Incident reported regarding security violation and intimidation.
Incident reported regarding security violation and intimidation.
I handle repairs at my own shop and recently met a client with an HP ProBook 445 who reported a "Jerry Spring esq" security issue. She explained that an ex-partner in IT had been monitoring her online activity after their breakup. He previously had access to most of her accounts and has been using that information to harass her. She disabled her webcam because the ex was sending her descriptions of her appearance. She relocated, switched ISPs, and bought a new router. The main concern I found was that she was logged into a Microsoft Live account he could access. My advice so far is for her to set up a new email address and create a fresh Live account, updating the email linked to her other accounts. After changing the email and password, and adjusting security questions—preferably ones only she knows or using them as passwords—she should enable two-factor authentication on all accounts. Some guidance suggests that altering her home Wi-Fi name and resetting the password before logging back in might also be effective. This situation is quite complex, but there are steps she can take to strengthen her security further.
Encourage her to reach out to the police for assistance in managing the situation. He should also employ a tool he hasn’t been able to access or control, allowing her to use a device that ensures privacy and security.
She must retain every communication. I’d report her to the authorities. This would fall under U.S. Computer Fraud and Abuse laws. Most states have separate rules; federally it’s limited to cross-state activity or a specific amount. My main recommendation is to reset all accounts with new passwords. It’s wise to reformat the device and reinstall Windows, just in case malicious software was installed. Another point is to try to predict when the harassment will occur—like knowing an exact time. If he’s working during company hours, she could inform the employer and potentially terminate his position. Violating company policies might also hold them legally responsible.
Unless she implements stronger security on her device, it will generally be reachable regardless. If he has basic personal details about her, it’s simple to locate an address using just her name, job, city or state, and then track the IP back to that location. Most individuals can accomplish this and identify someone, though it requires more expertise to actually operate a device on the network. Consider using VPNs, network firewalls, and investing in a new router/modem for enhanced security and features. Having it installed by yourself or someone familiar with the setup would be ideal, as ISP staff often struggle with these tasks. I could speak with a few people and possibly discover better options, especially since I have a friend who can handle similar work.
The best approach would be to buy a new device and keep the old one as proof for authorities to examine. She should also discontinue using M$ accounts and their associated software. VPNs aren't a complete solution—they merely alter her online location and don't fully secure a compromised PC from outside threats. I support the idea that law enforcement must be involved, as her situation demands legal intervention.