Help catching a hacker

Question

Level 1

8 points

Help catching a hacker

About 8 months ago I was hacked. My imac turned itself on from being powered down and I witnessed someone else controlling my screen. I pulled the plug out and took it in and did a clean install. I have read all the mac security articles and have used the protective settings. Since then I have been paranoid about security. I am not worried about viruses, cookies or malware from the general public. I am worried that a specific person is hacking my computer. What can I do to 1) be certain if someone is getting access, key logging or spying 2) if there is how can I catch them? If the person really knows what they are doing I am of the understanding that anti spyware software will not detect them and they can hide what they are doing.

I am running mountain lion. Use complex passwords. Use littlesnitch (although do not have the knowledge as to what all the connections are). No one has physical access to the imac but me. I also have an iphone 5 and ipad mini. I do not use Bluetooth and it is disabled. The imac connects over Ethernet and I disabled the wifi for it as I do not need it. Remote sharing is turned off. I use FileVault. Have a firmware password. And generally run as a standard user.

Despite taking all the precautions I am starting to notice suspicious things again and I simply want some peace of mind.

Some of the suspicious things are:

In console it shows screenshots being taken when I did not take then

I periodically review all my setting and the odd change occurs when I did not change them

In my Bluetooth plist file my neighbours laptop name shows up.

I get consistent advertising from sites that I have never visited and in no way would I have be profiled to get those ads

There are many things in console logs that I find suspicious. However this could simply be paranoia and lack of understanding

Please help.

Thanks

iMac, OS X Mountain Lion (10.8.5)

Posted on Nov 23, 2013 4:48 AM

Reply

Answer 1

SRS18 Author

Level 1

8 points

Dec 1, 2013 3:34 AM in response to Linc Davis

Thanks for the advice. I have reviewed some of your older posts. Specifically the one titled I believe that I have a keylogger or some sort of spyware installed on my mac, please help!. I ran the terminal commands and found nothing suspicious. I do run parrallels with Windows 8. Do you know how I can do a similar check on the PC side. I do realize that this is a mac support site. Thought I would ask anyway.

Reply

Answer 2

LowLuster

Level 6

12,105 points

Nov 23, 2013 4:55 AM in response to SRS18

First thing to do is Reset your Internet Router. No one can get to your computer unless something is installed on your computer to allow it, by logging into (Accessing) a website, or your Router is setup to allow access to that computer and there is something installed on your computer that makes changes to allow it.

Wiping the drive and doing a clean install is a start but you should also check the router for any Port Forwarding settings and delete them (unless you set them up for a specific reason) or just Reset the router back to Factry defaults and re-enter your settings.

Reply

Answer 3

thomas_r.

Level 7

32,031 points

Nov 23, 2013 12:18 PM in response to SRS18

First, note that if the computer was actually fully powered down (not just sleeping), it is impossible for a hacker to remotely turn it on, unless that hacker has somehow modified the physical hardware of your computer.

It is possible to set your computer to start up on a schedule. Unfortunately, since you wiped the hard drive, we have no way to check to see if that was done. An alternative explanation would be a hardware issue, which could also fit with the "remote control" issues. Although remote control is certainly not impossible, it's unlikely in most cases. On the other hand, I've seen many, many cases where people were convinced they were being remotely controlled and it turned out to be something much less interesting, like static electricity buildup, a swelling battery or some malfunctioning software.

For more info on the remote control thing, see:

My mouse keeps moving around on its own, as if someone is remotely controlling my Mac!

As for keeping your Mac safe, it sounds like you're already doing everything right. Your Mac, as you describe it, should not be at all susceptible to remote hacking.

The one mistake you're making is delving into the Console for clues. That is a black hole from which those having paranoid thoughts seldom escape. There's a lot of weird stuff logged in there that is perfectly normal, but that looks scary to those who don't have a real understanding of what they're looking at. Unless you're a Unix guru, you'd be wise to stay away from the Console.

As for the weird things you're seeing, the screenshot thing is something that is done internally when your machine goes to sleep. Settings have been known to get changed mysteriously for some people following system updates. No idea why, but normal. The Bluetooth thing probably represents a log of computers found nearby at some point when you had Bluetooth turned on.

As for advertising, where are you seeing that? In e-mail? If so, I get all kinds of ridiculous spam all the time that has nothing at all to do with my interests. That's normal. Keep in mind, if you're wondering how they got your address, that the Windows computers or e-mail accounts of anyone you have ever exchanged e-mail with could easily be infected/hacked, and then all the e-mail addresses could be harvested to be sold to spammers. Basically, once you have shared your address with people, it's only a matter of time before it starts getting spammed.

Reply

Answer 4

Linc Davis

Level 10

209,739 points

Nov 23, 2013 8:15 PM in response to SRS18

I've probably seen a few thousand reports similar to yours on this site. In only one case that I can recall did it turn out that there was a genuine intrusion, and that was via a hacked Hamachi account.

Reply