Mac computer hacked or not?

[joojooyoufather]

Hi there,

For the past couple of years I've had an online stalker. This person, when I had a pc, hacked into my computer and basically changed all the passwords, added comments to bookmarks, changed pictures on my desktop etc.

This person was also listening to conversations on my telephone and mobile phone. They know all my details I assume like address, dob, bank passwords etc.

So I decided to get a Mac. I am very happy with it but recently I have noticed my passwords on my googlemail accounts being changed, MY PAYPAL ACCOUNT PASSWORD WAS CHANGED. So now I am wondering -

(a) How could they know my passwords when they were very complicated and long. (I have read it is easy to find a password they just run the username through a software program)
(b) How could they hack a paypal account when I thought that was very secure
(c) Does this mean i have a KEYLOGGER like before, on my mac and if so HOW DO I WORK OUT IT IS THERE (on my pc before, you could see on my virus program 'packets' being sent back and forth from the computer) AND IF IT IS THERE, HOW DO I GET RID OF IT. I don't know how to interpret my virus checker logs.

I have read that macs are virus immune and but this is a complete myth if you investigate. Please don't tell me this is not happening. And no, I haven't given the passwords to anyone.

 

[Tallest Skil]

This person was also listening to conversations on my telephone and mobile phone. They know all my details I assume like address, dob, bank passwords etc.

Unless they work for the government, this is illegal, and you should have gone to the police about it.

I have read that macs are virus immune and that this is a complete myth if you investigate. Please don't tell me this is not happening.

Your accounts are being hacked, not your Mac. There are keyloggers, but I am under the impression that you must have physical access to the computer to install them.

Last edited by joojooyoufather : Today at 09:01 AM. Reason: no reason

What is this nonsense?

 

[arkitect]

For the past couple of years I've had an online stalker. This person, when I had a pc,

Do you know who this person is?
Then report him/her to the police.

Not your parents is it?

 

[kolax]

If they are able to listen into your mobile phone conversations, and know where you live then I'd be a bit more worried.

Get in touch with the Police (though you won't be able to call them, because your stalker will find out right? ).

 

[Lordedmond]

Is The Date the real reason 1 April

 

[joojooyoufather]

Hi guys,
ha, ha! Well, no it isn't my parents. I am an adult. I have been to the police previously and they said unless a direct threat had been made e.g in an email etc. etc. then they would investigate. There has been nothing like that, these people are clever, they are not just some dum kids messing around. They make sure they are not found out in anyway. They have also created fake web pages. I won't explain because you will think I am imagining it.

What can I do? You say that to get a keylogger onto the mac they would physically have to place it onto the computer - are you certain? As I said before is there anyway in the logs I can tell if they are messing with my computer. Thanks for your help anyway.

here is something in the logs noticed just now:
01/04/2009 14:14:14 kernel
AppleYukon2:00000000,000000001 sk98osx sky2 - - sk98osx-sky2::replace0rCopyPacket tried N times
Don't recognise any of the above.

 

[MisterMe]

... You say that to get a keylogger onto the mac they would physically have to place it onto the computer - are you certain? ...

The first step in getting a keylogger on your Mac is to write the keylogger for the Mac. This has yet to be done. If it had, then the security vendors would have been all over the media proclaiming it. The Windows fanboys including those who are members here would be jumping up and down with glee.

It is interesting that all of the information that you think has been compromised is necessarily available outside your computer. Answer these:

• After switching to the Mac, did you change your passwords of the suspect commercial accounts?
• Is your Mac available to others?
• Is your computer set to automatically login to your account?
• Do you leave your computer unattended while logged into your account?
• Do you access your suspect commercial accounts from computers other than your own?

Security breaches are not magic. If there is not a logical explanation for your breaches, then the only protection is aluminum foil on your head.

 

[joojooyoufather]

Hi there,

After switching to the Mac, did you change your passwords of the suspect commercial accounts?
Is your Mac available to others?
Is your computer set to automatically login to your account?
Do you leave your computer unattended while logged into your account?
Do you access your suspect commercial accounts from computers other than your own?

After switching to the Mac I shut down all email accounts and set up new ones. Unfortunately, they discovered what these email accounts were because I had either had to say them on the phone to some vendor or I had foolishly written it in a post where that forum's email address, I had said many times on the phone (since that was an address specifically assigned for non personal email).

Yes, my computer is automatically set to login into my computer. If I change this will that make a difference. They also know what version osx I've got, what model router etc, my broadband account dialup username.

My computer I hardly ever leave unattended and I never access my accounts from other's computers.

 

[Guiyon]

here is something in the logs noticed just now:
01/04/2009 14:14:14 kernel
AppleYukon2:00000000,000000001 sk98osx sky2 - - sk98osx-sky2::replace0rCopyPacket tried N times
Don't recognise any of the above.

Are you on a Hackintosh or using Transmission? The only time I've seen that error is with a modded AppleYukon2.kext extension or, in some cases, with Transmission 1.3x+

 

[joojooyoufather]

Hi Guiyon,
No, I 'm not on a Hackintosh or using transmission. I'm on an imac. Does this mean something strange is going on then? I mean, what should I be looking for in the logs? You are making me worried.

 

[Guiyon]

Seeing how today is April 1st, you just signed up today and the premise of this thread is questionable, I'm a bit hesitant in replying but here I go.

IIRC, that function is just a helper function used to move available packets around in the TCP stack. A error in that function isn't a sign of anything malicious.

As for what you should be looking for, not much. IF there is a keylogger/trojan/etc (a pretty big If) and the programmer did their job correctly, nothing will be printed to the logs to betray it's presence. If you are truly that paranoid, install a program such as Little Snich and watch what tries to connect to a remote server.

As for the actual issue at hand, define "long and complicated" for you passwords. Even a long password consisting of several different words (keyword is words here), using only alphabetical characters is inherently insecure (it's vulnerable to a dictionary attack). Also, if you use the same password/email pair in many places all it would take is a single breach to immediately allow a third-party to gain access to everything. They don't need to know you had PayPal account and could just try a collection of known popular sites, or google the email for anywhere that you posted an un-obfuscated version of it.

IF there is a stalker with your information AND they did access your accounts with said information then get the police involved; there are laws regarding unauthorized access of computer systems, fraud, wiretapping and a whole host of other activities.

Edit: If your computer has been compromised, there is only one solution for it to ever be considered a trusted system again: Grab your restore disks, do a reformat with the "Zero all data" option and install a fresh system.

 

[joojooyoufather]

April Fool's - yep that's their kind of humour.

Well, these people have managed to fool me for a very long time but I am not going to get upset about it. No I am not a troll.

The passwords I created contain numbers, characters, uppercase and very long too. Well, thank you for the download I will look into that and post back on here. SO, I may have some sort of virus, keylogger after all. Macs then are not totally secure.

Hi, just downloaded Snitch, Guiyon, should I leave the default settings? There seems to be no instructions for how to use this and no list of logs available. How do you tell if there is like you say, someone who 'tries to connect to a remote server'.

I am getting Connection history for the mDNSResponder: 224.0.0.251 then the name of my computer.local ff9=02::fb

WHAT SHOULD I DO - REINSTALL MAC OSX?

 

[angelwatt]

SO, I may have some sort of virus, keylogger after all. Macs then are not totally secure.

There are no viruses on Mac and as people have said, it's very unlikely this issue is from a key logger. From what you've described all the issues are more related to your internet usage than your computer.

 

[Guiyon]

I am getting Connection history for the mDNSResponder: 224.0.0.251 then the name of my computer.local ff9=02::fb

Perfectly normal there, mDNSResponder is just a local service for any Bonjour-enabled services/devices; it doesn't go beyond your local LAN.

The main problem you're going to run into is if you are not experienced enough to know what is normal, everything that looks off (like the above) is going to appear abnormal and I HIGHLY doubt there is anything on your system. As for the PayPal issue, you may want to look into ordering their keyfob.

If you are absolutely convinced that your system is compromised and want to be 110% certain that the system is clean there is only one bulletproof solution: Grab your restore disks, reformat the HD using the "Zero all data" option, reinstall Mac OS X and do not copy any of your old files over, AKA nuke & pave.

 

[angelwatt]

I am getting Connection history for the mDNSResponder: 224.0.0.251 then the name of my computer.local ff9=02::fb

WHAT SHOULD I DO - REINSTALL MAC OSX?

That's a non-issue. See here if you want details.

 

[joojooyoufather]

Hi Guijon,

You are my knight in shining armour! So, if I do as you say, does that mean I can't keep pictures etc. on say, my external hard drive? Thank goodness, it sounds like I am talking to the right person.

 

[Peace]

Out of curiosity how do you know they have been listening to your telephone conversations ? Or are you just speculating ?

 

[sn00pie]

I would change your internet service provider, reformat the Mac, and buy a new router.

Sounds like thats the only way you can allude the people doing this to you.

 

[joojooyoufather]

Hi,
Well, I am watching intently the Snitch log window and there doesn't seem to be anything untoward happening at the moment.

I can't change my service provider, I'm under contract, I think the router is ok - It's got passwords within it for WPA etc. encryption. I don't know if I am going to wipe the Mac as yet since I don't see anything unusual. Why I came on here asking for help was because I wanted to know more about the potentials of the problem (if there was one). There doesn't appear to be anything wrong at the moment. Of course I will post back on here as soon as there is!

I know they are listening in on my phone because, well, it's a long story but they were calling all the time and hanging up and then I would put the receiver down and hear at night a short strange computer type sound coming from the other room. I regularly turned off every single appliance I had. It wasn't until I unplugged my phone from the socket that it actually stopped. Then curiously, about a week ago, I was talking to someone on the phone and guess what I heard? My own voice being echoed back and that strange sound I kept hearing a while back at night at intervals. It's easy peasy to listen in on a landline or a mobile for that matter. Also sometimes my phone conversations get totally cut off sometimes 3 x in a phonecall but that hasn't happened for a while. Just strange things. There are probably other things, I just can't remember. If I say 'I think someone is stalking me' then passwords start being changed again on my email, paypal acccounts. Stuff like that. I don't talk to people on the phone about it.

 

[glasserp]

guess what I heard? My own voice being echoed back

This happens to me regularly when talking to people on landlines. i don't think that's something to worry about.

It's easy peasy to listen in on a landline or a mobile for that matter.

I don't think it's as easy as you think...

 

[Eraserhead]

Unfortunately Macs are actually less secure to hacking than Windows these days. They only have a lower risk as there are less of them.

 

[Guiyon]

Unfortunately Macs are actually less secure to hacking than Windows these days. They only have a lower risk as there are less of them.

How so? If you are referring to the trojans that have been out in the wild recently, that's a PEBKAC issue; not a sign of being less secure. No matter how advanced your OS you can't protect the users against themselves.

If you are referring to the Pwn2Own contest, that "10 seconds to crack" heading is a red herring; the bug was discovered last year but kept hidden by the developer until this year's contest so of course one would expect that it would be over quickly.

 

[ElectricSheep]

How so? If you are referring to the trojans that have been out in the wild recently, that's a PEBKAC issue; not a sign of being less secure. No matter how advanced your OS you can't protect the users against themselves.

If you are referring to the Pwn2Own contest, that "10 seconds to crack" heading is a red herring; the bug was discovered last year but kept hidden by the developer until this year's contest so of course one would expect that it would be over quickly.

He may be referring to the rather weak ASLR implementation in Leopard, something which has been known since the first release of Mac OS X 10.5. There is also the incomplete utilization of the NX-bit (only stack segments get it).

It would also be nice if 10.5 made better use of its code signing and sandboxing features -- both of which in their current form do little in terms of protecting against malicious software.

 

[sn00pie]

It's starting to sound more that your paranoid, then actually being stalked. Most of the things you've said could really go either way. Echos on the phone, yes could be someone listening in, but at the same time it could be just the phone, which is something that happens quite often on landlines.

 

[Consultant]

Macs cannot be "hacked" without user going to malicious sites or installing trojans.

Unfortunately Macs are actually less secure to hacking than Windows these days. They only have a lower risk as there are less of them.

WRONG. Pure speculation. Why don't you list your source?