I found two different suspicious certificates in my keychain. Both have military email addresses attached and one is for a local person. They are not people I have exchanged emails with. What's going on here?
MacBook Air 13″, macOS 12.1
If you suspect your Mac has been compromised in such a manner, you should stop using it. Disconnect it from the Internet, create a backup (Time Machine or equivalent), and then erase it. That is literally the only way to assure yourself the effects of a suspected intrusion are eliminated. There are no other ways to conclusively determine their absence, other than to erase the Mac.
Then, consider the reasons that intrusion may have occurred. For example, your Mac may have been out of your possession for a while, allowing someone else to create an account on it, install remote monitoring tools, copy personal files... there are many possibilities to consider. Prevent that from occurring again.
Once securing your Mac in that manner, consider the same with your network. Your router for example must be off-limits to anyone but you and those you choose to authorize. Any wireless passwords you use should be sufficiently complex. Routers that can be configured using a web page have their own configuration passwords, and most people are not aware or do not bother changing their passwords from the default "admin" or "public" or similar trivial passwords. Anyone with access to your local network could then change their settings, upload custom firmware, and so forth. Another long list of possibilities.
Once you are assured your network is secure, you can reconfigure your Mac from an as-new condition.
This is only a very cursory description of what you should consider if you suspect your Mac is no longer secure. Having said that, you should also be aware that unauthorized tampering with computer equipment is a criminal offense in most places, so you should consider obtaining legal advice. That's beyond the scope of this support site. Your Mac may be considered evidence in a criminal action, so proceed accordingly.
Consider reading If you think your Apple ID has been compromised - Apple Support. Apple ID theft is very common.
There are lots of built-in certificates included in the operating system. I’m sure some of them are .mil certificates. I can’t speak to your Facebook account, but your Mac was almost certainly not hacked.
etresoft wrote:
... your Mac was almost certainly not hacked.
This.
The source of whatever intrusion you suffered is almost certainly not your Mac. Phishing, social engineering, even a phone call from someone alleging they're from Apple and they need your Apple ID credentials for whatever purpose are very popular.
People are easily hacked. Macs, not so much.
What do you mean by saying you were "hacked"?
A couple things... I believe I was being monitored or tracked through my computer. Then later my Facebook account was hacked. I know they may not be related.
I found a suspicious certificate in my keychain right after I was hacked
