Mac was hacked on local network by roommate-how to re-install my files w/o reistalling command/terminal hack codes?

Don't be so quick to judge.. Same thing happened to me.

I Was living with a family member I have just been intorduced to and he often asked to use my "big screen". ASSUMING he didnt know much about computers because I was told by other family members he is as dumb as a box of rocks. (My family is a bit of a mystery, obviously). I began to notice on my iPhone from looking random request and looking into my data usage. I began to look at my MacBook Pro and there were duplicates of multiple files. What really got me was when I would deny request or view certain things on my iOS devices. I could hear his initial responses from room. I confronted him about it and he blamed my uncle. I'm 100% certain and I do not have a problem CONFRONTING police about it considering I know he has a warrent out for his arrest... but I do not have any real physically evidence . I began to get extremely paranoid getting into fights with my mother and father because no one would hear me out and believe me. Then finally turned to me when all of our iPhones were set with some kind of SIM code. And now because i do not have MUCH knowledge about Mac's(just enough to understand what was happening) I have put myself in the worst possible situation. I had left the house HE was staying at to try and figure things out myself (yes, I called apple but I was assured to bring it in/ which I couldn't because how dire it was for me to get out of the situation OF my living environment). Explaining is a hassel and only you people can understand.

I had moved locations and connected my wifi to somewhere MUCH farther . He had set key passwords into my keychain access (which I didn't even know about) with the same name as the wifi at the house HE stays in. Soon I couldn't enter my OWN login account due to being paranoid and very VERY sensitive to my privacy. Basically I was freaking out. Somehow I entered the computer as root and tried deleting the key access password . BUT I needed a different password for that to. Doing some of my own work, like downloading the OS Sierra and UNENCRYPTING my file fault1(realized how BAD AND STRESSFUL THIS WAS AFTER) I reset my Mac by clicking on the OS Sierra update. I also had reset all keychain access and moved the keychain access SCRATCH FILE to my \system. Once loaded , I was COMPLETELY logged out of my Mac with no way to log into even the root user. I tried putting my Mac through a new boot thinking the new update would wipe out all modified files. JUST THE OPPOSITE. I was confronted with a Lock when I would hold COMMAND + R at shut down ..... Later reading this is a FIRMWARE password. The last 6 days have been nothing but passwords, research , and HEADACHE. Also reading there is no simple and current fix to this solution. Great.. 2000$ MacBook and iPhone with no security or let alone ACCESS. I do not have a problem bringing it either just been extremely busy with work and moving in to the new apartment. I've changed my iCloud password ,but would not be surprised if he somehow gets in and delete this forum comment. If anybody has any general knowledge about SOLUTIONS. Please respond ASAP.

This has come to a point I'm using a old neihbors phone almost 100 miles away.

As long as your roommate has physical access to the Mac & knows what he is doing, there is no way to prevent him from hacking it.

So unless you can lock it away securely or take it with you whenever you leave, it won't matter what you do (aside from shooting him & stuff like that).

The first thing you should be doing is contacting the police and making a report. What your roommate has done is illegal and is a crime. IF you can prove it. Have you confronted your roommate over this?

First, it's really not possible to hack a properly-secured Mac over the network. Keep everything in System Preferences -> Sharing turned off, don't install any third-party software that opens your Mac up to remote access (like LogMeIn), properly secure your iCloud account with a strong password that your roommate does not know, etc. Then it won't matter a bit if he's on the same network as you.

The bigger issue, as R C-R as pointed out, is physical access. Someone with unsupervised physical access to your machine can do ANYTHING. If you cannot control that, you will need to add a firmware password to your Mac, start using FleVault to encrypt the entire hard drive and make sure to log out any time you're not using the machine. That will limit what he is able to do pretty significantly.

As for handling the situation now, if he has had u restricted physical access... You have to consider the machine totally compromised. You will need to erase the hard drive and reinstall everything from scratch, and be very cautious about how you restore data. Follow the steps here:

http://www.thesafemac.com/how-to-reinstall-mac-os-x-from-scratch/

Anti-virus software would not help, because there are all manner of ways to set up remote access without using any malicious software at all. Little Snitch won't help for these purposes at all either, nor will Tech Tool.

Finally, if you actually have proof that he hacked you (it's EXTREMELY common for people to misinterpret normal behavior as hacking), it would not be unreasonable to lock him out of your network. Of course, when you're not around, he could always reset the wireless router or unplug it and connect directly via Ethernet... But you don't have to let him use it when you're there. (Make sure he's not paying for that service anymore, to avoid possible legal issues.)

BUT... by reinstalling Mountain Lion & erasing old hard drive does that remove all the old terminal codes he installed?

Yes. The problem comes in making sure everything you add back to it after that is completely free of code that could be used to compromise the Mac again. I'm afraid I don't have any really good ideas about how to do that.

AND... Can he still hack access my Mac via local.net if I have sharing off, remote access off, etc??

No, he can't do that -- assuming he can no longer gain physical access to the Mac & you don't inadvertently add something back to the Mac that could turn either of those things back on.

Your Mac is new enough that it can be greatly locked down, to prevent most access even with physical access to the machine. To do this, first enable a firmware password on the system (see here: http://reviews.cnet.com/8301-13727_7-57542601-263/efi-firmware-protection-locks- down-newer-macs/) and then enable FileVault disk encryption in the system preferences. Also be sure to set up all backups to be encrypted as well, and you should be good to go.

Unlike prior systems where the firmware password could be bypassed by altering the system's hardware, new Macs made in 2010 and later include a new firmware protection routine that cannot be reset in this manner. The only way for someone to do this is to either solder an unlocked firmware password chip onto the motherboard, or have an Apple Store call in an unlock code to Apple's headquarters to reset the password.

This firmware password will prevent the system from being booted to Safe Mode, Single User mode, to any secondary boot discs, or have hardware parameters like the PRAM be reset. These are all boot modes that a hacker can use to reset user passwords and other details in order to get into the system.

With FileVault enabled, you will in addition prevent anyone from taking the hard drive out and being able to access your data from a second computer. This is the final bolt that in effect will lock down your Mac.

Beyond this, just be sure you have screensaver/sleep passwords set so if you leave your system the computer will require authentication for people to continue working.

Hmmm... I smell a "Fight Club" situation here.

You have some very good suggestions here. One that I don't think was mentioned was a clean install. First back up your own data. Then do a clean install install of OS X by booting up cmd-r, erasing the hard drive and using Disk Utility. Then do an interent recovery by choosing Install OS X. After that copy your data from backup back to your Documents folder.

macjack wrote:

One that I don't think was mentioned was a clean install.

That was mentioned in his second post, although not in the detail you provided. Topher's suggestions are also good ones but they are after the fact so, as I see it, the big problem here is how to make sure nothing added back to the Mac could compromise it in some way.

I agree but his first task is to get it all off his Mac. He can then implement the security measures mentioned.

It certainly sounds like he's been up to no good, so I would definitely recommend the clean install, following the directions in the link I gave you to be sure that it is a truly CLEAN reinstall.

As for your phone, that depends on what it is. An Android phone is pretty insecure, though the details on what is possible aren't within the scope of my knowledge. Windows phones and Blackberries are completely outside my experience.

An iPhone is more secure, and if he hasn't had unsupervised physical access to it, it couldn't be hacked. Even if he did have physical access, he probably couldn't have hacked it without your noticing. He would have had to jailbreak it... Search for the Cydia app. If you find it, your phone has been jailbroken.

Your roommate has demonstrated a complete disregard for your privacy, and may have stolen information such as credit card data and social security number. Check your credit reports at all 3 agencies, then freeze it (frozen means you need to unlock it to open more credit yourself).

Then get money from parents if the housing authority does not act within the week. Too much risk to your personal belongings in my opinion.