Hacked - Bootable USB, Erased HDD

Discussion in 'MacBook Air' started by immobilus, Aug 11, 2015.

  1. immobilus macrumors member

    Joined:
    May 5, 2012
    #1
    Hello:

    On Friday, I noticed that there were hidden folders in my trash can for my MacBook Air running 10.11 Public Beta 2. The folders were called "recovered folder #," and they were literally hidden, as in present but unable to be seen. I found them accidentally by clicking randomly in the trash can folder.

    I went and found that sharing/remote management/etc had been turned on, my account was restricted to below my home folder. The individual was logged in as root. The MacBook was set up to think its HDD was on a network, and I found someone connected to my MacBook via blue tooth. When I tried to restore the MacBook, by logging out and doing command-R, it ran through the process so quick it couldn't have really done anything. It didn't I logged back into my account as normal, nothing had changed. I tried restarting again in order to secureerase the harddrive, but that process was cancelled by the intruder. I spent about 4 hours in single user mode trying to defend off my hard drive before the intruder turned my Bluetooth off, as in disconfigured it. I don't recall the command he used but I remember the word "man" in it.

    My computer, since it thought the HDD was on a network connected by Bluetooth, then couldn't find its drive. I went into recovery to disk utility and found that he had restored every one of my time machine save points. I tried putting a firmware password on, and when I restarted again, he had changed it again. He was kicking me out of my own computer.

    I was able to do one thing to protect my information: format the entire HDD, including boot sequences. Now I have a computer that goes to a blinking folder when I try to let it boot. If I choose command-R or option-command-R, it takes me to a firmware password thjat I don't know. I have a boot USB I made on my windows pc, but I cant boot from it because I don't know the firmware password he put on it to prevent it from entering recovery made.
     
  2. keysofanxiety macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #2
    Wait, is this your own Mac? Did you purchase it new or buy it second hand?
     
  3. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #3
    Try this first:
    1) Reboot holding down Command + R to enter recovery mode.
    2) Utilities > Firmware Password Utility > Set to Off

    If that fails set up an appointment with Apple Genius for reset.
     
  4. immobilus thread starter macrumors member

    Joined:
    May 5, 2012
    #4
    I'm the original owner. Command + R works, but it's hidden behind a firmware passcode. I can't get to the recovery screen without the passcode. Someone made a mention that removing and replacing RAM modules can fix it. Is this a difficult process, or is the RAM soldered to the chip?
     
  5. tdhurst macrumors 68040

    tdhurst

    Joined:
    Dec 27, 2003
    Location:
    Phoenix, AZ
    #5
    Wait, if someone is connected to your Mac via BT they can't be more than 20-50 feet away.
     
  6. zone23 macrumors 68000

    Joined:
    May 10, 2012
    #6
    Well I guess you showed that hacker who was boss - formatted I WIN!!
     
  7. LOLobo macrumors member

    Joined:
    Nov 20, 2014
    #7
    "Dad!!!"
     
  8. tdhurst macrumors 68040

    tdhurst

    Joined:
    Dec 27, 2003
    Location:
    Phoenix, AZ
    #8
    The call is coming from inside the house!
     
  9. immobilus thread starter macrumors member

    Joined:
    May 5, 2012
  10. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #10
    See this.

    If your Mac is pre-2011 you can remove a RAM chip to reset that firmware password. Otherwise, there is no getting around it on your own. You will need to take the machine to an Apple Store along with proof of ownership and they can reset that firmware password for you.

    Once that is done you can boot to recovery and erase the disk then reinstall if you like.
     
  11. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #11
    It is my understanding that ALL MacBook Airs have soldered ram, which is why I didn't offer that solution. Go with #2 and good luck.
     
  12. tdhurst macrumors 68040

    tdhurst

    Joined:
    Dec 27, 2003
    Location:
    Phoenix, AZ
    #12
    That's one strong Bluetooth connection. I can barely get my MBP to reliably stream to a speaker through one internal wall.
     
  13. motrek macrumors 68020

    Joined:
    Sep 14, 2012
    #13
    Would it have been too much to ask for you to change location in order to sort out the problem?
     

Share This Page