Every move you make, I’ll be watching you

After a few weeks of being a network guy … I’m super busy, it’s hard, so hard! But I’m picking it up and besides, after what I’ve learned I’m almost afraid to do anything online anymore. Why?

Here’s a public known example that won’t get anyone in trouble to talk about that we can use for illustration: If you have Windows 7, goto your start menu, type “PSR” in the search box. Click on “Problem Step Recorder,” then click “Start Record” in the box that pops up top left of screen. Now, surf from one page to another for about one minute, maybe open and read some email for a few seconds. Has a minute passed? Good, now click “stop record,” … it will create a file and probably default to desktop. Save it, now open it … and enjoy the surveillance report and screen shots of every move you just made online.

This a really handy thing to know about if you’re trying to help someone over the phone and you want to see what they’re seeing. That’s why it’s called the Problem Step Recorder. They can turn that on, do whatever it is that’s confusing them, turn it off, save it and send it to you. You can now also turn it on and snoop on anyone logged into your PC. But it’s kinda obvious its running.

Which brings us neatly to the next point: the PSR is merely a visible, user friendly example of how dialed in and monitored a person can be these days. Because if you think there aren’t other types of activity monitors and auto logs built into the very core of every device, every community, and every network on Earth these days, especially but not limited to company networks, that aren’t being routinely checked, if you think that one trip you took to Facebook or your Yahoo account went unnoticed, if you think you’re the only one who read that juicy text or pic or email your significant other sent you, if you think every keystroke and mouse wheel command isn’t watched, written up, and sent to a head snoop for review, my advice is to redouble your paranoia and think again.


  1. magistramarla says

    Great. Now you are as paranoid as my dear hubby, who works in this sort of field.
    Congrats on the job! I was worried that we hadn’t seen a post from you in so long.

  2. says

    Just because they are out to get you, it does not mean that you are not paranoid.

    Back in the days before Internet, someone could hire a private detective to spy on you. Mostly people didn’t because it was too expensive.

    Today, they can gather lots of data and use it statistically. Sure, they could go through your data with a fine tooth comb to spy on you. But most won’t, because it is too expensive.

  3. Reginald Selkirk says

    And it gets worse.
    You might think that with such a pervasive threat of malware, there should be some government agency to help police Teh Interwebs and keep you safe. But what you will find instead is that there are government agencies who care about network security, such as the NSA, but they like for back doors and security holes to exist so that they can use them to snoop on people.

    On a minimal Linux system I maintain, it is fairly routine to see connection attempts made from the same few addresses, over and over, probing for weaknesses. The most common ones are coming from China, but also Brizil and Russia. Why have these attempts not been blocked before they get to me?

  4. mykroft says

    If you are truly paranoid about this, use browsers that enable incognito modes, i.e. don’t keep cookies, history, etc. Use a non-commercial OS like LINUX.

    If really, really paranoid, load VirtualBox on your computer, create a LINUX virtual machine and take a snapshot on your new install. Then use the the virtual machine for your browsing needs. To erase your steps, revert the VM back to its snapshot version.

    If really, really, really paranoid, bury your PC.

  5. mykroft says

    Blocking is easier to talk about than to do. For example, it is simple to spoof someone’s network address. An attacker can send lots of packets using someone else’s address, and if it triggers an alert on the monitoring system that address could get blocked.

    Also, the sheer volume of traffic entering and leaving the country is daunting. Mistakes, such as blocking a legitimate site by accident (or by the attack described above) could be very expensive, legally.

  6. says

    @3:Reg. I think you’ll find that governments are quite heavily involved in the oversight of Internet security, and not just the spy agencies who are looking to exploit certain weaknesses. However, they are focused on protecting more important targets, like the nation’s power grid and others that if hacked, could cause a serious threat to public health and safety. Protecting people’s personal web servers from the efforts of hackers looking to profit from weak security measures isn’t exactly the number one priority.

    I operate a VPS and see the type of hack attempts you mention all the time. Yeah, if my provider offered a way to automatically block those efforts from getting to my server, I might be interested, but it’s very easy to eliminate about 99% of the risk of hacks with a few easy security measures. For example, changing the default SSH port reduced the number of hack attempts by about 80% in one go.

    Most Internet users are protected from direct hack attacks by their ISPs, whose equipment is set up by default to close off most commonly used vectors of direct infiltration, and many also use email scanning services to block viruses and trojans being delivered that way.

  7. says

    if you think every keystroke and mouse wheel command isn’t watched, written up, and sent to a head snoop for review, my advice is to redouble your paranoia and think again.

    I’m sorry, but this is just silly. Yes, there is the potential of that extreme level of surveillance happening, but in all but the rarest of cases, it doesn’t.

    Firstly, keystroke loggers require access to your computer to install, and unless you have been careless with your antivirus protection regime or your personal computer equipment’s physical security (including passwords), then you’re quite safe from that level of scrutiny. If you’re the target of a criminal, or a malicious relative or acquaintance, or law enforcement, you might have cause to worry, but otherwise, you don’t. If you need to email or surf while at work, then use your smart phone if you’re worried that your employers might be snooping on you.

    On the web, traffic to and from cloud-based services have been protected by SSL encryption in the wake of the NSA scandal, so nobody watching your connection from elsewhere can tell anything more than which web site you are visiting, and that goes for Facebook as well, these days.

    Finally, there is a huge difference between software that tracks your web surfing habits to help companies target ads at you and people taking some kind of personal interest in you and reading what you’ve been saying online. Frankly, 99.99% of what people get up to isn’t of any interest to anyone, and there certainly isn’t enough time in the day for even the likes of the NSA to follow up on every potential red flag that their automated surveillance software digs up.

    Even most employers don’t go to the lengths your talking about. I would sometimes waste way too many hours surfing the web at my last company, and I would sometimes worry that I would be spoken to about it, but it never happened. Mind you, I did hear of people being fired for surfing for porn while at work, so there was clearly some monitoring going on, it’s just that my company applied some common sense to what they deemed permissible. Your mileage might vary, but most companies will be up front about the type of access they will allow their employees.

    It’s not that there aren’t some serious issues about the abuse of power that can happen with Internet surveillance. It happens, but the real problem isn’t being unknowingly swept up in some broad net of mass surveillance, it’s from an old and familiar source–the ability of someone in authority to use the power of the legal system to force companies to turn over identifying information about someone who has upset them or has opposed them in some way. That’s why, if you’re someone like a political activist, or journalist investigating abuses of power, then it certainly pays to take precautions — but for the rest of us, you would have to be extremely unlucky to fall foul of any type of web-based or computer-based surveillance if you practice good basic cyber security (i.e. strong passwords + secure equipment).

  8. says

    This actually is not very scary. Unless of course you have malware running with admin privileges in your OS. And that is certainly easy enough to ascertain. Just download Malewarebytes and run it.

    I adjust my paranoia based on the task I am performing. 99% are innocuous but when they are not I simply take the obvious necessary precautions, VPN TOR etc.

  9. says

    That’s a good question Reg. I’ve seen them too. With all the emphasis on documenting security events and concern over privacy events, for normal employees and admins like me, you’d think some clown hitting it over and over from outside the goddamn country would be bring at least as much if not more resources to bear. And so many things are connected now, if you’re into one tree, in network speak, every tree in every forest might look like it stands alone, but often their roots are so intertwined they might as well be a single organism.

  10. says

    I’d love to address this in detail, but I signed a disclosure agreement and don’t want to take any dumb, unnecessary chances. It’s safe to say on many employer networks, they can see whatever they want to see. And anyone who takes steps to block that process, say by plugging in hardware or installing software or opening special connections, is probably generating a report that they’re doing that and almost certainly violating their employer-employee contract in the bargain.

    If someone tells me “I am the highest level of trust at XYZ Inc and we don’t have the ability to recover page or email or keystroke logs or whatever for employees at XYZ,” maybe they really know that. But if someone were to say “I’m the highest IT/sec dude at XYC Inc and no one at ABC Ltd on the other side of town — where I’ve never worked and don’t know anyone who does — can see page etc logs,” I don’t if I would buy that because I can’t see how they could know that for sure.

  11. says

    My main issue with your article is that you conflate what you know about company networks with people’s home computers.

    No doubt there are many employers who monitor the use of their computers closely, but it depends on the type of employer you have. If you’re a software developer working for a West Coast blue chip company, odds are you’re employer isn’t going to be watching your every move (though they are likely to be logging your internet usage, at least, and might access those logs if you are suspected of doing something wrong.). If, however, you’re a minimum wage employee working for a help line contractor, you better assume that everything you do on that computer is logged in some way.

    However, unless you have someone in your own household that wants to know what you’ve been up to, that level of scrutiny is simply not happening at home. As I said, most major cloud-services companies are switching to SSL — go to Google, Facebook, and Twitter, and they force you on to an encrypted connection. Thus, not even your ISP knows more than where you are connecting to. Yeah, the companies see what you’re doing on their sites, and they may be using tracking cookies (it’s no accident that I’m seeing Linode ads on this site, even though I’m already a customer) but that’s a different matter. And if you don’t trust people in your own household not to put logging software on your computer, then you have more serious issues to be paranoid about.

  12. Reginald Selkirk says

    However, they are focused on protecting more important targets, like the nation’s power grid and others that if hacked, could cause a serious threat to public health and safety. Protecting people’s personal web servers from the efforts of hackers looking to profit from weak security measures isn’t exactly the number one priority.

    My analysis is based on the assumption that I am not special. If these bad actors are probing my site on a daily basis, they are probably probing everybody else as well.

  13. baquist says

    It’s really good to hear from you, and finally figure out you’ve found a job. Congratulations, and I’m very happy for you.

  14. Suido says

    Congrats on the job! All the best with it.

    Err. Best get back to using my work computer for, um, work. We got upgraded to windows 7 a month ago.

Leave a Reply