hacking issue - help needed gathering evidence for the police

Discussion in 'macOS' started by astridm, Sep 12, 2012.

  1. astridm macrumors newbie

    Sep 12, 2012
    I'm new here and, as will become evident, have almost zero technical expertise.

    Ten days ago I started experiencing a number of mysterious 'glitches' that I initially put down to user ineptitude. However, five long calls later to Apple Support each adviser suggested that my computer system might be being hacked. The matter is now under investigation by the police, who are taking it seriously as I am due to appear as a witness in a court case that is likely to attract a lot of public interest. However, the police's computer forensics team has a massive backlog and I am therefore having to try and put together as clear a log as possible of strange activity. I have been advised by the police not to implement any new online security measures for the time being so that as clear a pattern of the potential hacker's behaviour can be established. I would find Ancient Greek more intelligible than computer code but am trying to apply common sense by establishing which of the following behaviours are suspicious and which could indicate a problem other than hacking, or indeed no problem at all. Any views would be most welcome:

    1. (The issue I first thought was a glitch). On sending a long text-only email with a 'sensitive' heading, it appeared in my Outbox for nearly a minute and then disappeared as if sent. The 'swooshing' sound I get when sending mails did not occur. I went into my sent mails as I needed to forward the mail and it was no-where to be found on my system. It was delivered to the recipient however. I then tried to replicate this problem and on the day in question my Outbox stayed permanently visible, messages with innocuous headings/content lingered for a few seconds and were then sent normally, but two 'sensitive' test mails to different recipients stayed in the Outbox for about 30 seconds, were delivered but disappeared from my computer and from iCloud.

    2. The Outbox stayed open all that day even when no mails were being sent. At 11pm i watched it disappear whilst there was no activity whatever on the computer.

    3. Prompted by Apple to check, we discovered that the firewall had been turned off on all three of our computers (imac, macbook air and macbook). Each machine had been installed/set up by Apple at different times by different technicians. We double-checked with the store who confirmed that staff would activate the firewall as a matter of course unless the customer requested otherwise. We immediately activated the firewalls and from that point odder things began occurring.

    4. I work primarily from my macbook air and the following issues have all occurred on that:
    - About three times a day the sound you hear when taking a photo or a screenshot occurs even if only the log-in page is on screen. I can find no screenshot or photo.
    - Icons for Circus Ponies Notebook and for Dropbox (both of which I use extensively and contain sensitive material that I have password-protected) have been replaced by large grey question marks. When I hover over these the application names appear and I can still access the applications and the documents in them via Finder.
    - Some website pages I have visited have wobbled so much I could not read the content. Fortunately friends have witnessed this and we have noted the details in the log.
    - An innocuous email from Amazon containing information that tallied with my order history was difficult to read as it had fragments of a webpage I had just visited superimposed over it.
    - Some sent emails are appearing with blue 'unread' dots in my sent folder. The recipients have opened them and do not see the dot on their screen. All these emails relate to mundane matters involving the court case in which I am involved.
    - Spam mails in an old NTLworld account that many of my business contacts mail me on and I haven't got round to changing are dropping rather than accumulating in number daily. In a way this is a nice problem to have as it means I'm not having to empty the whole thing periodically. Virgin Media and Apple have confirmed that no new feature has been introduced to 'cull' spam and the number of spam mails (from a multiplicity of accounts) received is not dropping - just the total number sitting in the Spam box.
    - My viewing history on Safari is being amended or wiped every day, but there has been no adjustment to settings.

    We have been experiencing peculiar behaviour on our iPhones too over the same time period and I will post up about that in the appropriate forum.

    I am taking screenshots of all 'odd' computer occurrences and saving them straight to a data stick. On Apple's advice I am also saving the code log daily and keeping a copy on data stick.

    On having a quick scan through the code log, the last senior technical advisor I spoke with at Apple said some WindowServer entries looked very suspicious. I have Windows for MAC installed and on bumbling around on the web looking for more information about WindowServer I couldn't find anything sinister.

    If there is nothing to really suggest our system is being hacked into that would be great and I could go ahead and change passwords etc. At present while this question mark hangs over it I cannot safely operate my business as I would not be covered by my professional indemnity insurance should clients' details be divulged when I was aware of the security threat. It is also unnerving, particularly to my teenage daughter who is on edge enough about the court case as it is. I don't find hacking fascinating, quite the contrary, and the thought we were being hacked into hadn't even entered my mind until my first call to Apple support. I would value immensely anyone's thoughts about what may or may not be going on and how I might best capture information for the police.

    Thank you.
  2. GGJstudios macrumors Westmere


    May 16, 2008
    Short answer: Your computer wasn't hacked.

    Longer answer: I'll start by saying this: in over 4 years of reading posts where people claimed their computer was hacked, not a single one ever was. The chances of an average user having their Mac hacked is, while not impossible, ridiculously remote. There are far more likely explanations for your issues.

    • Email accounts frequently are compromised due to weak passwords. This can and most frequently does occur without requiring access to your computer.
    • The firewall in Mac OS X is turned off by default. You have to enable it. Enabling/disabling the firewall requires entry of the admin password, which no hacker can do, unless you've given out that password.
    • Issues with email are frequently caused by email settings, passwords or issues with the email server.
    • Glitches with graphics on websites are frequently resolved by clearing the cache and cookies and refreshing the page.
    • Issues with redirection to websites is frequently a DNS issue.
    • Frequently strange sounds have turned out to be associated with an app that the user forgot they had installed, or didn't realize the app made such sounds.
  3. NameTheUser macrumors newbie

    Aug 31, 2010
    Europe, Estonia
    Scan your computer with an Anti-Virus software. It might help. Google ''ClamXav'''


    These ''question marks'' appear, because You haven't installed programs correctly. (You probably opened them directly from the disk image and did not drag them to Applications folder and later ejected the disk image)
  4. GGJstudios macrumors Westmere


    May 16, 2008
    The OP's symptoms are not indicative of any Mac OS X malware that exists in the wild. While it won't hurt to do so, scanning is a waste of time.
  5. astridm thread starter macrumors newbie

    Sep 12, 2012
    Thank you all for your reassurance.

    I can't rule out the password having been accessed, although this is unlikely.

    I have had Notebook and Dropbox installed for over a year with no problems whatsoever.

    However, overall, it does sound as if there are innocent explanations for all these occurrences, which is excellent news. I'm confused why the Apple Support team has been more suspicious - is this likely to be because of the multiplicity of problems occurring suddenly and simultaneously? And indeed does that suggest that I have a different problem either with my computer of our networked system that I need to address?
  6. GGJstudios macrumors Westmere


    May 16, 2008
    I would troubleshoot each issue individually, as there is no one thing that would point to all those unrelated issues that comes to mind. No Mac OS X malware that exists in the wild produces all the issues you described, and hacking your computer is too remote a possibility to waste time considering.

    If someone hacks an email address, they could gain access to any accounts you set up using that email address. Also, if you've given anyone physical access to your computer, all bets are off.

Share This Page