Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yesterday, I started using Linux for the first time in my life because my iMac is hacked (by my Husband) and no one will help me (I've come to realize that VERY few people actually get hacked in real life, thus they don't know how to react helpfully when someone is being targeted).
One thing the Mac Store people proved--it's not my iMAC that's the source of the hack. I am being hacked through my network...
*I only use Ethernet, yet my Mac constantly logs Wifi activity
and Bluetooth activity even with wifi and Bluetooth *DELETED*
--Root Privileges that I don't have receive Airport & aspd packets
all day and night tinkering with my iMac
...and apparently it has been going on without my knowledge for several YEARS ....which means the hacker is so deep into my hard drive and my system, it will be nearly impossible to get out of it without big money (I'm poor--can't afford new equipment, can't afford T.I. Professional, can't afford to move).
Our
Anyhoo -- I used Etcher to create a bootable installer for a distro called DEEPIN.
When I booted up the installer --it showed TWO (not one, but two) EFI Boots side by side. IS THAT NORMAL? It just didn't look right.
I completed the install on an EXTERNAL HARD DRIVE but then a ton a weird things started happening (the program keeps trying to return me to Group 20 hours ago which is before I installed updates). There is also a lot of on-screen jargon about BLUETOOTH failing & blocking certain things -- I don't use a bluetooth and never have. But the person hacking my network (MY HUSBAND) has been using one (according to MAC STORE) to communicate with "something unknown" in my system since I don't allow Wifi.
They suspect there's something embedded with special privileges but because this is YEARS deep -- they would have to keep my Mac for up to a week and take it apart. I can't afford to be without my computer for a week. I have no other way to do my job (hence, my decision to just switch to LINUX).
Whenever I shut down my iMAC (every night) it doesn't show the background imagery of Big Sur like it's supposed to. It shows a foamy dark screen that is not quite black -- it looks like a space interruption, it lags and then finally allows Mac to shut down.
I tried to sign back in my new DEEPIN program this morning and it was corrupted and wouldn't get past the boot screen.
So I decided to try installing two more distros, Linux Mint and Zorin (each one has its own USB stick). But once again, there are TWO Efi Boots for each distro in the respective USB thumb drives.
I believe malicious code on my iMAC is being somehow transposed into the USB drives when I create the bootables.
I got depressed and came here hoping someone will actually read my dilemma and give me advice (that doesn't cost money) on how I can fight back.
Hello LinuxNeptune and welcome to LQ. I'm sad to hear that you have such big problems both personally & technically.
Your thread will most certainly draw attention from other LQ users, but not all of it will be friendly.
We periodically get posts very similar to yours and often it transpires that either the person is simply trolling us or - with all due respect to their problematic situation - simply ignore repeated requests for palpable technical information.
While it is excellent that you have chosen to upgrade to GNU/Linux, the circumstances you describe are unfortunate. The EFF seems to point to this organization:
I do not use Macs very often and my knowledge of its inner workings is limited but I tend to the Occam's razor principle or "other things being equal, simpler explanations are generally better than more complex ones".
Both MacOS and third party applications use the Apple Push Notification Service daemon (apsd) so it would be normal to see these packets. There could be some nefarious application installed but that IMHO isn't a telltale sign.
AirPort packets could be normal and would be used to communicate with some Apple AirPort capable device. Again not a telltale sign of hacking. Bluetooth tracking is a possibility.
I am a skeptic of the idea of anything being embedded deep within and that Apple would need a week to take it apart...
My first suggestion would be to backup your data, do a factory reset and change passwords.
Yesterday, I started using Linux for the first time in my life because my iMac is hacked (by my Husband) and no one will help me (I've come to realize that VERY few people actually get hacked in real life, thus they don't know how to react helpfully when someone is being targeted).
One thing the Mac Store people proved--it's not my iMAC that's the source of the hack. I am being hacked through my network...
*I only use Ethernet, yet my Mac constantly logs Wifi activity and Bluetooth activity even with wifi and Bluetooth *DELETED*
--Root Privileges that I don't have receive Airport & aspd packets all day and night tinkering with my iMac
...and apparently it has been going on without my knowledge for several YEARS ....which means the hacker is so deep into my hard drive and my system, it will be nearly impossible to get out of it without big money (I'm poor--can't afford new equipment, can't afford T.I. Professional, can't afford to move).
Our Anyhoo -- I used Etcher to create a bootable installer for a distro called DEEPIN. When I booted up the installer --it showed TWO (not one, but two) EFI Boots side by side. IS THAT NORMAL? It just didn't look right.
I completed the install on an EXTERNAL HARD DRIVE but then a ton a weird things started happening (the program keeps trying to return me to Group 20 hours ago which is before I installed updates). There is also a lot of on-screen jargon about BLUETOOTH failing & blocking certain things -- I don't use a bluetooth and never have. But the person hacking my network (MY HUSBAND) has been using one (according to MAC STORE) to communicate with "something unknown" in my system since I don't allow Wifi.
They suspect there's something embedded with special privileges but because this is YEARS deep -- they would have to keep my Mac for up to a week and take it apart. I can't afford to be without my computer for a week. I have no other way to do my job (hence, my decision to just switch to LINUX).
Whenever I shut down my iMAC (every night) it doesn't show the background imagery of Big Sur like it's supposed to. It shows a foamy dark screen that is not quite black -- it looks like a space interruption, it lags and then finally allows Mac to shut down. I tried to sign back in my new DEEPIN program this morning and it was corrupted and wouldn't get past the boot screen. So I decided to try installing two more distros, Linux Mint and Zorin (each one has its own USB stick). But once again, there are TWO Efi Boots for each distro in the respective USB thumb drives.
I believe malicious code on my iMAC is being somehow transposed into the USB drives when I create the bootables. I got depressed and came here hoping someone will actually read my dilemma and give me advice (that doesn't cost money) on how I can fight back.
This sounds very, VERY familiar to many of the threads we've seen here:
I don't know anything about Linux, and am not very technical, but...
I can do packet inspection, see network traffic, understand exactly how to burn ISO's, look at EFI settings, etc., but....
No matter what I do, the wizard-class hacker gets back in to EVERY THING within minutes, but...
I don't have actual hard evidence that I can produce, but....
The police/officials can't or won't get involved, because the 'hacker' is involved with them
No one believes me, what can I do?
Sorry, nothing about this makes logical sense, and it seems to be almost verbatim what we've heard here over the past few years. To go point-by-point:
If you turn off wifi and bluetooth it will, amazingly, TURN OFF. How, exactly are you 'seeing' activity??
How do you know about the "Root Privileges that I don't have receive Airport & aspd packets all day and night tinkering with my iMac"? Evidence there?
How do you know it's 'years deep'??? Evidence??
You claim the Apple store said, "there's something embedded with special privileges but because this is YEARS deep -- they would have to keep my Mac for up to a week and take it apart". Why?? Software doesn't require a screwdriver to fix, and flashing the firmware on the iMac takes minutes, which removes anything on it, in favor of the new version, removing anything 'years deep'.
You say: "When I booted up the installer --it showed TWO (not one, but two) EFI Boots side by side. IS THAT NORMAL? It just didn't look right." Let's think...you're booting off a USB drive, with an installed OS. That would be *TWO* wouldn't it???
This 'amazing hacker' is somehow able to corrupt a newly installed operating system on a computer that was shut down/turned off. That's impressive.
You say: "I believe malicious code on my iMAC is being somehow transposed into the USB drives when I create the bootables." How so?? Proof/evidence??
If you have actual proof/evidence (logs, etc.), then post them. If you think your Mac was somehow 'embedded' with things from years ago, then take it to the Apple store and get them to reset EVERYTHING. Don't want to do that? Sell it and use the proceeds to buy another computer.
Either way, there is zero we can do to help you, since you're claiming that not only the police are involved with this amazing hack, but that Apple themselves claim it's so advanced as to be 'unknown', and they can't do anything to help you. Hope you get the help you need.
Thank you so much to Ondoho for welcoming me. I assure you, I am not a troll.
One thing this whole ordeal is teaching me is that very, very, very few people are ever actually hacked in a serious way.
The blanket accusations, cynicism and plain meanspiritedness from two of you on a site THAT IS CALLED "LINUX QUESTIONS" (side eye) just made me all the more depressed about what I'm going through.
I will follow the advice from the person who directed to me to the Stalkerware folks because this is a very real thing in America right now, unfortunately. All kinds of nutjobs who are Tech wizards pick people to prey on. It's on the news every day. Some of us are really going through this and it's usually the ones like me who are IGNORANT about technology and don't know anything who are harassed.
I was given a statistic by the APPLE STORE (the people who told me it could take an entire week for engineers to get to my computer). They said that the majority of women who get hacked are hacked by someone who knows them and could even be a friend or a crush. In my case, it's my jealous husband that I broke up with.
Thanks to those who had a kind word and advice. My kids and I truly appreciate it.
Thank you so much to Ondoho for welcoming me. I assure you, I am not a troll. One thing this whole ordeal is teaching me is that very, very, very few people are ever actually hacked in a serious way.
The blanket accusations, cynicism and plain meanspiritedness from two of you on a site THAT IS CALLED "LINUX QUESTIONS" (side eye) just made me all the more depressed about what I'm going through.
And nothing you posted was actually Linux related, was it??? You're claiming the Mac was compromised 'years deep', on the embedded firmware in the Mac. Which has zero to do with Linux, does it???
Quote:
I will follow the advice from the person who directed to me to the Stalkerware folks because this is a very real thing in America right now, unfortunately. All kinds of nutjobs who are Tech wizards pick people to prey on. It's on the news every day. Some of us are really going through this and it's usually the ones like me who are IGNORANT about technology and don't know anything who are harassed.
And here we are again; you're claiming to be 'ignorant about technology', and are the 'victim' of the 'nutjobs'....yet despite your technical ignorance, you somehow figured out how to read the packet activity logs for WiFi and bluetooth, know what apsd packets are, and are easily able to download several versions of Linux, use burning programs to get them on USB sticks, and even perform the installation to external disk??? Interesting.
Quote:
I was given a statistic by the APPLE STORE (the people who told me it could take an entire week for engineers to get to my computer). They said that the majority of women who get hacked are hacked by someone who knows them and could even be a friend or a crush. In my case, it's my jealous husband that I broke up with. Thanks to those who had a kind word and advice. My kids and I truly appreciate it.
Amazing that through the snark about the "accusations, cynicism and plain meanspiritedness", you don't provide any proof/evidence, or refute anything. Is there a reason for that?? Any of the 'bluetooth jargon' you claim to have seen? Even SOME of the words?? Any of the logs?? Anything???
Amazingly, it seems that the 'nutjob stalker/hacker' doesn't keep you from using your Mac, since you're posting here with it. If you're so afraid for you and your kids, wouldn't it be far safer to NOT use it???
All kinds of nutjobs who are Tech wizards pick people to prey on. (...) Some of us are really going through this and it's usually the ones like me who are IGNORANT about technology and don't know anything who are harassed.
I must take objection to these statements.
First of all, it doesn't take all that much wizardry; it could be as easy as installing a suitable app. It gives a bad name to actual tech wizards. And the victims aren't always IT illiterates.
Quote:
They said that the majority of women who get hacked are hacked by someone who knows them and could even be a friend or a crush.
This is very sad indeed and I feel bad for all victims of cyber stalking. I'm glad to say that in many countries legislation is catchin up to this - in my country a perpetrator could face serious fines, maybe even prison.
If an ex husband cannot deal with their spouse needing space than that is all the more reason to separate, kids or not.
I must take objection to these statements. First of all, it doesn't take all that much wizardry; it could be as easy as installing a suitable app. It gives a bad name to actual tech wizards. And the victims aren't always IT illiterates.
This is very sad indeed and I feel bad for all victims of cyber stalking. I'm glad to say that in many countries legislation is catchin up to this - in my country a perpetrator could face serious fines, maybe even prison. If an ex husband cannot deal with their spouse needing space than that is all the more reason to separate, kids or not.
I cannot agree more with this sentiment, ondoho, and not making light of anything to do with a serious stalking issue.
However, in this instance, it seems likely that it's following down the same path as the MANY other "I've been hacked" threads we've seen here in the past two years.
Distribution: Ubuntu based stuff for the most part
Posts: 1,173
Rep:
If you can use a guide from ifixit then you can remove the airport card, which does both wifi and bluetooth I think,then you will know for sure that they are off.
The software controls for turning these off may be overridden by the command line or some other settings.
Or the imac is just old and failing which is causing errors.
A datacenter I worked at we replaced servers that got hacked. Why take the chance something is hidden.
Just get a cheap Chrombook for your browsing needs and scrap the hacked mac.
If you can use a guide from ifixit then you can remove the airport card, which does both wifi and bluetooth I think,then you will know for sure that they are off.
The software controls for turning these off may be overridden by the command line or some other settings.
Or the imac is just old and failing which is causing errors.
A datacenter I worked at we replaced servers that got hacked. Why take the chance something is hidden.
Just get a cheap Chrombook for your browsing needs and scrap the hacked mac.
Won't help; the OP said in their first post (bolded for emphasis only):
"One thing the Mac Store people proved--it's not my iMAC that's the source of the hack. I am being hacked through my network." So it would seem like the computer wouldn't make a difference.
The OP then goes on to say: "They suspect there's something embedded with special privileges but because this is YEARS deep -- they would have to keep my Mac for up to a week and take it apart.". Back to it's the iMac, not the network. But the Apple store said they had 'proof' it was the network; amazingly, the OP can't provide that proof.
And they claim to be "IGNORANT about technology" on one hand...yet able to do network diagnostics, see network packets being transmitted, do EFI installations on a Mac to external hard drives on the other. Just seeming to fit the pattern to the numerous other threads in the same vein.
I read through this and if I understand the OP, they believe their spouse, who is a cop, hacked their PC, if so here is a suggestion. But it is Country Dependent.
Assuming the OP lives in the US, instead of calling the Police Station where the spouse works, call another Police Station. By that I mean if the spouse works for the local community, call the State Police.
A friend when through something similar a very long time ago. There were lots of drug dealers in the neighborhood where he was raising his kids, making no effort to hide their activities. He called the City Police almost weekly for months. No action.
He then called the State Police and they arrested all the dealers within 1 month, area cleaned up and the dealers never came back. Doing that should help the OP through this issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.