IDS: Computer Security - Long message

["Luiz da Camara Leme" <camara.leme@mail.telepac.pt>]

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

Hello Everyone,

Sorry to disturb you with somewhat off topic subject, but I just run out of
ideas to cope with a very bad situation, and need someone with a suggestion
to keep on going with this misery.

I must tell you that I am responsible for supervising the Company's hardware
and software but I am not a system administrator, and I lack a lot of
knowledge I which I did have.
I am loosing somewhere between 30 or 50 percent of my time with this
problems.

I will try to be as short as possible, making short a very long story, only
with a few major facts, enough only to put some questions in the end.

For a few years I am battling a war against someone in the Company I work
for, that has access to my computer (and I can't do nothing about it) and
this fellow with the help of *technicians* of some sort, (outsiders) started
stealing whatever I did have in my computer.
This was probably going on for years without having noticed it. The people
that was doing this, started being careless, and revealed they  were knowing
things they were not supposed to, they were anticipating whatever I was
doing, up to the point that I started to image someone was reading my
thinking !!!

ZIP drives carried in my pocket all the time was the first solution, with
some strong encryption.
The 6 an 7 January 1998 they were stolen, but with a lot of the files that
could not be opened outside my own computer. This was a very bad thing but
revealed, for sure, WHO was doing this, a person I imagined above all
suspicions (its always the same isn't it ?).
So a break in at the Company followed one day that I was sufficiently
careless to leave the Company with my computer ON (I know I should know
better !) and they opened some of the files, because the most sensitive ones
had double encryption with different programs, and they lack the second and
third keys.

Some months before connected my computer to the NET, something I can't give
up, and one good day I started noticing that the computer was tremendously
slow.
Suggestions and software from the Net and I realized that a virus of some
kind was  introduced in my HD's and everything I was writing was being sent
over the net. First copies of my files were being made and then sent over
the lines...
Again people showed that they even new when I was supposed to go to the post
office !
This kind of virus (I think a kind of Trojan), resist detection with all
software I could throw at it (I am a registered user of all Symantec
software) and also resisted formatting. I had to have a technician to format
the MBR but I am not sure I got rid of the *animal*

This *animal* made copies of all files I was making or manipulating in
virtual folders. In a 100 MB Zip drive I was able to detect 32 MB of my own
files. They were made apparent by defragmenting all disks and then deleting
everything they had (apparently) just to find out what was left. The bigger
the use, the bigger the virtual folder.

So the hard drives were put in drawers and I started carrying them all the
time. Well, they just contaminate some disquetes I also used and I got to
start all over again.

When I circumvent this, they somehow started tampering the BIOS, and it now
prevents defragmentation  of HD's and Zip disks with whatever program I try
to do this. Windows, Norton Utilities etc. They *defragment* the hard drives
say everything is ok and the HD wasn't defragmented even 1 per cent. I redo
everything and its the same. ALL Company computers are in this situation.
I reported the incidents in writing, but, because this can be undone by the
person who did it, I am even afraid of being called a liar if one good they
a test is done and everything appears ok ! (We all know what they will do
nest !)

TODAY, Saturday I was at the company and had to go out for lunch just for
less then an hour, but carrying my HD's with me. Big mistake. Just 10
minutes after I left the *animal* owner came in.
I restarted my computer and looking and hearing at some anomalies at the
start I immediately sensed danger. I was right, the Firewall does not work
properly anymore. All ports but one at a time are not monitored, and only
the outbound ports. No inbound ports are controlled.

Here I go again...

The logs are full of 12345, 31337/31338, and dozens others I do not know its
meaning and the Firewall states as Unknown, ports 53, 54 you name it. The
logs have more warnings than traffic !

Most of this files are already lost with the first formatting but a few days
of *work* and I have hundreds of pages of *warnings* again.

I ordered some 32 pin ZIF Sockets for Flash EPROM's, and I will buy some new
BIOS and will carry them with me also.

The HD is almost constantly *working* for no reason at all.

The loss of ours and of personal files, over 2.8 GB of it, is preventing me
of doing my job as I should, and I am being attacked for this reason (by the
*animal* owner, who else ?)

I simply run out of ideas, so I have some questions.

1. Is it possible to buy non flashable BIOS that could be tampered proof ?
2. Is there a way of preventing the use of the BIOS reserved memory for
other purpose ?
3. Does anyone know any program that I could use to see whatever  is inside
of the BIOS ? I heard about one *Get BIOS* but its a very old DOS program.
Anything else. (This would be really nice).
4. Apart from the BIOS and the BIOS reserved memory at the EPROM inside of a
normal computer is there any other possibility of interfering with its work
?
5. I was told that the keyboard could also be tampered for password
stealing. Is this correct ?

Please also note that I was somehow intentionally vague because I don't want
to help this people, just in case that my mail goes to more places than I
intend to (it's not impossible to do with this kind of *animals*).

Hope there is someone that could give some idea on how to cope with this
fellows!

All the Best
Luiz da Camara Leme