Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Anyone had their MacBook Air remotely accessed?

Hackers with Comodo RSA Certificates used Apple resources to do WHATEVER they wanted to on my MacBook Air. They even remotely installed Bluetooth DUN when I marked all internet access utilities on my computer inactive to stop harassmen. Apple claimed that was impossible.

MacBook Air, iOS 11.0.3, Hacked

Posted on

Reply
Question marked as Solved
Answer:
Answer:

I know 😉

Posted on

There’s more to the conversation

Read all replies

Dec 13, 2017 6:43 AM in response to Comet.24206 In response to Comet.24206

I think, perhaps, you don't understand what BlueTooth DUN actually is. Bluetooth Dial-Up Networking, a.k.a., Bluetooth DUN, is a means of wirelessly tethering your cell phone to another mobile device like a laptop for Internet access, using your cell phone's data capabilities. It is not something that can be used by someone far away from your computer. And, if it concerns you, just turn off BlueTooth.

Dec 13, 2017 6:43 AM

Reply Helpful

Dec 13, 2017 10:03 AM in response to Comet.24206 In response to Comet.24206

Which has nothing to do with BT DUN.


You are jumping to all sorts of conclusions based on essentially no evidence.


Start a thread explaining what is going wrong with your system. Do not make assumptions about why. People will be happy to help you figure out what the actual problems are. While is is not impossible that your accounts have been compromised, without doing proper troubleshooting, it's wrong to assume that your hardware has been hacked. Starting with an open mind is more likely to get you to a solution than assuming you know the solution and trying to make all the facts fit it.


When you hear hoof beats, think horses, not zebras.

Dec 13, 2017 10:03 AM

Reply Helpful

Dec 13, 2017 12:14 PM in response to Lawrence Finch In response to Lawrence Finch

You don’t have to be a sarcastic *******. Do you seriously get on support discussions to make fun of people? There are better hobbies. Regarding my jumping to conclusion, your ignorance is readily apparent. You haven’t the slightest clue as to what I have witnesse, deductions made, anything. You are obviously undereducated to assert that a Bluetooth DUN network has nothing to do with my whole ordeal. I have spoken with professor, the FBI, and they acknowledge that this type of hacking is beginning to be reported. Please don’t make me read another email sent by you. It’s pathetic.

Dec 13, 2017 12:14 PM

Reply Helpful

Dec 13, 2017 12:39 PM in response to Comet.24206 In response to Comet.24206

Comet.24206 wrote:


You don’t have to be a sarcastic *******. Do you seriously get on support discussions to make fun of people? There are better hobbies. Regarding my jumping to conclusion, your ignorance is readily apparent. You haven’t the slightest clue as to what I have witnesse, deductions made, anything. You are obviously undereducated to assert that a Bluetooth DUN network has nothing to do with my whole ordeal. I have spoken with professor, the FBI, and they acknowledge that this type of hacking is beginning to be reported. Please don’t make me read another email sent by you. It’s pathetic.

I think you meant this as a reply to me. No, I'm not under-educated and yes, I do understand that BT DUN had nothing to do with anything you're describing because I know what it does and what it's for. I have tried to help. However, it is apparent you are not really interested in help. We might find out that you have a boring, run of the mill problem like so many other people. We might find out that you are not actually special enough to have been the victim of a grand conspiracy.

Dec 13, 2017 12:39 PM

Reply Helpful

Dec 13, 2017 2:22 PM in response to Comet.24206 In response to Comet.24206

If you have a particular question beyond a general "can computer security be breached?" — the answer to that being "yes, given enough time and funding, or given knowledge of passwords, and/or given physical access and/or badly down-revision software", some more details on whatever matter you're particularly concerned with would help.


If there's a firewall involved — and as is commonly configured with most any home networks — remote access is further constrained by the firewall. Firewalls and most any device providing IPv4 network address translation (NAT) will block any remote access attempts. Down-revision firewalls and specifically- or insecurely-configured firewalls can allow remote access.


If this is an existing macOS installation that's been previously exposed — passwords have become known, physical hardware access has been available to attackers, social engineering has allowed an attacker to insert a backdoor, malware was previously installed, etc — then the usual path is to wipe the disk and reinstall everything from known-good distributions, and to use only and entirely new passwords on all newly-created users added onto the newly-installed system.


Social engineering is remarkably effective at gaining access to many systems. That's how many folks are breached. Some Word document arrives via mail message attachment and with malicious macros and macros enabled, or some downloaded tool is installed and then run.


Fear and paranoia — that also a form of social engineering — can often serve to increase sales of certain sorts of products and services, and also as a means to unintentionally introduce security problems as some of the add-on packages have had security vulnerabilities, and also as a means to get folks to install actually-malicious software.


I've worked with several that have ended up on the wrong end of remote-support scams, too. Either due to phone calls reporting problems with the computer, or folks that perform searches for answers to problems or concerns that they might have and specifically searches that end up on web sites intended to ensnare those folks into scams. Into calling for help and providing access, and/or downloading and installing a malicious remote-help tool of some sort.


I've also encountered some cases where other local folks happen to gain access or gain unintended access to local computers, and the folks then intentionally or unintentionally install insecure or malicious code, intentionally or unintentionally expose passwords, or otherwise intentionally or unintentionally reconfigure the system to allow their own or unrelated remote access. Some folks will intentionally install keyloggers, spyware or other unauthorized packages or malware. Kids installing sketchy or hacked games or tools, for instance.


Given you're seeing unexpected entries in the browser history and this based on replies posted elsewhere, the access path usually then involves screen sharing and that's less than easy to establish that connection when there's an intervening firewall (unless it's local access from your own local network), or there's been a remote management package or RAT tool installed, or it's somebody with local access to the effected system.


Digital certificates don't typically grant any access into a client device, such as a MacBook Air running macOS. Those certificates secure and authenticate TLS connections into remote servers and typically into web servers, and some specific certificates – those specifically issued by Apple — can control which downloaded add-on apps are considered to be signed and trusted.


Bluetooth propagates tens of meters and variously much less, so any exposure there is localized. DUN is for tethering, typically allowing a device to connect through to the Internet via an Internet-capable cellphone. Credentials and a network path in through any intervening firewall is still required to even reach a MacBook Air running macOS, an then access into the Mac.


As for issues involving harassment, that's best discussed with local law enforcement folks.


If the situation has already been remediated through reinstallation and reloading and you're interested in delving deeper into network security and computer system security and/or cryptography, there are resources available to help further secure systems (and I and others can provide some pointers there), but the most fundamental steps involve good passwords and frequent backups, and some skepticism around what can or should be installed on the local computer.


If you're affiliated with an organization that handles or that has access to financial data or other sorts of sensitive data, you'll want to contact your organization's security folks for their assistance, and applicable suggestions, requirements and policies.


But again, do you have a specific question?

Dec 13, 2017 2:22 PM

Reply Helpful

Dec 13, 2017 4:02 PM in response to MrHoffman In response to MrHoffman

Thank you, sir for your respect. You took the time to help me so I will take the time to elaborate on what happened to me.


One day while working at the Texas State Comptroller’s Office I took a little break and looked up an old gmail account from 2004; thinking perhaps another email account could be beneficial. The account was still activ, roughly 12 years since I had accessed it. I reset the password and logged in for about 1 minute. That’s it.


That evening I was on my MacBook Air at home and small boxes of content started floating across the screen. Some nude photos of me that I didn’t know existe, my supervisor‘s nam, etc.. I didn’t freak out..just changed my Facebook password and went to bed.


Two days later, I was on my computer and some “adult“ gaming software instantly popped up on my screen. Not like X rate, but expensive. I was going through the installed software when I started to receive messages in boxes roughly 2 inches by 2inches. The people sending these highly personal messages were outraged. I recall them asking me what the **** I was doing.


These messages quickly were stating the names of family friends and becoming more disturbing. Then they sent the Facebook symbol. Immediately, I tried to access my Facebook page and my password would not work. I hit “forgot my password“ and the reset emails had been changed. This occurred in early 2016 when one could still talk to a real person at Facebook. I explained the situation and the man said there ....to be continued...gott go

Dec 13, 2017 4:02 PM

Reply Helpful

Dec 13, 2017 4:54 PM in response to Comet.24206 In response to Comet.24206

Contact the folks that are responsible for system and network and data security at the Texas State Comptroller's Office. Preferably before they read the discussion here.


I'd assume that organization and its staff and associates are likely targets for security attacks, security breaches and related. Through social engineering or otherwise.


The system and network security folks can and probably do have security recommendations for their systems and networks. What sort of forensic data collection they might want or need after a breach? What they might recommend and what they require here, and in general? Ask them.


What happened here? Without rather more investigation and without more than can or will happen via the forums, there is no specific answer. It's entirely possible something was loaded onto this system, or your credentials were captured, or otherwise. Wipe, reinstall, change all passwords including on your social networks and mail providers and preferably to longer and more random values, revoke all app and web site access credentials, reinstall from known-good distributions, etc.

Dec 13, 2017 4:54 PM

Reply Helpful
User profile for user: Comet.24206

Question: Anyone had their MacBook Air remotely accessed?