Systems Hacked - Human voice over speakers

Discussion in 'macOS' started by Jurisprudence, Jan 8, 2012.

  1. Jurisprudence macrumors member

    Joined:
    Dec 24, 2007
    #1
    Here's one for you guys. About a week ago I discovered my MobileMe account had been hacked. It's not a question, it's a certainty. The hacker even changed my security question while I was onto apple support chat. All passwords for not only that account have been changed and I'm preparing to go to the authorities.

    Now tonight, about 20 minutes ago I hear a human voice, eastern European with what sounded like an American teenage girl coming through my speakers. Clearly audible, not a website, not interference. The eastern european voice said "macintosh" and the girl in the background, likely talking to the eastern European said in a joking manner "are you dead daddy". Then the feed went dead. A couple of minutes later I heard a clinking sound from the mac (it's one of 2 tried to the same speaker system). Anyone any idea what to do next or how this could be getting through or what do I need to have analysed to trace this person. I am running littlesnitch and back to my mac is turned off and always is. Btw I'm not going mad but I will find this person and will be seeking a prosecution. Any help at all is appreciated and this is a serious issue. Thanks
     
  2. r0k macrumors 68040

    r0k

    Joined:
    Mar 3, 2008
    Location:
    Detroit
    #2
    A hacked mobile me account is a very serious issue indeed. It could allow somebody to control your mac using "back to my mac". First priority would be to disable back to my mac, which you have done. Don't waste time with prosecution when you first need to prevent further damages! Second priority is to take your Mac off the 'net and do some computer forensics to see if you can find the back door they installed or remove it by brute force using a wipe and install. Turning off BTMM isn't enough if they installed a back door app. Are there any login items you don't recognize? Turn 'em all off! Another option is to turn on the Mac firewall with the most restricted setting.

    I would also consider a wipe and install, assuming you have your data backed up. Here are the steps I would consider in your situation:
    Do the following from a different computer (NOT your Mac)...
    1 - assuming you regained control of your mobile me account, change your mobile me password to something complex - make it different from your icloud and other passwords
    2 - change any passwords you had the same or similar to your mobile me as the hacker probably looked in your keychain and is even now trying to gain access to your other accounts
    Now it's time to turn to your Mac...
    3 - take your mac offline (off the internet)
    4 - back up to a usb drive - buy one if you don't have one - make a FRESH Time Machine backup if you intend to migrate from it when you do the wipe and install.
    5 - wipe and install os x then migrate from your fresh back up. make sure there are NO login items for your account.
    6 - reinstall little snitch (be prepared for annoying popups any time any program tries to send data to the internet. it's the price of making sure you have locked these guys out).
    7 - put your mac back online

    Repeat this for every Mac that shared the mobile me account that got hacked if BTMM was ever enabled for that machine.
     

Share This Page