Mac might be compromised. How to proceed.

Discussion in 'MacBook Pro' started by scjfly, Jul 10, 2013.

  1. scjfly macrumors newbie

    Oct 20, 2010
    To make a long story short, I had a significant online financial account hacked and the funds stolen. In my estimation there are three areas in which the hacker could have stolen my info. My mac, iphone, or through the online site itself.

    In any event, I would like to clean up my mac just in case. I have a 13" macbook pro running the latest version of OSX. It originally came with Snow Leopard and the install disks. Do I need to use these disks or can I use command R while rebooting and start with the most current version of OSX?

    Also, any suggestions on transferring important files from time machine to the fresh system? I want to make sure I only keep safe files.

    I'm aware that the mac ecosystem is safe and that it is more likely that the hack occurred somewhere else but I've lost my peace of mind.

    Thanks guys.
  2. Orlandoech macrumors 68040


    Jun 2, 2011
    Salt Lake City, UT
    You can use that disc or do Internet recovery by holding down the OPTION key on boot up.
  3. tgi macrumors 65816


    Aug 29, 2012
    Wow, that's crazy. There was no one that knew of the account details? i.e. girlfriend, wife?
  4. trigonometry, Jul 11, 2013
    Last edited: Jul 11, 2013

    trigonometry macrumors 6502


    Jun 19, 2010
    South Carolina
    I can't say for sure if your Mac was compromised but if it was you should be worrying about how it was compromised. If I had to guess I'd say a man-in-the-middle attack or social engineering. Make sure your connections are secure. Don't bank or input passwords over public Wifi. Reset your home router and password. Enable its highest level of security. Turn on your Mac firewall, and click all the options. Encrypt your hard drive. Set up your Mac so every time it is used you have to input the password. Apple has a great PDF on Mac hardening on its website. Read it.

    As far as restoring old files only bring over those that you created yourself. Nothing you downloaded. Don't restore old apps because the attacker could have migrated shell to another app.

    Set up Safari so you only allow Java/Javascript on sites you trust. Install a trusted ad blocker. Don't click suspicious links even if they're on the front page of Google Search results. Safari is a good candidate for how your account could have been compromised as well. Never ever visit a Russian social website! Don't trust Facebook either. And if you have to download something dodgy, turn off all network connections before opening it.

    Install nmap and run a scan on your own network. To see if someone else is there and how your computer looks to an attacker. You should configure it so all ports are closed and your OS, etc. are non-determinable.

    Change passwords often and never use the same password twice. Never use the same username twice.
  5. niteflyr macrumors 6502a

    Nov 29, 2011
    Southern Cal
    Are any of these "password" apps secure? Any better or worse than Keychain?
  6. Astroboy907 macrumors 65816


    May 6, 2012
    Spaceball One
    My mac must be the most infected in the history of macs....
  7. trigonometry macrumors 6502


    Jun 19, 2010
    South Carolina
    I like 1password. It can generate random usernames and passwords. It also integrates with your browser so you can command-backslash to easily enter your saved password and data. Just make sure to use one of its back-up options so you wont be screwed if you have to reinstall your OS or happen to change machines.

    Nah, but considering he was already "hacked" I was trying to give him some tips for future reference.

Share This Page