Q: Hacking ... Any help or suggestions
hi
hi I have been going through a nightmare experience with my ex husband and he has been hacking my computer for 1 1/2 years. I have all the ip addresses from the comcast legal department and tried to take him to court but because the ips were not authenticated and he had hacked back into my computer and deleted vital evidence ( his attorney delayed the hearing to obtain "information" for the case). I have gone to the DA and Tennessee does not understand thier laws on computer hacking. Apple , and local mac stores have told me to sell all of my apple products and I have except my MacBook air because I cannot afford to replace the computer at this time. The secret service wants me to fax all of my evidence but we are talking about about a Terabyte of proof. I have become pretty familiar with terminal commands and the console and I have completely wiped my computer over 7 times( as if it was new) without adding anything back. Even when I wipe the software and make myself the admin with root user privileges he still has the " super" root control. When I try to use certain commands that require a root password i am not allowed to log in and the password appears to be 1 character. I also do not have access to certain folders even when I add my privileges and make myself the owner of the folder
I am trying to figure out what I can send to the secret service to start the investigation besides the ip addresses. I still do not know how he is still able to access computer after clean installs and changing Internet providers. I now only use it when I absolutely have to because of certain limitations of my iPad . MacAuthority offered to purchase the computer but I dont want to loose any evidence even though I have all the backups on a external hard drive. Has anyone had to go through something like this? Any help and suggestions would be great. The authorities are making prosecution extremely hard and I cannot afford a attorney
Any any suggestions or advice would be appreciated
MacBook Air, OS X Yosemite (10.10.4)
Posted on Aug 15, 2015 7:23 PM
Send them your system logs, and keep a full image of your hdd in case it's needed. However, if your attacker is any good, there probably won't be any evidence left on your machine.
If the attack happened over the internet, also ask your ISP to provide network logs.
Then in order to make sure it doesn't happens again:
1. Wipe your hdd completely so you can be sure there is nothing left from the intrusion. By completely I mean something like dd if=/dev/zero of=/dev/diskX, not just formatting your OS X partition. Or if you don't want to wait for a full zeroing out, at the very least delete all partitions (including the hidden ones like the esp and the recovery partition). Then reinstall OS X. Note that since you wiped the recovery partition, you will have to use either an install disk or internet recovery.
2. Use a strong password that no one can guess, don't tell it to anyone, and don't reuse it for anything else (especially if you use bootcamp, don't use the same password in windows and OS X). Most of the times when you get hacked into, the attacker either knew a password, guessed it successfully, or obtained it via social engineering.
3. Use filevault and/or make sure no one can access the computer physically. It is very easy to hack into an unencrypted computer you have physical access to. Try it now: just press cmd-S on boot and you have a root shell. Note however that filevault can't prevent all attacks, it just make them harder and more importantly protects your data - as long as you do not enter your password after your computer has been compromised.
4. Be careful about what you run. Never run an application coming from an untrusted source, especially if it's not signed. More importantly, never run anything you don't fully trust as root.
Posted on Aug 16, 2015 2:10 AM



