Was my recovery partition hacked ?

Discussion in 'Mac Basics and Help' started by Shellymacbook, Dec 18, 2013.

  1. Shellymacbook macrumors newbie

    Joined:
    Dec 18, 2013
    #1
    I was nice enough or dumb enough to let a friend of mine use my MacBook for a few hours. Fast forward a few months later I find out he has been reading my emails and looking at my web traffic. I quickly performed a factory reformat and re stalled mountain lion. After a few weeks I find out that he is still able to hack my system. I then did a 7 times erase and assumed the problem was fixed. Of course it's not and he is still able to view my emails. I changed my passwords over and over and he still gets in. I did some research on Line and found out about a back door recovery partition virus or hack that he could have done. But from what I can read online once my computer has been hacked like this there is no way to fix it. Can anyone confirm this.
    When I change my passwords on sisters computer I had no problems but after a few weeks I logged into mine and he seemed to get the passwords.

    Sorry for the long question but thank you in advance .
     
  2. ArtOfWarfare macrumors G3

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #2
    Email is unencrypted. If you're ever on the same network as him and he has the right tools, he can read your emails without knowing anything about your password.

    Similarly, HTTP is not encrypted. That's also trivial to get if he's on the same network with the right tools. Again, he doesn't need to know any of your passwords to do this.

    I'm not sure about HTTPS, but I believe that's supposed to make this intrusion of privacy more difficult. I'm not sure what it would take to bypass whatever security HTTPS has.
     
  3. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #3
    Could always ask him and through various statements by you make it clear you want an answer?
    Actually, this isn't making much sense, you seem to be omitting enough detail to confuse my tired old brain. which I'd have to admit isn't as sharp as it once was.
    He have physical access?
    Is he in the same building as you?
    What do you mean "gets in"?

    If you think that hack is true, just re-install and opt out of the recovery partition, using a cloned external for that.

    There was word of a back door to file vault, but you need physical access if it's even a viable issue.
    Do you have a link? I am a technology director and keep up on things, but I've never heard of what you describe.

    I could be wrong and it's always prudent to check, but it sounds to me like your friend is pulling your leg.
     
  4. Shellymacbook thread starter macrumors newbie

    Joined:
    Dec 18, 2013
    #4

    He had access to my laptop for a few hours . No we are not on the same network and no we do not live in the same building any more. But I do use gmail and search with safari . Help please how do I encrypt my email ? Or protect my self . Thank you for the reply I never thought of encrypting emails.

    ----------



    Here is one of the links
    http://www.securitygeneration.com/security/mac-os-x-lion-and-the-dangers-of-restoring-from-a-partition/

    I let him use my laptop for a few hours now he seems to have access to me.
    We don't live in the same building but he seems to be able to get all my passwords . Even see my word documents it's annoying. How do I opt out of the recovery partion ? Do I need to make a new one? Also do I need to rest my terminal ? Or will any codes he wort be deleted . Thanks for the help
     
  5. ArtOfWarfare macrumors G3

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #5
    You don't encrypt your email. Email is unencrypted, end of story. Never use email for anything you want to keep to yourself. That's why 90%+ of websites don't email you your password when you've forgotten it - the only ones that do are the ones run by idiots who don't understand security.

    If you want to securely communicate with someone, you'll need to find another way. I'm pretty sure iMessages is encrypted. Facebook Messages might be, too.
     
  6. Shellymacbook thread starter macrumors newbie

    Joined:
    Dec 18, 2013
    #6
    Wow I never knew that . I will try using iMessage because I need email for work purpose. Also is fire fox better then safari ? I been reading online it's safer . Thanks again I learned something new today.
     
  7. subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #7
    Seems? Have you positively confirmed this? In any case, the explanation is likely simpler than some cleverly thought out recovery partition scheme.

    You mentioned that you had erased your drive, if you erase the entire drive all partitions will be gone (by erased I mean overwrite with random data or zeroes).
     
  8. Shellymacbook thread starter macrumors newbie

    Joined:
    Dec 18, 2013
    #8
    Also how is he seeing my web history if I disabled it in gmail ?please give me advise on this . Thanks
     
  9. subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #9
    Have you looked at "sharing" in system prefs to make sure none of the options there are ticked?
     
  10. Shellymacbook thread starter macrumors newbie

    Joined:
    Dec 18, 2013
    #10
    Thanks for your response
    Yes all sharing and Remote Desktop are off . I have been researching " shh" I guess it's a code to hack computers and su commands . Anyway I am just confused why a disk erase wont work. At first I thought it was a simple spyware or malware or key logger but now I am concerned he really might have ruined my computer . My computer runs fine but he has some sort of way to view my files, emails and web history it's like I don't have a computer.
     
  11. Fishrrman macrumors G5

    Fishrrman

    Joined:
    Feb 20, 2009
    #11
    [[ Help please how do I encrypt my email ? Or protect my self . Thank you for the reply I never thought of encrypting emails. ]]

    Does your MacBook have a user-replaceable hard drive?

    If so, replace it with a brand-new one and start from scratch.

    If it was me, I would NOT "directly-connect" the Macbook with the OLD drive, once it was removed. I would find a 3rd-party Mac somewhere, hook the OLD drive up to that, and transfer data files (such as music and mail) to a USB flashdrive, then to the MacBook.

    Have you changed the passwords to your ISP account(s)?
    If not, change them right now.

    This is a lesson as to why you should NEVER NEVER NEVER let ANYONE access your computer using your account. Not your friends, boyfriend, not the love of your life.

    Set up a separate "guest" account, and before you hand them the computer, switch over to it.
     
  12. Shellymacbook thread starter macrumors newbie

    Joined:
    Dec 18, 2013
    #12
    Thank you for your input , it sounds like I need to buy a new hard drive and get some help solving the issue. I have learned my lesson . I will never let anyone use my computer .
     
  13. subsonix, Dec 18, 2013
    Last edited: Dec 18, 2013

    subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #13
    SSH is a administration tool that enables remote login over an encrypted channel with SSL. Anyway, if SSH was enabled you should also see that in system prefs, you should also see an active sshd process if you look in Activity Monitor.

    Disk erase should work, if you erase the entire disk (all partitions) and pick secure erase in Disk Utility. Obviously, if you later restore from a backup of your old drive made by for example Carbon Copy Cloner you may also re-enable any hypothetical additional software that you now want to make sure you got rid of.

    Edit: As Fishrrman mentioned just copying your own files (basically Documents, Movies, Images, Music and so on) to somewhere may be the ticket. You could do this before you erase the disk (or buy a new one) however, then you don't have to find another computer to attach the disk to.
     
  14. Tumbleweed666 macrumors 68000

    Tumbleweed666

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #14
    I suspect something else is going on here other than this super hacker type stuff. For example, might he simply have a key to your house?

    In any case if he truly is reading your emails and on your computer you should go to the police.
     
  15. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    Location:
    Sailing beyond the sunset
    #15
    It's also possible that he knows your Gmail password. You should change that password immediately, if you haven't already done so. Encrypting your email would be worthless if he still knows the Gmail password for your account.

    He may also know the passwords to any other online accounts you have. Again, change those if you haven't done so.
     
  16. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #16
    If you think someone is logging into your Gmail account and checking your mail, Gmail provides a way to check for this.

    Login to your Gmail account and look in the bottom right of the page where it says "Details" like in my screenshot.

    [​IMG]

    Click details and it will bring up a screen like this where you can see the IP address of users who have logged in to the account. If you see logins from an IP other than you own, you will know someone has your password and is logging in to check your Gmail. It would show other IP address in this list if for example, you logged in to Gmail from your office.

    You can see your own current IP address at the bottom of the screen.

    [​IMG]
     
  17. costabunny macrumors 68020

    costabunny

    Joined:
    May 15, 2008
    Location:
    Weymouth, UK
    #17
    I don't suppose he has a direct line of sight - by this I mean it was a once (and probably still is for all I know) method that with a close enough building and a computer that has its screen facing a window, that an attacker could go old school and use binoculars to watch your screen.

    long shot, but is this possible.

    How do you connect to the internet? through a campus/building network or via your own router?

    paying out for a new hard drive seems a little overkill. when was the last time he accessed a file that you know of? (I mean you KNOW he read a file on your computer most recently)?
     
  18. grockk macrumors 6502

    grockk

    Joined:
    Mar 16, 2006
    #18
    The simplest method is a restraining order.

    Gmail saves the last 10 IP addresses when you log into the web interface. If you see one that shouldn't be there you take it to the police. Lot harder to hack you from prison cell.
     

Share This Page