rswc90
Level 1 (10 points)
Desktops

Q: iMac (Mavericks) hacked by remote user

A couple of weeks ago I noticed my camera on - as I approached the computer it shut off. I thought that maybe a family member started to facetime me and change their mind (there was no ringing) That happened 2 times. I forgot to ask anyone about it.

 

A week later, my PayPal account was broken into, as was my bank account connected to PayPal. They took more than $2000.00. PayPal has not yet explained how this happened.

 

3 days ago, early on Sunday morning, I saw my computer screen lit up and all these windows opening and closing. At first I was unsure that I was actually seeing what was happening. Then I bumped the mouse and the windows started to close...fast. It finally hit me that someone was "there." I turned off the wifi (no cable connected) - then I went to the trash to see what was there -- nothing. So I opened up the browser history and saw all my bank accounts listed. I checked my e-mail and saw all these alerts from my banks stating that someone had incorrectly answered the security questions -- in 4 banks. the DID get into an old credit card account online. I communicated with all my banks. I also have emailed DYN.com as I use(d) their services for years -- as a paid subscriber, I thought they would respond to me -- I was wondering if that is how the remote access occurred. I have heard nothing from them either...

 

I looked in settings and there was an added user "Mrs Tester" was added as an admin. I deleted the account, unchecked remote login and screen share. I also changed my home network code and base station code.  I NEED remote login for my work.  I called Apple security and the guy told me that I had already done everything they would tell me to do. I have the hackers history. (bitcoins were the accounts he was going back to after each attempt at a bank) -- Of course I have changed all my pass codes and made them all unique -- do I call the police? How can I tell if my computer is safe again.

 

 

So there's my question...how do I scan to see if there's anything on  my system logging my key strokes etc. I installed "eset" trial user, as was recommended by the local computer store.   Any other thoughts? With all the password changes, is there a way I can get back online and use remote login?

 

I have to say, I feel like a naked man has been staring at me from outside my window... YUCK.

 

Thanks for your help...

Posted on Jun 4, 2014 4:22 PM

Close
rswc90

Q: iMac (Mavericks) hacked by remote user

  • All replies
  • Helpful answers

first Previous Page 3 of 3

  • by thomas_r.,

    thomas_r. thomas_r. Jun 30, 2014 7:41 AM in response to rswc90
    Level 7 (30,934 points)
    Mac OS X
    Jun 30, 2014 7:41 AM in response to rswc90

    Then you will need to call them. I don't know how their e-mail support works, but phone support is often more reliable at large companies like Adobe.

  • by Loner T,

    Loner T Loner T Jun 30, 2014 8:08 AM in response to rswc90
    Level 7 (24,601 points)
    Safari
    Jun 30, 2014 8:08 AM in response to rswc90

    Did you try this method? http://helpx.adobe.com/x-productkb/global/find-serial-number.html

  • by rswc90,

    rswc90 rswc90 Jun 30, 2014 8:28 AM in response to Loner T
    Level 1 (10 points)
    Desktops
    Jun 30, 2014 8:28 AM in response to Loner T

    I have the serial number. I actually spoke with Adobe. They say "too bad you have a mac. we can send you a link for windows - but the mac link has expired...but you can always buy our newest products. Or maybe find someone else who can give you a copy of your old version."  So there it is -- Computer **** DOES exist ;-(  all these fine programs will need to be bought again. Kind of unfair because I have the proof that I bought them once. They wouldn't even give me a discount to upgrade! B R E A T H E...

  • by notcloudy,

    notcloudy notcloudy Jun 30, 2014 8:54 AM in response to rswc90
    Level 4 (1,200 points)
    Desktops
    Jun 30, 2014 8:54 AM in response to rswc90

    Don't know if it affected Macs - but in 2013  Adobe Reader had a problem with it executing code when you opened a PDF file - Adobe fixed the bug - mentioned in an upgrade on their website - few months later they were  hacked and the hackers took some source code along with credit card numbers.

     

    So - do not download any free Adobe software from other than the Adobe site as messages saying you should update may take you to a bogus site.

     

    Recommendation at the time was to also use a different reader just in case.  (I just use Preview)

     

    Your problem with downloaded software is another reason why we should be able to purchase it on media.

     

    If you have time machine - depending on how far back it goes - you may be able to restore the download file and reinstall from that.

     

    Guess with download big recommendation - don't delete the install file - back it up to DVD.

     

    -- This is why I do not bank on line --- the underpinnings of the internet were developed in the 1980's/1990's before the bad people started misbehaving haven't changed to be more secure - add the government is not doing anything against identity theft.

     

    Also, when not you use you may want to consider shutting down completely.

  • by Kingoftypos,

    Kingoftypos Kingoftypos Jun 30, 2014 9:06 AM in response to notcloudy
    Level 3 (757 points)
    Jun 30, 2014 9:06 AM in response to notcloudy

    notcloudy wrote:

    If you have time machine - depending on how far back it goes - you may be able to restore the download file and reinstall from that.

     

    Also, when not you use you may want to consider shutting down completely.

     

    I agree, just open Time Machine and looks for the Adobe 8 installer .DMG. Drag just that over to your Mac and re-install it that way. Same with your other programs. Typically you'll find the installers in the "Download" folder, unless you moved when you were done installing the apps back then.

     

    You maybe tempted to put the Mac to Sleep, but be cautious as the Mac can still be woke up by network activity. So to be on the safe side, take notcloudy's advice and shut it down completely.

     

    KOT

  • by notcloudy,

    notcloudy notcloudy Jul 1, 2014 8:51 AM in response to Kingoftypos
    Level 4 (1,200 points)
    Desktops
    Jul 1, 2014 8:51 AM in response to Kingoftypos

    Could it be possible that this person has a version of Go To Assist(lets someone take over your computer)  somewhere on the system - while trying to remember the name of the software I searched Wikipedia - and someone had put in their Talk page that there is/was apparently a bogus site masquerading as same.

     

    Also there is small contract version of Go to Assist - that would account for someone perusing the system.

  • by MrHoffman,

    MrHoffman MrHoffman Jul 1, 2014 9:15 AM in response to notcloudy
    Level 6 (15,637 points)
    Mac OS X
    Jul 1, 2014 9:15 AM in response to notcloudy

    notcloudy wrote:

     

    Could it be possible that this person has a version of Go To Assist(lets someone take over your computer)  somewhere on the system - while trying to remember the name of the software I searched Wikipedia - and someone had put in their Talk page that there is/was apparently a bogus site masquerading as same.

     

    Also there is small contract version of Go to Assist - that would account for someone perusing the system.


    There are various tools that allow remote access, but the issue that arises here is the same.  OS X and the installed applications could have been modified by the remote accessor (such as changes that can allow the remote user access back in, even if the passwords are changed), which means that the OS X files and the applications here are all suspect, as is the security of the existing passwords, credit card data, and digital certificates. 

     

    If the remote system access that's apparently occurred here wasn't authorized, then there's been a full-on security breach here — and this whether these remote-access tools were either newly-found on or had their existing remote access credentials breached wouldn't change my recommendations to change all the passwords and reissue certificates, after nuking and paving the existing installation.

     

    If this was something installed by the system owner — assuming that the system owner is not the original poster in this thread — then there are still issues with security and privacy here, and this whole situation would then be best discussed with the system owner; with whoever installed the remote access tools, and with whoever has been using those tools.

first Previous Page 3 of 3