Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac might be compromised. How to proceed.

S

scjfly

macrumors newbie
Original poster
Oct 20, 2010
7
0
To make a long story short, I had a significant online financial account hacked and the funds stolen. In my estimation there are three areas in which the hacker could have stolen my info. My mac, iphone, or through the online site itself.

In any event, I would like to clean up my mac just in case. I have a 13" macbook pro running the latest version of OSX. It originally came with Snow Leopard and the install disks. Do I need to use these disks or can I use command R while rebooting and start with the most current version of OSX?

Also, any suggestions on transferring important files from time machine to the fresh system? I want to make sure I only keep safe files.

I'm aware that the mac ecosystem is safe and that it is more likely that the hack occurred somewhere else but I've lost my peace of mind.

Thanks guys.
 
You can use that disc or do Internet recovery by holding down the OPTION key on boot up.
 
Wow, that's crazy. There was no one that knew of the account details? i.e. girlfriend, wife?
 
I can't say for sure if your Mac was compromised but if it was you should be worrying about how it was compromised. If I had to guess I'd say a man-in-the-middle attack or social engineering. Make sure your connections are secure. Don't bank or input passwords over public Wifi. Reset your home router and password. Enable its highest level of security. Turn on your Mac firewall, and click all the options. Encrypt your hard drive. Set up your Mac so every time it is used you have to input the password. Apple has a great PDF on Mac hardening on its website. Read it.

As far as restoring old files only bring over those that you created yourself. Nothing you downloaded. Don't restore old apps because the attacker could have migrated shell to another app.

Set up Safari so you only allow Java/Javascript on sites you trust. Install a trusted ad blocker. Don't click suspicious links even if they're on the front page of Google Search results. Safari is a good candidate for how your account could have been compromised as well. Never ever visit a Russian social website! Don't trust Facebook either. And if you have to download something dodgy, turn off all network connections before opening it.

Install nmap and run a scan on your own network. To see if someone else is there and how your computer looks to an attacker. You should configure it so all ports are closed and your OS, etc. are non-determinable.

Change passwords often and never use the same password twice. Never use the same username twice.
 
Last edited:
trigonometry said:
I can't say for sure if your Mac was compromised but if it was you should be worrying about how it was compromised. If I had to guess I'd say a man-in-the-middle attack or social engineering. Make sure your connections are secure. Don't bank or input passwords over public Wifi. Reset your home router and password. Enable its highest level of security. Turn on your Mac firewall, and click all the options. Encrypt your hard drive. Set up your Mac so every time it is used you have to input the password. Apple has a great PDF on Mac hardening on its website. Read it.

As far as restoring old files only bring over those that you created yourself. Nothing you downloaded. Don't restore old apps because the attacker could have migrated shell to another app.

Set up Safari so you only allow Java/Javascript on sites you trust. Install a trusted ad blocker. Don't click suspicious links even if they're on the front page of Google Search results. Safari is a good candidate for how your account could have been compromised as well. Never ever visit a Russian social website! Don't trust Facebook either. And if you have to download something dodgy, turn off all network connections before opening it.

Install nmap and run a scan on your own network. To see if someone else is there and how your computer looks to an attacker. You should configure it so all ports are closed and your OS, etc. are non-determinable.

Change passwords often and never use the same password twice. Never use the same username twice.
Click to expand...

My mac must be the most infected in the history of macs....
 
niteflyr said:
Are any of these "password" apps secure? Any better or worse than Keychain?
Click to expand...

I like 1password. It can generate random usernames and passwords. It also integrates with your browser so you can command-backslash to easily enter your saved password and data. Just make sure to use one of its back-up options so you wont be screwed if you have to reinstall your OS or happen to change machines.

astroboy907 said:
My mac must be the most infected in the history of macs....
Click to expand...

Nah, but considering he was already "hacked" I was trying to give him some tips for future reference.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back