This is SCARE-EEY!!!!

a reply to: Hecate666

I've used a metric ton of USB devices on that machine. I would say not a day goes by where there wasn't one (or 5) USB devices plugged into that machine. This is one of the reasons I scanned it as frequently as I did, just because of that.

So, is it possible? Absolutely. However, I would have thought the virus scanner or Malware bytes would have picked it up.

My next endeavor is going to be going through the registry so I can see where and when it has been modified, and for what purpose.

a reply to: IAMTAT

Well, for the ones not about work I've already done that and there's about a 80% match, but I'm not really too surprised at that. Kind of stands to reason that something on my mind might get discussed in more than one place on the day it's burning a hole in my head. The Otto Warmbier thing was one example.

I tried to help you. You just blew me off. Not even a thanks? Was really looking forward to some response to what I posted to try and help you. You just ignored me, well good luck with your endeavor then. Peace.

a reply to: Flyingclaydisk

Last month I was playing around with some Network Video Recorder software that comes with those security camera's for your home if I could configure it to record from my laptop cam.

Normally you can set those cameras to start recording if movement is detected and it also stores the audio recording if the camera has that feature.

The software saved all recording as mp3 files to the win/my movies and win/my music file by default.

It's the only thing that comes to mind.

Peace

originally posted by: PapagiorgioCZ
a reply to: Flyingclaydisk

Not saying you are not speaking the truth but you didnt notice several Gb of disk usage?

Well, a couple things. First, total storage usage for these files is just over 1 gb (about 270 files) and the drive was a 250gb drive, so not a large percentage. Second, I have to work with mammoth files every day, so I chew up mountains of storage on a daily basis. I probably wouldn't have noticed small incremental changes like that when I'm saving multi-gb 3 dimensional design models.

Why would an agency store data on a disk instead of downloading it without a trace? It looks amateurish.

No idea, and yes I completely agree, seems amateur. That is, unless...whatever it was needed to store the files until the next time I was on-line. I generally physically shut off my WiFi unless I need access to the internet. The files are hidden somehow because I can't see them anywhere when I just look, but when I run that search they show up.

Maybe you should call police to get it analysed by professionals. It may be Chinese or NK industrial espionage. Or just private industrial espionage.

I haven't decided yet what I'm going to do about it, or if it's even serious enough to be actionable. It is an option though.

The complete conversations part is really odd. If it were a random bug then it seems to me that there would be plenty of cut off conversations or some that began part way through. The conversation you're fairly certain that took place when you were in your car sounds to me like there is some other device that is listening to you.

This sounds very purposeful and directed.

a reply to: Shockerking

I'm sorry, I didn't mean to blow you off. Thank you for the links. I actually did make note of them. In order to run any new diagnostics on that machine I will have to get an external keyboard (minimally) which I don't have at the moment (at least not one I can use).

Right now I'm trying to keep the usage on the machine as low as possible in case the whole thing decides to go ka-boom. When I get an external keyboard I will then be able to run the links you sent and report back with my findings.

Again, I did not mean for you to think I was ignoring you. I wasn't. My apologies.

ETA - Next time I start it up I want to be able to accomplish two tasks (completely). 1. I want to interrogate the registry, and 2. download and run the diagnostics from the links you sent. It doesn't accomplish much to run those on this machine, but rather the machine which crashed, right? Or, am I missing something?

originally posted by: Flyingclaydisk
a reply to: Shockerking

I'm sorry, I didn't mean to blow you off. Thank you for the links. I actually did make note of them. In order to run any new diagnostics on that machine I will have to get an external keyboard (minimally) which I don't have at the moment (at least not one I can use).

Right now I'm trying to keep the usage on the machine as low as possible in case the whole thing decides to go ka-boom. When I get an external keyboard I will then be able to run the links you sent and report back with my findings.

Again, I did not mean for you to think I was ignoring you. I wasn't. My apologies.

ETA - Next time I start it up I want to be able to accomplish two tasks (completely). 1. I want to interrogate the registry, and 2. download and run the diagnostics from the links you sent.

it's all good, got to say I am very intrigued by this.
Like I posted that detekd software should let you know if you do in fact have keyloggers and or mic loggers.
I also have other stand alone software links if needed, but the one I shared to you are the main ones you should try first.

Keep us posted.

a reply to: jadedANDcynical

I agree, that part is pretty disconcerting.

originally posted by: Flyingclaydisk
a reply to: Shockerking

I'm sorry, I didn't mean to blow you off. Thank you for the links. I actually did make note of them. In order to run any new diagnostics on that machine I will have to get an external keyboard (minimally) which I don't have at the moment (at least not one I can use).

Right now I'm trying to keep the usage on the machine as low as possible in case the whole thing decides to go ka-boom. When I get an external keyboard I will then be able to run the links you sent and report back with my findings.

Again, I did not mean for you to think I was ignoring you. I wasn't. My apologies.

ETA - Next time I start it up I want to be able to accomplish two tasks (completely). 1. I want to interrogate the registry, and 2. download and run the diagnostics from the links you sent.

it's all good, got to say I am very intrigued by this.
Like I posted that detekd software should let you know if you do in fact have keyloggers and or mic loggers.
I also have other stand alone software links if needed, but the one I shared to you are the main ones you should try first.

Keep us posted.

a reply to: saltlick

If it was [chinese] malware, it's to get passwords or other data to use for dodgy purposes.

dp

Also like I mentioned earlier if anyone has inserted a thumb drive. It could be that some nosy acquaintance wanted to keep tabs on you (for sh!ts & giggles) using a cheap script (easily found online) and bootloaded it with their thumb drive on your machine. Maybe showing you some music or photo's at one time? It just might be that individual you had the "Otto Warmbier / North Korea incident" discussion with? How tech savvy is he or her? just sayin'.

To me this seems to be the most likely culprit.

a reply to: Shockerking

I will (keep this thread posted). I'm actually kind of surprised at all the attention this thread has gotten. I've spent a good portion of the day trying to respond to everyone (and unfortunately, I did not respond to you previously...as I wanted to respond with some results). I should have just said that I guess.

I too am intrigued by this. I cannot for the life of me understand how something like this got by me. I would say I'm on the cautious side when it comes to things like this, and I'm always looking for these kinds of things too. In some ways I almost take it kind of personally, and now I want to know how mostly. Why and who would be nice too, but I don't hold out a lot of hope for those last two.

a reply to: Shockerking

Could very well be from a thumb drive, it's a definite possibility. I would have thought my scanners would have picked it up though as I automatically scan every device before I transfer any files in or out.

Regarding my conversation about Warmbier, the guy I had this discussion with is an absolute genius (for real) which is partly why I had the conversation with him. Just staggering the stuff this guy knows. I mean literally "staggering" too! But, I've known and he's been a dear friend for going on 30 years now. There's no way he would have done it.

Another thin also. I am not trying to make you paranoid, but you can get GPS locator modules dirt cheap nowdays that let to track peoples activity in real time on any phone, Might want to search your vehicles high and low for such devices, the board would be in a waterproof case with some kind of easy access for battery changes.

I seriously think you have someone spying on your activities and I would not take this lightly bro. Not in the least.

a reply to: Shockerking

Heh, well, as it turns out I do have a spectrum analyzer and RDF equipment, and they happen to be sitting in the next room. If there's something (anything) transmitting within about a 25 mile radius I can see what it is, what frequency it's broadcasting on, what it's effective radiated power is...and even locate it to within less than a meter. I can also intercept the signals, record them and depending on the encryption, even decode them. Radio and RF is one of my strong suits.

originally posted by: PokeyJoe

originally posted by: dug88
a reply to: Flyingclaydisk

My recommendation, remove windows, format partition that did have windows, install linux and never worry about your computer spying on you aga....well unless you have an intel or AMD processor....oh right....uh...yeah...Hmmm yup computers spy on you....

Vault 7 showed that there are indeed many exploits used for spying on Linux machines.

www.google.com...

Hmmm

The OutlawCountry Linux hacking tool consists of a kernel module, which the CIA hackers load via shell access to the targeted system and create a hidden Netfilter table with an obscure name on a target Linux user.

"The new table allows certain rules to be created using the "iptables" command. These rules take precedence over existing rules, and are only visible to an administrator if the table name is known. When the Operator removes the kernel module, the new table is also removed," CIA's leaked user manualreads.

Although the installation and persistence method of the OutlawCountry tool is not described in detail in the document, it seems like the CIA hackers rely on the available CIA exploits and backdoors to inject the kernel module into a targeted Linux operating system.

However, there are some limitations to using the tool, such as the kernel modules only work with compatible Linux kernels.

I'll take the chance of that oddly specific and fairly difficult to target and install cia spy tool over an operating system built from the ground up to spy constantly on everything you do and report back to Microsoft.

Hell even calc.exe sends telemetry back

github.com...

Which Microsoft states pretty clearly is used to advertise to you.

"You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our products."

"Microsoft uses the data we collect to provide you with rich, interactive experiences. In particular, we use data to:

...

Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers."

Also another thing, I asked you earlier about what media player you where using? I mainly use VLC and MPC-HC, these players both have the ability to record audio on the fly with scripts. I like both of them and trust them. But saying that it is way easy to manipulate the with spy scripts and are very vulnerable to hacks. The easy solution is to uninstall the app and then do a registry scan (with good reg software) and then do a new install. This would cleanup any add on scripts that might have been introduced to the app through any vicarious and or malicious methods.

Now that you've more or less determined that the file names are time stamps, you should be able to look at the date range of when this was happening.

Considering these all seem to have taken place only in 2017, does that correspond to any particular project of which you were a part that had similar start and end dates?

Similar to what IAMTAT mentioned, are there any topics about which you posted at that time but have not revisited since?

There is obviously software of some sort to which this is tied, and you equally obviously are savvy enough to determine what that might be. If this is something that is beyond your ability to figure out, it opens up the possibility (seriously to me anyway) that it was some sort of government action.

Once you are able to examine the registry, hopefully you will have a better idea of where to go from there.

I'm still really puzzled over the conversation you say you're fairly certain was in your car. If this turns out to be the case, then there is some sort of external device that is also communicating with your laptop without your knowledge or consent.

I'm surprised that you're surprised at the interest this thread has received. This is classic ATS stuff and coming from one of the members I (and seemingly many others) highly respect only makes it all the more intriguing.