Please help me figure this out.

[Mai2023]

Hello, I am so desperate for some understanding and hopefully answers and after years I’ve finally landed here. I just read a post about sharing the analytic dumps on here etc and so I won’t start rambling on or speculating however I feel as if I’ve been stalked for a really long time, just always brushing off the feeling because I’m called crazy etc. I’ll share what I’ve found.. my phones, laptop, iPad etc got stolen many years ago. I retrieved them but my Mac had a keylogger on it. Since then my devices act in increasingly odd ways.  My hotspot gets used by devices I don’t recognise, I get poorly written sms and emails regarding very important things however the spelling and grammar is always a bit off and there’s a link I have to click (I never do click it anymore). When I try to use the website link that some emails include because the email might be from the bank or appears to be and it doesn’t open a link it just highlights the sentence. I get logged in and out of my Centrelink, myGov as I’m using it, sometimes it randomly says my device has been deregistered. Then I was on a government website and it kept rerouting and saying service unavailable then as I’m imputing information an info box appears and some words were spelt wrong and that doesn’t seem like a legitimate thing that government websites would have. My emails bounce back saying that the recipient doesn’t exist. One of them being a sercurity email to Suncorp. How capable does a hacker have to be in order to really mess with me in such a personal way? How can I find some sort of bread crumbs when I don’t understand most of it. Please help 🙏🏼

[digininja]

If someone is connecting to your hotspot then they must be physically very close to you to connect to the wifi, have a look around for the person who is always around when this happens, this will be your person.

[DramaKing]

1. Change the hotspot password.
2. Make sure that connected devices aren't set to "Randomize hardware address."
3. Phishing and smishing messages are not indicators of compromise. They are indicators that your personal information has leaked.
4. Don't trust any emails from unknown senders.
5. External sources can't interfere with or spoof secure websites.
6. A suspicious message box popping up does sound like an attack, likely malicious Javascript on the server, or in the really unlikely case, the browser. This shouldn't persist in the browser, though.
7. A hacker wouldn't cause emails to existing email addresses come back undeliverable.

If there is really something going on, it would take a forensic investigator to analyze your devices.

[raphael123]

On 7/13/2023 at 5:37 PM, Mai2023 said:

I get poorly written sms and emails regarding very important things

Hi

Could you give some examples?

 

It seems that you want to remove any potential access that a potential hacker would have

You said you have a hotspot but I understood that it is your personal wifi router that you own

 

I get in mind 2 things that would help to remove any potential access that a potential hacker would have:

1. Wiping physical devices

2. Changing accounts passwords

___

I get in mind 3 physical devices:

- Wifi router

- PC

- Phone

____________________________

Maybe someone has a physical access to your devices. In that case, after being wiped, you would have to encrypt the OS using a strong password that you write nowhere. It seems to me that only the PC would be concerned by this.

I use dashlane password generator and this to check strength.

By wiped I mean for example fully reinstall Windows, not using the menus but using a bootable usb key (delete all partitions then install). Maybe keep in mind that some rare virus can infect the bios/uefi / hdd firmware...

____________________________

I think it's better to wipe physical devices before changing accounts passwords, because if you change accounts passwords using an infected device then the hacker can access the changes.

____________________________

You can also keep in mind that some devices can have some publicly known exploits, mostly kinda old Android phones, and some routers. I mean the manufacturers stop updating the "firmware" and then leave the exploits unpatched.

________________________________________________________

 

So I would say to:

 

- Reset the router and ensure is uses a strong encryption and a strong password

//But you can't remember all the strong passwords... and if you reset using an infected device it's not great...

- Wipe computers

//Creating a bootable usb key from a potentially infected computer is not great...

- Factory reset the phones/tablets

_____

When all devices are "cleaned", you could consider cleaning the accounts

I have in mind:

- If you have a Google account, check the linked external websites

- Change the security questions of the accounts

- If you receive a lot of crappy mails, i think creating a new mail address could be pleasant and reassuring for you, same for phone number.

______________________________________________________

 

Another thing I have in mind, to avoid craps on internet, uBlock Origin is great, i suggest using with firefox

When i install a software, i search the software website link from wikipedia

______

I'm not an expert hacker, I'm sure that some hak5 members could suggest great tools to check if your data are leaked for example, or good tips etc

[raphael123]

ps: don't hesitate to repeat the "cleaning process" multiple times, maybe the potential hacker could stick after the first one being done