It’s true. I’ve picked up a cyberstalker. He reads DKos. Near as I can tell, he found me here. In the past month, since I originally signed up, he has obtained two of my email addresses (despite the fact that I have never posted them publically), sent me vicious email messages, fooled me into installing a Trojan horse on my computer, hijacked my browser, spoofed a friend’s email address to make his poison pen letters more potent, and nearly got me banned by my mail provider by using my address to harrass someone else. He reads my DKos posts and has referred to them in his messages to me.
You might wonder, as I have, why the heck anyone in their right mind would bother stalking a DKos newbie. I truly have no idea. I’m an absolute nobody here. My posts are few. I’ve avoided altercations. My only contributions, to date, have been some IGTNT diaries (ooooo, EEEEvil!).
But I’m not here to whine about my stalker. I’m here to warn you about yours. Because if this can happen to me, believe me, it can happen to you.
Why do I say this? I’m a computer professional. My computers are secure. Before you laugh derisively, trust me—I know that the closest you can come to having a truly secure computer is to put your computer in a vault and not hook it up to any network. It’s like sex: you can’t get pregnant or pick up an STD if you just say no. If you have network access, you are vulnerable to myriad attacks, to one degree or another.
Like sex, however, there are many precautions you can take to minimize your risk. My computer security is roughly the equivalent of using birth control pills, male condoms, female condoms, spermacide, and an IUD. Simultaneously. I keep the computer equivalent of Plan B on hand at all times, just in case of a catastrophic failure. And I know how to perform the security equivalent of an abortion, in case of top-secret-super-ultra-catastrophic failure.
Why the warning now? I could have issued it at any time, but I was moved to speak up because DKos and Kossacks are taking a lot of extra scrutiny now, courtesy of one Bill O’Reilly. He and his acolyte zombies are morons, but don’t underestimate their desire or ability to wreak havoc on you and/or your computer. Cyberharrassment is an easy way to cause someone a whole lot of grief while minimizing the stalker’s exposure to risk. Bill’O is inciting hatred, and hatred leads to...well...cyberstalking. And almost anyone can produce an unsophisticated cyberweapon.
In the interests of brevity, I will leave you with a relatively small and haphazard set of suggestions. If you want more information, ask in the comments. If there’s enough interest, I’ll write a subsequent diary with a more in-depth discussion.
The Bare Minimum in Software Security: Crimeware Prevention
I hope that every Kossack will find this section worthy of a yawn because you all know it already. But I’d be derelict if I failed to mention it, so...
Firewall and antivirus. The very bare minimum that EVERY computer should have is decent firewall and antivirus software. If you’re not running both, PLEASE get some. Windows users, ZoneAlarm is a good and free firewall. McAfee no longer appears to offer free antiviral, but both it and Symantec Internet Security are good. Mac users are at significantly less risk today than Windows users; I have been unable to find any credible reports of a successful viral attack against Mac OS X, though a number of threats have been reported. Nonethless, it is not impervious to attack; http://www.securemac.com and http://www.cert.org track threats to Macs. The Mac comes with a built-in firewall, and one of the commenters has recommended ClamXav for antivirus. Symantec also makes a product for Macs, but I have not used it.
Anti-spyware. Though many people tend to lump it together, spyware is an almost entirely different animal from viruses. It tracks your surfing behavior and may report back to people you’d just as soon not have that information. Spyware generally includes a class of crimeware called keyboard loggers, which, as their name suggests, monitor your keystrokes as you type and send this information to someone who shouldn’t have it. Spyware is, in other words, a nasty type of crimeware unto itself. While most antivirus software today will identify the most egregious of spyware threats, I have yet to find any antivirus software that does a good job of combatting spyware. Spybot Search & Destroy, Adware, and Spyware Blaster are decent freeware and are better than nothing, but they’re not stellar. My favorite commercial product is Spyware Doctor, though the latest version was a complete rewrite and has some non-trivial bugs. Spyware Sweeper is pretty good, and Adware has for-fee versions that are better than the freeware version. (PC Magazine reviewed some anti-spyware software earlier this year, if you’re interested.)
KEEP YOUR ANTI-CRIME SOFTWARE UP TO DATE. New threats are created daily. You should be updating your anti-crimeware definitions at least a couple of times a week, and should be looking for updated software at least a couple of times a month.
Frankly, if you aren’t running up-to-date firewall and antivirus software, you are part of the problem. It’s your business whether you choose to allow your own computer to get infected, but if your computer isn’t protected, it’s a danger to the rest of us, because it’s waving a "WELCOME CRIMEWARE!" sign all over the internet. I’m not exaggerating. I have worked on more computers than I can count, and I have never once ministered to an unprotected computer that wasn’t utterly infested with crimeware. Many of them had unwittingly served as launching boards for broader attacks. Crimeware can steal your address book, which puts your friends and family at risk, as well as all manner of personal information (user names, passwords, surfing history, account numbers, chat sessions...if you typed it or viewed it on your computer, it’s fair game).
The danger of wireless... If you are using a wireless router, you should secure it with using WEP or LEAP. I’ve used most of the name brands in routers, such as Netgear, Linksys, and Belkin. My personal preference is Netgear, but any 802.11b and 802.11g compliant router with a firewall is probably fine; the difference is typically speed and user-friendliness (plus a bunch of features the average person never uses). If you don’t password protect your wireless router, you are inviting anyone who is in range to use your router and possibly spy on the packets your computer is sending. Someone on my block received a visit from the FBI when a criminal gained internet access through her unsecured wireless router from the street and launched an attack on a web site somewhere. She escaped trouble, but do you need the headache?
Other software: There are other kinds of software that aren't necessary, but that I find useful. I won’t go into these in detail unless there are questions (or requests for more information). A couple of these are:
- Anonymizer software, which hides your IP address. Your IP address can give a stalker information about your physical location. Moreover, your IP address is often the anchor that spying sites will use to associate your behavior and information with you.
- Shredders, which delete your browser history and other traces of your computer activity. Apart from saving you a lot of disk space, a shredder can get rid of personal information that your browser and other software automatically save on your computer. (My stalker definitely got into mine.)
Behavior
The best security software arsenal won’t save you if you don’t behave cautiously. You shouldn't be paranoid, but you do need to be careful. I’ll note just a few common mistakes.
Passwords, passwords everywhere: Always protect every account you have—including your computer’s login—with a strong password. Moreover, don’t let your computer or browser remember your passwords. I know, this can be a hassle. But the majority of problems I’ve seen could have been avoided if this advice had been taken.
Click with caution: Don’t click on any link or attachment in an email message unless (a) you’re sure of the sender, and (b) you’ve run your antivirus software on any attachment. When you’re contemplating whether you know the sender, remember that it is easy for someone to spoof a return address (i.e., to send an email message to you using someone else’s address). I don't click links in email messages. It’s safer to copy and paste the address, after you examine it carefully for small typos that may indicate that it's a hoax (e.g., whitehouse.gov is the White House; whitehouse.com is a porn site).
Protect your email address: Never put your real name into any email address that might get into the hands of a stalker. The internet makes it way too easy to find information about people.
You’re better off creating different email addresses for different sites for which you register. This way, you can tell more easily whether you’ve just received suspicious mail. (If you receive a banking request at your DailyKos email address, it’s pretty clear that this is not legitimate. And if someone sells or redistributes your email address, you know who it was, because you only ever gave that address to one recipient.) Several pieces of software exist that will create temporary email addresses for you (e.g., Nyms), which greatly simplifies the process of address management.
In Conclusion...
The internet is a wonderful place. Use it confidently. But remember: a little caution can save you a world of trouble.