New, lost, hacked!

Derelict

If I thought my computer and phone were hacked I would never trust them again, nor would I trust any backups.

It is coming to the point where I would not trust the hardware that was hacked either but I am not there yet (and I can't afford it).

I would format them, reinstall them. UPDATE THEM TO CURRENT CODE LEVEL, and start from scratch. I would CAREFULLY pull DATA FILES ONLY (documents, spreadsheets, etc) from a backup as necessary.

I would put a firewall (any firewall) between you and everyone else in your house. This will probably be double-NAT but if you only connect outbound, that should be fine. You will be able to connect out - they will not be able to connect in. Sharing wireless with them will probably be impossible so you will need to do your own wireless on your own inside network.

NOTE: anyone in the other network - your family's network, can still play man-in-the-middle with your non-encrypted traffic. JUST LIKE your ISP could (or anyone else in the data path) if they were so inclined. You will need your own infrastructure (ISP connection, etc) to make that not be the case. Use SSL/TLS on everything you do and PAY ATTENTION AND SEEK HELP if you receive any certificate verification errors.

I would make DAMN SURE I was using UNIQUE, SEPARATE, STRONG, RANDOM passwords to access important sites (financial, email, etc). Do not share passwords between sites. Use a password management tool like LastPass to help you both generate and keep track of these passwords.

I would make sure I installed ALL SOFTWARE UPDATES in a timely manner.

I would make sure I DID NOT CLICK ON UNKNOWN LINKS IN EMAIL.

I would not install or update ANY SOFTWARE based on a pop-up prompt. I would note what that says needs to be updated then MANUALLY go to that site to see if there is an update. (as in go to adobe directly to get a flash update - DO NOT FOLLOW a provided link)

It sounds like you need to find someone local whom you trust to do all of this or start learning how to do it yourself. The latter sounds like it will be a long road.

AR15USR

Do you have kids in the house, old enough to be computer literate? Sounds like your kid is screwing with you…

If not, your passwords need to look like this: iA+kL=pmTu2n7}D/6f4A@T9

and not like this: Biggy162

Start using LastPass or 1Password...

I had a similar problem with my mother-in-law, once I removed Admin privileges from her computer account and she hasn't had a problem since...

Evie J32

AR15USR-No, I AM the kid in the house, relatively speaking (I’m not a teenager.) My passwords all look like that, but I don’t use a password manager anymore-my buddy up there will probably not believe me, but my lastpass was hacked. I had a premium account and the master password wouldn’t work one day and when I got my “hint” emailed to me, it had changed. I found a document later on my computer called something like “LASTPASS_EXTRACTION_PHP.”

Johnpoz, I know you aren’t trying to be mean (I hope) but it does hurt to not be believed when you are telling the truth. The bank thing for example, I know it makes no sense, but it really happened, not someone else’s account-I promise I’m not a troll or looking for attention-well actually I am looking for attention in the form of help, but not in the way you are implying. I mean why would someone send my brother an email pretending to be me with a Christmas card? Or change my username? We don’t know, but it FEELS like the point is power/control/to instill fear, because they can. I have a crazy ex or two but other than that I’m at a loss as to why someone would take the time and resources to harass someone with almost no resources. I took your advice and looked up the info from that email on the web and I’ll post it below. Let me know what you make of it.

Derelict-thanks for the advice, much appreciated. I do most of that as far as updating etc. Do you think the double-NAT would significantly slow down either network? If you were me, would you go so far as getting a new ISP separate from them with a modem, router/firewall and access point? That’s what I’m considering so that’s one less thing if something goes wrong to wonder about (“maybe it’s cause I’m still attached to the At&t service.) I don’t trust my devices and am getting new ones, that’s why I want to make sure the network is solid cause I can’t replace any more devices. Also, when you say data files only, do you mean as opposed to photos and music files?

Gmail data:

Delivered-To: Eviewevie@gmail.com07312017084445463.SNL_New.e359f8f5-c814-4cd5-842b-62a83066ec47@return.salesnexus.com
Created at: Mon, Jul 31, 2017 at 2:22 PM (Delivered after 1 second)
From: Eviewevie@gmail.com
To: Eviewevie@gmail.com
Subject: - ɴᴇᴡ ᴍᴇssᴀɢᴇ : ʏᴏᴜ ɢᴏᴛ ᴍᴇ! -PIoI
DKIM: 'PASS' with domain sendgrid.net Learn morecom
Received: by 10.176.74.206 with SMTP id t14csp3910462uae;
Mon, 31 Jul 2017 11:22:36 -0700 (PDT)
X-Received: by 10.99.96.145 with SMTP id u139mr16860246pgb.347.1501525356075;
Mon, 31 Jul 2017 11:22:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1501525356; cv=none;
d=google.com; s=arc-20160816;
b=j2wkhveZsW0ruFBE8eU4PX7KrrzpJPyFWWIH64ZQ+WMeCBjIpOPH4QTgy/X6lGIvyw
abXqoMKAbK9r18oQKqoNELmX3WL+B4SNE5WKV25Tpoz72CHVXFRMYT9pHSIsg213GXvy
GpjeL7eas3rXLVLt5oC2FWVcf6GBKjWGlw7gqe3I6719wYRPn9W+5zfJLGHscKth10kD
4ZxwSmvrloCFJHpDKEMBE5JZi+kEgXJYcHNBQI+2ceaddW0RBAxztng2R7/g8zv2uOKP
iatKVyUyQrY8wichfDnWVy8vWYj60yRjBGheOcBWUxOsR2kaFKWRZcaJ4CFmKFdaM73p
3kDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=mime-version:subject:from:sender:to:errors-to:reply-to:date
:message-id:dkim-signature:arc-authentication-results;
bh=TpyE0jRUi80KOnJAci3Gzbfycfu+NVfb2WNeIee6XUY=;
b=jTuWBfOsFtTObYIpO4F3UfKCBYxI8/tpk57NzcnE2rEjQ2hMr+t874pXwx+bqKOCse
6wUyulQ1MySXZtnM8pBKWqh7AyrisXoTMJb/K3Ej+9p0GfEU/2TV5KqRmEb8RnD2Drf1
Wok+kpkCUspuit6KCVrgmPAOzo1TuNTURTDdsxn6OsM0z07b1uHtx5P0b86fxiIk7lIm
qi+VkKwTyd8LHJF1o2TJ6bfJZpHjAt4e9ZkgIdq+xKAX+IsVb+P+ZMkEMHu9unhqBmjh
IUg1U+P5Ai6lcORbmsu+uGvCmX7ZpmWJTEC15IUZs8fNtj7cNQYJAKl4da87IhI46VcX
W9pw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@sendgrid.net header.b=x2tFmXjt;
spf=pass (google.com: domain of bounces+5897700-95d0Eviewevie=gmail.com@sendgrid.net designates 167.89.106.58 as permitted sender) smtp.mailfrom=bounces+5897700-95d0-Eviewevie=gmail.com@sendgrid.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: bounces+5897700-95d0-eviewevie=gmail.com@sendgrid.netReceived: from o1.0qt.s2shared.sendgrid.net (o1.0qt.s2shared.sendgrid.net. [167.89.106.58])
by mx.google.com with ESMTPS id o32si3595477pld.619.2017.07.31.11.22.35
for eviewevie@gmail.com(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 31 Jul 2017 11:22:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounces+5897700-95d0-Eviewevie=gmail.com@sendgrid.net designates 167.89.106.58 as permitted sender) client-ip=167.89.106.58;
Authentication-Results: mx.google.com;
dkim=pass header.i=@sendgrid.net header.b=x2tFmXjt;
spf=pass (google.com: domain of bounces+5897700-95d0-Eviewevie=gmail.com@sendgrid.net designates 167.89.106.58 as permitted sender) smtp.mailfrom=bounces+5897700-95d0-Eviewevie=gmail.com@sendgrid.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.net; h=reply-to:to:sender:from:subject:mime-version:content-type:x-feedback-id; s=smtpapi; bh=RXHHFDGx2A4L6SAF5bGP/SXjgYA=; b=x2tFmXjtnRIAwf3WBO RQmkgRbhk4rvjijxs1BpRspKq+g1YuMDKgWocKNx/e2lVbEh2l/5SjnrVyMyPBve aJqVBEW5RId2W96enHn8O8cWAvo7hK9KG0J2b+CeMLoSnLxhCV3sPRlLN/qQdEPW 0fBbH1D8YWXL2lfTWWxN6BLOc=
Received: by filter0227p1las1.sendgrid.net with SMTP id filter0227p1las1-32243-597F756B-9
2017-07-31 18:22:35.689147688 +0000 UTC
Received: from ariane.ens-cachan.fr (celticfree.com [185.32.221.168]) by ismtpd0017p1sin1.sendgrid.net (SG) with ESMTP id HEPlOvx5Tcu7P2Rox5YYgg for eviewevie@gmail.com; Mon, 31 Jul 2017 18:22:35.132 +0000 (UTC)
Message-ID: 07312017084445463.SNL_New.e359f8f5-c814-4cd5-842b-62a83066ec47@return.salesnexus.com
Date: Mon, 31 Jul 2017 18:22:35 +0000 (UTC)
Reply-To: Mallory Garber mgarber@salesnexus.comErrors-To: snl_new-r3-2auqs@return.salesnexus.comX-SN-ID: <07312017084445463.SNL_New.e359f8f5-c814-4cd5-842b-62a83066ec47>
X-D-Ip: @lcgroup3
To: eviewevie@gmail.comSender: Mallory Garber mgarber_salesnexus.com@salesnexus.comFrom: eviewevie@gmail.comSubject: - ɴᴇᴡ ᴍᴇssᴀɢᴇ : ʏᴏᴜ ɢᴏᴛ ᴍᴇ! -PIoI
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="–----_=_NextPart_001_EA07BBAC.41E51F4B"
X-SG-EID: EtOhHV3SACD7nyNbjUA6VuaXxdgKOOcVzuR3ceABBHulLelgxaqekIQiulgX2pPSxxfD67ookQKBQu sMwF5B6rurMi0bxPHiF+aac72FexpCeRWtjeMczfRCil4lzsAj9xkPGwiSCk5ER10LdKoUQzKtSDI0 rUL/JaYezlLRajkcQr+q7FkWg5rVF3L8nlPYA9ApgCQTU/QEYtHRvx3k0g==
X-Feedback-ID: 5897700:4+Ep5ED5DnECriL3NwR/Ki/Hdp19jdlzwdcYWlqEhDw=:4+Ep5ED5DnECriL3NwR/Ki/Hdp19jdlzwdcYWlqEhDw=:SG

--------_=_NextPart_001_EA07BBAC.41E51F4B
Content-Type: text/plain

--------_=_NextPart_001_EA07BBAC.41E51F4B
Content-Type: text/Html

<google.com><center>
<google.com><google.com><google.com><google.com><google.com><google.com>[Hi How are you today i hope you will be good

I was this 3 days searching for any contact that can make me take a short conversation with you

First i want to tell that i'm a neighbor soory if i can't told you my name cuz i'm shy

I love you; i realy love you an i want to know your opinion about me

i already registred on a chat website you must also register on it if you want to see my pic my phone number..

I know you will like me because i"m beautifull im waiting for you to register and began our conversation

register from this link

Don't be late plz i Know you are Home now and i want to date me tonight if you are free

It will be a special nghit with us

Click Here](cli.re/L4dAE2)

<google.com><google.com><google.com><google.com><google.com><google.com>UNSUBSCRIBE</google.com>

<google.com><google.com><google.com><google.com><google.com><google.com><google.com>OPT_DOWN</google.com> <google.com><google.com><google.com><google.com><google.com><google.com><google.com><google.com><google.com><google.com><google.com><google.com><google.com>

--------_=_NextPart_001_EA07BBAC.41E51F4B--</google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com></google.com> </center></google.com>/eviewevie@gmail.com /mgarber_salesnexus.com@salesnexus.com /eviewevie@gmail.com /snl_new-r3-2auqs@return.salesnexus.com /mgarber@salesnexus.com /eviewevie@gmail.com /eviewevie@gmail.com /bounces+5897700-95d0-eviewevie=gmail.com@sendgrid.net

johnpoz

dude its spam…

Sender: Mallory Garber mgarber_salesnexus.com@salesnexus.comYour saying that is you??

Came from here

Received: from o1.0qt.s2shared.sendgrid.net (o1.0qt.s2shared.sendgrid.net. [167.89.106.58])
by mx.google.com with ESMTPS id o32si3595477pld.619.2017.07.31.11.22.35

How is that a HACK of your email account? This is the sort of email that is scaring you??? Oh my gawd… Dude turn on spam filtering in gmail..

Mail actually came from here
Received: from ariane.ens-cachan.fr (celticfree.com [185.32.221.168])

To the sendgrid servers –-> by ismtpd0017p1sin1.sendgrid.net

So that your IP address? 185.32.221.168

which is actually in switzerland

inetnum: 185.32.221.1 - 185.32.221.255
netname: Xelon-3
country: CH

edit: If you want more help have to wait til tmrw - got to go pick up my 4.5 million dollar consignment box from the Secretary us department homeland security ;) heheehe ROFL...

4_5million.png_thumb /mgarber_salesnexus.com@salesnexus.com

KOM

For security purposes, I only do my computing on an abacus I built myself.

;D ;D ;D

This concludes the entertainment portion of our program.

Derelict

If you already did all that you would not be getting infected all the time.

Change your behavior.

johnpoz

Nobody is infected or hack - the kid doesn't understand what spam is ;)

Evie J32

That email didn’t make me feel afraid because it’s obviously not written by someone near me and it’s all links, it looks like spam but it was the first time I had ever gotten something that looked like it was from me to me and it’s still the only time, so yes, it alarmed me cause I thought I was hacked again. I didn’t know about analyzing headers. Plus it came when I’d already found out about jail broken iPhone, Android, lastpass account, bank account, and countless other things. Like when my hotspot changed passwords out of thin air. I was so glad to have the At&t guy there, he was like “whoaaaa what just happened??” Otherwise it’s just “you must be a crackhead.” And of course I already have a spam filter, gmail automatically filters most spam like that. Tbh I still don’t understand that email, I’m not in Switzerland and didn’t have a VPN at the time and why were there several names in that email? What is sendgrid and sales nexus? I’m glad it isn’t hacked. With protonmail, I emailed the FTC to ask about something and got a response. I thought the reply was odd so I called and she said “that’s not us, someone had to have access to your account to be able to write that.” Which is a protonmail account with two passwords and an Authenticator app. This is why I assume the worst sometimes, cause it seems like impossible things are possible. It’s so frustrating to be painted as crazy or stupid, when one person I know who is an actual genius who invented something you have all definitely heard of has said “that is definitely not normal.” But I don’t know him well/he doesn’t live here anymore. He could sort me out in a minute.

Derelict, I hear what you’re saying, but I have strong passwords, use 2fa, update everything, don’t download sketchy stuff, there has to be something I’m missing or some link since it’s happened on so many devices with so many accounts.

Do you have advice about where to go to educate myself about networks and security? Books to read? The bottom line is I still have to set up a network whether you think I’m crazy or lying or mistaken or stupid. Let’s say I’m all 4, and smoking crack at this very minute. What would your advice be about setting up a VPN router? Well minus the crack part; you’d probably say something else. My point is, advice for anyone struggling with security for whatever reason.

JKnott

My point is, advice for anyone struggling with security for whatever reason.

The problem is security is a very large area and there's no way we can teach you all that. Our focus here is a firewall and while we may know other areas, we can't provide a complete course, to someone who doesn't even understand networking basics. It's not that we don't want to help, but you really need someone nearby who can help, look at your computer etc. We simply can't do that.

johnpoz

Dude I have been doing this for over 30 years, getting paid to do it for 25.. Before there were real computers and "networks" ;)

Just not possible to "teach" you security in a few posts… I can answer your questions on how to block or allow something specific in firewall rules.. More than happy to help you understand how to read the headers in an email message, etc.

But you have not given any actual evidence of being "hacked" more you have seen 1 too many movies or tv shows.. Did you just binge watch some episodes of Mr Robot? ;)

Turning on pfsense is not going to fix your issue or really make you any more secure from being "hacked" than any off the shelf router.. When it comes down to it out of the box they do the same thing - they block unsolicited inbound and allow you out via a nat. Its not a magic box you turn on and it makes your network secure from being "hacked"..

It just a tool you use to secure your network.. But without the understanding of how to use the tool, its not some magic thing you turn on.. Many new users hear oh I can turn on IPS and will be secure from hackers - sorry it doesn't work that way. If anything going to block the user from what they want to do when they want to do it.. And provide them with so much information it will just be overload of info they do not understand anyway..

For all we know you bought your phone off ebay and was jailbroken when you got it.. As to your bank account username and password being changed - sorry makes no sense.. Why would someone do that? And then not take any money? Come on did you maybe forget your password? And the username you norm use wouldn't work so its different than the normal username you pick... Maybe you smoked a bit of thee good stuff and got a bit paranoid after watching mr robot and thought someone changed your password - ie "hacked" you...

Don't mean to make fun - You got some p0rn spam that said it was from you and your getting hacked? ??