won't work then I don't see how I can be of further assistance to you. Perhaps another forum member can offer some advise or other suggestions. Best of luck to you, Ritchie...

[TeranceH]

Ritchie, Thanks for trying.

 

I assure you I am not simply taking a defeatist approach. The programs listed have served only to expose the issue without any remedy. It has been demoralizing to find programs which will point out the 'hacks' but fail to offer any resolution.

 

It has become overwhelming at times to try to circumvent their surveillance and redirection. I basically decided it was pointless. I also have nothing to hide. I am doing nothing illegal. They, on the other hand, can see everything I do and manipulate and circumvent and prevent resolution. If you search the web for 'teranceh' you will find the history in forums since this issue began in February 2007.

 

There have been forums where people joined immediately after I posted and simply misdirected responders by indicating I was a child trying to get around his parent's supervision. At which point there is no further assistance offered based on their lies. Other forums simply attack me for presenting the WebWatcher issue instead of the clues. They seem offended that I know what is wrong and seek a solution.

 

The note about not being able to access my web site does concern me. If people are unable to reach http://www.work2bdone.com/live I would appreciate it if you let me know.

 

I am sincere in my request and the info I provide. I appreciate any help.