I HAVE been hacked and now I am unsure

Now that your computer's security has been compromised, you should trust nothing on it. If he hacked in with the admin password, there's no telling what sort of security risks he may have left laying around.

Back up all of your user data. Insert your Mac OS X install DVD and do an Erase & Install of the system. DO NOT restore any applications, programs, or system components from backups, unless you are *absolutely sure* that the backup predates the earliest intrusion. If you have no such older backups, reinstall all of your third party applications from the original install CDs or from fresh downloads. Then restore your user data (e-mails, documents, photos, etc) from your backup. Change all your passwords.

This sounds like more of a social engineering job than any actual hacking.

Orangekay: In this case it doesn't even seem the third party had prior contact or need to effect entry through social engineering -- just found an unsecured computer and wandered through it. It used to happen all the time on the LAN where I worked.

babydal: I guess some of this might be made easier if you knew if the person had permission (this is a computer technical term and not your permission per se.) to read and write, or just read. If the person had just read permission then the person may have copies of files but couldn't have left any surprises. Since this is difficult to assess I'd go with the safe approach as outlined by Kiraly.

Message was edited by: Limnos

I am dealing with an internet stalker who was successful hacking into my mac because file sharing was checked off. I was unaware that I had to actually go in and secure this system.

You did not get hacked because you had file sharing enabled.

In order to login into your mac's files they would have to be able to get onto your network and know your macs user name and password.

So to get onto your network you must have had your mac completely exposed to the internet, so your firewall should have been turned on and if you were behind a broadband router then you must have opened the file sharing port to the internet or they had physical access to your network or physical access to your Mac.

secondly did you use a weak password or tell anyone what your password was?

and this guy was able to hack in, steal passwords, rummage through all my HD, wipe out emails, take over my online community profiles and gosh knows what else

This would not have been possible if you all you had was file sharing enabled.

In order to do those activities you must have had screensharing enabled and remote login enabled, and you must have had either a weak password or you told someone your password. and if this was done over the internet then those ports must have been opened up on your router or firewall.

As you dont describe how your mac was connected to the internet, what kind of router you have, where you are (in your home, at college or work) then it is hard to say what your security vulnerabilities are and what to advise.

Disconnect from the net while you do it if you can.

Good advice from everyone, but first of all, secure your home network.

If you're on DSL broadband, ensure the DSL modem / router firewall is ON and has no port-forwarding enabled.
If you have Cable broadband, buy a router with a hardware firewall, switch it on and ensure there is no port-forwarding again.
If you use wireless, ensure you have wireless encryption turned on, WEP is better than nothing, WPA is better than WEP. Don't pick a lame short password.

Then look to re-installing the OS, if you're still sure than you've been hacked.

Oh, and if possible have a look in your logs to see if it shows how/where you were compromised.
You know, what users had access to what files, what wireless clients were involved.

Also, if he or she has been threatening you or your kids, why haven't you involved law enforcement directly, as in your local Police?

Threats of harm raise things beyond just normal "internet crime."

If you are running a DSL router/firewall combo, make sure it is not hung in Bridge Mode.

In bridge mode it will be like having your computer hooked up directly to the Internet with no
router and firewall in between. In other words, a sitting duck for hackers. All they have to do
is get around your computer firewall.

Your DSL provider can help you determine if your DSL modem router/firewall is properly configured.

Kj

Message was edited by: KJK555

babydal wrote:
Alot of stuff I cannot do because my ISP account is under roommate's name who is never here.
I cannot recover my system because all the emails to the software I bought and dowloaded were deleted by my stalker.

Get the ISP configuration info from some other source if you can't get if from your roommate, but make sure it is a trustworthy source, such as the ISP itself. In particular, don't fill in any DNS server entries someone has suggested unless & until you can research them & can determine that they are well-known ones. For cable modems, you can generally assume that 'Configure: Using DHCP' is correct & leave the DNS server & Search domain fields blank.

It would help us provide more specific info if you explained how you are connected to the cable modem, like directly to it with an Ethernet cable or wired or wirelessly through a router/gateway device.

Regarding the software you bought and downloaded, you cannot trust any of it as it is now installed on your Mac; in fact one or more of those applications may be the source of your security breach (for instance, a "trojan" pretending to be one thing when it is in fact another). You must only download software from trusted sources, like http://www.apple.com/downloads/ or http://www.versiontracker.com/. Do not click on links in emails (or this or any other web source) to download software without first making sure the actual URL is the indicated one -- if there is any question about it, hand copy the link into a browser window or avoid it altogether.

The least trustworthy sources on the planet are peer-to-peer file sharing ones, especially those offering free or hacked versions of commercial software or entertainment media files. Avoid them.

Most software that requires an activation code allows you to display that code in some 'about' box or preference. Write down all those codes you can find this way (& note the exact form of your name if it is included). Once your system has been restored to its factory state, you can download any software you trust again & use the code to activate it.

babydal,

Your (and your children's) safety is the primary issue here, not your computer.

From your IC3 comment, you live in the US. If you have a name, approximate age and former address/city or phone number or email address, your stalker can be located quite easily. Trust me on this.

If you live in a large city, your local police department should have a cybercrimes investigator (the feds are funding computer forensics junke^H^H^H^H^H classes for police departments). Contact them. If they won't help, the nearest FBI office probably has a cybercrimes division. Call them. If you have retained copies of the threats to your children, that's proof of a felony, and it's a crime that cops +really like+ to investigate.

It's a shame you erased and installed: That destroyed evidence. Do you have a backup drive that's still intact for forensic analysis?

If you lived anywhere near the old pueblo, I'd gladly lock down your computer. For free.

-Wayne