SERIOUS security/privacy breach over three months span- need HELP

Discussion in 'privacy problems' started by OCMusicJunkie, Sep 9, 2013.

Thread Status:
Not open for further replies.
  1. OCMusicJunkie

    OCMusicJunkie Registered Member

    Sep 9, 2013
    Sorry if this is in the wrong section, I just need to have some professional eyes look at it. I don't need help cleaning up a virus, it's way bigger than that....

    I'd appreciate any help in sorting all of this out... I've gotten way too far into the forest to be objective at this point. Normally I'm someone who has multiple purpose-built machines running at any given time of day. Now I've been cut off at the knees by this malware/hacking problem to the extent that for three months I've had zero functional systems. Here is the deal:

    It started out with a rootkit. Noticed some strange activity during a benchmark run on a clean install with all possible windows services turned off, right down to the CD driver. Nuked the drive and still there. Reflashes BIOS and all firmware, still there. Spent three months now trying to erraticate it from the hardware, but it's there no matter what. Not sure if it's bios or firmware or ?, but it's somewhere in non-volatile memory aside from the drives in any OS environment. Strange, but okay.

    Next came the Android part. My tablet started having unusual generic icons show up on the desktop, which were for programs I didn't recognize. The read-me and license files were all filled with scripts to keylog and steal photos, video and audio from the microphone. Couldn't clear it off without rooting it, so just tossed it since it was an econo tablet to start with. Then it got really good. My cellphone, my NON-smartphone cellphone got hacked. SMS texts were being intercepted and altered or blocked. Phone calls to the other party at the time would go to voicemail. This may have even carried over to the home phone which is on the same coaxial line as my interenet, but that may be an incorrect charge.

    Next I replaced the cell with a Galaxy, which was promptly infected with the Android virus AND had the same treatment as the previous phone. Didn't ever connect to the home network or even use the wifi period. Exchanged this twice now. Should mention I've also exchanged my own router for two different modem/router combo units from the cable co during this time. Whatever is going on, it's getting into EVERYTHING with an RF capability in my home and it's not easy to put the f' in it's place.

    Not sure it's related since it's an old house, but there is a distinct, new humming in the computing room from the walls. Could be something far out there like LAN over Powerline I'd suspect, as the outlets in the room are clearly magnetically charged too now? (wtf??)

    I'm thinking there are four different scenarios that are likely here.

    1) Simply still this insane rootkit at work, propagating itself up to the router where it's then trying to breach anything within range. This seems possible, since everything involved has SOME capacity for wifi networking.

    2) Neighborhood had a punk kid who enjoys hacking move in with a hidden network. Assume based on some odd router activity (DNS set to that it could be someone rerouting my traffic elsewhere from the computers. Not sure about the phone aspect; perhaps unrelated to the big picture?

    3) Recent ex is having her new boyfriend hack into my stuff. Not really interested in laying out specifics, but there is some motive there and I have no idea if he'd be someone who could do something like this. Can see the scenario where he's simply cloned my SIM card and used my cell to keep screwing with my gear though. Strange activity definitely centers around any contact with her, and she is defensive when I mention the idea beyond what I'd expect.

    4) I suppose it'd be naive to ignore the obvious idea that this could be official business, in which case I'm not going to object too loudly except it's been choking off basic computing tasks. Not someone who has anything criminal to observe, so would have thought this would have passed by now if it's this. Am politically active, so could have painted a target, but this feels way too malicious and not purposeful.

    What I need help with is:

    1) How would you go about setting up a network with a new router in this mess of a scenario? Obviously cryptographic strength access codes for the router but what else? Manual port forwarding, static addressing, or ? Would appreciate a link to a tool I could use to create valid IP's for static- the subnet thing isn't super comfortable for me.

    2) Would you guess this is a Who or a What that I'm fight against? Local or remote?

    3) Would you imagine there is a PC configuration, possibly using firewalls and a virtualbox I'd guess, that could survive being leaned on this badly if I cannot trace the source? Was thinking about setting up Kubuntu and Win 7 inside a Kubuntu host and seeing if that keeps a new machine clean. Second option was trying a chromebook for now since the BIOS is not standard and I could run Chr Ubuntu on it.

    4) Anything I'm missing or that you think could help.

    Thanks guys, I need whatever I can get.
    Last edited: Sep 9, 2013
  2. JackmanG

    JackmanG Former Poster

    May 21, 2013
    Cool issue.

    I'm not sure I understand much of this. First off, what would a "crystallographic strength access code" be? I'm not familiar with crystallography and am unsure of how it applies to security.

    Also, I don't quite follow your router and IP questions. Could you rephrase?

    Well, if it's genuinely malicious, the "what" is always going to come from a "who" I'm not sure how to answer that. As far as local vs. remote, you haven't provided enough data to determine that.

    I'm not sure what you're trying to doesn't sound like you've even tried starting with a fresh system and going about your business to see if the same infection occurs.
  3. OCMusicJunkie

    OCMusicJunkie Registered Member

    Sep 9, 2013
    Sorry, having to post from my PS3 (yeah...) and the keyboard was fighting me a bit. Meant cryptographic strength. Will fix that.

    I have indeed tried multiple clean systems. Everything I introduce gets compromised right away. New laptop, new desktop, two playstation's I pulled out from retirement for internet use, even a Roku that seems to have been bricked. Haven't ripped out everything from the walls and just replaced the whole household of electronics yet, but that's feeling like almost the next step. Talking about keyboards (which are being affected by this based on the activity lights flipping on when other computers are turned on that aren't paired with them), all my bluetooth devices, ect.

    If you have questions I could answer to get a better feel for remote vs local I would be glad to. My who vs what question really was more of a "targeted" vs "opportunistic/automated" one I suppose to clarify...
  4. Stifflersmom

    Stifflersmom Registered Member

    Jan 3, 2013
    I'm no expert, but here's what I would do.

    Disconnect everything from the net. Call your ISP and request a new IP address.
    Hook up your router and turn on Internet.
    Use WPA2 encryption with a strong password.
    Change your network name (SSID) to something completely different than before.
    Don't broadcast your SSID (doesn't help for hackers, but still a simple step that you should do).
    Enable MAC filtering so that the only devices that connect to your network are those that you give permission to.
    Keep your devices offline and completely wipe them.
    Reinstall your OS, get all updates, use an antivirus and firewall. I don't use windows, but when I did I used kaspersky and it was good.

    If you think your hardware is infected (not sure how that works) then replace the necessary component (motherboard, or whatever) and start over.
  5. ArchMage

    ArchMage Registered Member

    Feb 4, 2013
    Ya iv seen this kind of **** before, personally.

    Had to smash every hdd and backup going back like 10 years, lost everything.
    well not everything but you know what i mean what a mess, massive hardware damage something along the lines of 30 hdd and 20 motherboards and more had to be smashed.

    Not many people have see that kind of thing in person my friend, id love to pass by to do forensics and see whats up with your problem amusing your not tripping on the topic.
    i have some experience on the topic though really a team of experts should show up to check out wtf going on their and im out of my league on this topic.

    The people that came up with that kind of thing are smarter then god and a lot less nice.

    You should look up bios virus or Permanent denial of service attack topics.

    As for all hardware you have to follow full quarantine procedures, anything and everything that could be infected.

    What are you using to nuked the drives ?

    What i saw at my end was beyond understanding.
Thread Status:
Not open for further replies.