Hey friends,

I am NEW. COP's wife.

Yesterday, I started using Linux for the first time in my life because my iMac is hacked (by my Husband) and no one will help me (I've come to realize that VERY few people actually get hacked in real life, thus they don't know how to react helpfully when someone is being targeted).

One thing the Mac Store people proved--it's not my iMAC that's the source of the hack. I am being hacked through my network...

*I only use Ethernet, yet my Mac constantly logs Wifi activity
and Bluetooth activity even with wifi and Bluetooth *DELETED*
--Root Privileges that I don't have receive Airport & aspd packets
all day and night tinkering with my iMac

...and apparently it has been going on without my knowledge for several YEARS ....which means the hacker is so deep into my hard drive and my system, it will be nearly impossible to get out of it without big money (I'm poor--can't afford new equipment, can't afford T.I. Professional, can't afford to move).

Our

Anyhoo -- I used Etcher to create a bootable installer for a distro called DEEPIN.

When I booted up the installer --it showed TWO (not one, but two) EFI Boots side by side. IS THAT NORMAL? It just didn't look right.

I completed the install on an EXTERNAL HARD DRIVE but then a ton a weird things started happening (the program keeps trying to return me to Group 20 hours ago which is before I installed updates). There is also a lot of on-screen jargon about BLUETOOTH failing & blocking certain things -- I don't use a bluetooth and never have. But the person hacking my network (MY HUSBAND) has been using one (according to MAC STORE) to communicate with "something unknown" in my system since I don't allow Wifi.

They suspect there's something embedded with special privileges but because this is YEARS deep -- they would have to keep my Mac for up to a week and take it apart. I can't afford to be without my computer for a week. I have no other way to do my job (hence, my decision to just switch to LINUX).

Whenever I shut down my iMAC (every night) it doesn't show the background imagery of Big Sur like it's supposed to. It shows a foamy dark screen that is not quite black -- it looks like a space interruption, it lags and then finally allows Mac to shut down.

I tried to sign back in my new DEEPIN program this morning and it was corrupted and wouldn't get past the boot screen.

So I decided to try installing two more distros, Linux Mint and Zorin (each one has its own USB stick). But once again, there are TWO Efi Boots for each distro in the respective USB thumb drives.

I believe malicious code on my iMAC is being somehow transposed into the USB drives when I create the bootables.

I got depressed and came here hoping someone will actually read my dilemma and give me advice (that doesn't cost money) on how I can fight back.

Hello LinuxNeptune and welcome to LQ. I'm sad to hear that you have such big problems both personally & technically.

Your thread will most certainly draw attention from other LQ users, but not all of it will be friendly.

We periodically get posts very similar to yours and often it transpires that either the person is simply trolling us or - with all due respect to their problematic situation - simply ignore repeated requests for palpable technical information.

While it is excellent that you have chosen to upgrade to GNU/Linux, the circumstances you describe are unfortunate. The EFF seems to point to this organization:

https://stopstalkerware.org/resources/

They might or might not be able to help. Ironically the site requires use of gratuitous javascript. So take it with a grain of salt.

Stalkerware is an unfortunately widespread problem.

Welcome to LinuxQuestions.

I do not use Macs very often and my knowledge of its inner workings is limited but I tend to the Occam's razor principle or "other things being equal, simpler explanations are generally better than more complex ones".

Both MacOS and third party applications use the Apple Push Notification Service daemon (apsd) so it would be normal to see these packets. There could be some nefarious application installed but that IMHO isn't a telltale sign.

AirPort packets could be normal and would be used to communicate with some Apple AirPort capable device. Again not a telltale sign of hacking. Bluetooth tracking is a possibility.

I am a skeptic of the idea of anything being embedded deep within and that Apple would need a week to take it apart...

My first suggestion would be to backup your data, do a factory reset and change passwords.

This sounds very, VERY familiar to many of the threads we've seen here:

1. I don't know anything about Linux, and am not very technical, but...
2. I can do packet inspection, see network traffic, understand exactly how to burn ISO's, look at EFI settings, etc., but....
3. No matter what I do, the wizard-class hacker gets back in to EVERY THING within minutes, but...
4. I don't have actual hard evidence that I can produce, but....
5. The police/officials can't or won't get involved, because the 'hacker' is involved with them
6. No one believes me, what can I do?

Sorry, nothing about this makes logical sense, and it seems to be almost verbatim what we've heard here over the past few years. To go point-by-point:

• If you turn off wifi and bluetooth it will, amazingly, TURN OFF. How, exactly are you 'seeing' activity??
• How do you know about the "Root Privileges that I don't have receive Airport & aspd packets all day and night tinkering with my iMac"? Evidence there?
• How do you know it's 'years deep'??? Evidence??
• You claim the Apple store said, "there's something embedded with special privileges but because this is YEARS deep -- they would have to keep my Mac for up to a week and take it apart". Why?? Software doesn't require a screwdriver to fix, and flashing the firmware on the iMac takes minutes, which removes anything on it, in favor of the new version, removing anything 'years deep'.
• You say: "When I booted up the installer --it showed TWO (not one, but two) EFI Boots side by side. IS THAT NORMAL? It just didn't look right." Let's think...you're booting off a USB drive, with an installed OS. That would be *TWO* wouldn't it???
• This 'amazing hacker' is somehow able to corrupt a newly installed operating system on a computer that was shut down/turned off. That's impressive.
• You say: "I believe malicious code on my iMAC is being somehow transposed into the USB drives when I create the bootables." How so?? Proof/evidence??

If you have actual proof/evidence (logs, etc.), then post them. If you think your Mac was somehow 'embedded' with things from years ago, then take it to the Apple store and get them to reset EVERYTHING. Don't want to do that? Sell it and use the proceeds to buy another computer.

Either way, there is zero we can do to help you, since you're claiming that not only the police are involved with this amazing hack, but that Apple themselves claim it's so advanced as to be 'unknown', and they can't do anything to help you. Hope you get the help you need.

Thank you so much to Ondoho for welcoming me. I assure you, I am not a troll.

One thing this whole ordeal is teaching me is that very, very, very few people are ever actually hacked in a serious way.

The blanket accusations, cynicism and plain meanspiritedness from two of you on a site THAT IS CALLED "LINUX QUESTIONS" (side eye) just made me all the more depressed about what I'm going through.

I will follow the advice from the person who directed to me to the Stalkerware folks because this is a very real thing in America right now, unfortunately. All kinds of nutjobs who are Tech wizards pick people to prey on. It's on the news every day. Some of us are really going through this and it's usually the ones like me who are IGNORANT about technology and don't know anything who are harassed.

I was given a statistic by the APPLE STORE (the people who told me it could take an entire week for engineers to get to my computer). They said that the majority of women who get hacked are hacked by someone who knows them and could even be a friend or a crush. In my case, it's my jealous husband that I broke up with.

Thanks to those who had a kind word and advice. My kids and I truly appreciate it.

And nothing you posted was actually Linux related, was it??? You're claiming the Mac was compromised 'years deep', on the embedded firmware in the Mac. Which has zero to do with Linux, does it???
And here we are again; you're claiming to be 'ignorant about technology', and are the 'victim' of the 'nutjobs'....yet despite your technical ignorance, you somehow figured out how to read the packet activity logs for WiFi and bluetooth, know what apsd packets are, and are easily able to download several versions of Linux, use burning programs to get them on USB sticks, and even perform the installation to external disk??? Interesting.
Amazing that through the snark about the "accusations, cynicism and plain meanspiritedness", you don't provide any proof/evidence, or refute anything. Is there a reason for that?? Any of the 'bluetooth jargon' you claim to have seen? Even SOME of the words?? Any of the logs?? Anything???

Amazingly, it seems that the 'nutjob stalker/hacker' doesn't keep you from using your Mac, since you're posting here with it. If you're so afraid for you and your kids, wouldn't it be far safer to NOT use it???

Again; hope you get the help you obviously need.

You take your iMac and leave your husband.

Then you sell the iMac and use the money to buy a new device.

If you need the help of someone technically experienced, then look for free community resources such as LUGs.

2 members found this post helpful.

^ agreed.

You're welcome (again ).

I must take objection to these statements.
First of all, it doesn't take all that much wizardry; it could be as easy as installing a suitable app. It gives a bad name to actual tech wizards. And the victims aren't always IT illiterates.

This is very sad indeed and I feel bad for all victims of cyber stalking. I'm glad to say that in many countries legislation is catchin up to this - in my country a perpetrator could face serious fines, maybe even prison.

If an ex husband cannot deal with their spouse needing space than that is all the more reason to separate, kids or not.

I cannot agree more with this sentiment, ondoho, and not making light of anything to do with a serious stalking issue.

However, in this instance, it seems likely that it's following down the same path as the MANY other "I've been hacked" threads we've seen here in the past two years.

1 members found this post helpful.

If you can use a guide from ifixit then you can remove the airport card, which does both wifi and bluetooth I think,then you will know for sure that they are off.
The software controls for turning these off may be overridden by the command line or some other settings.

Or the imac is just old and failing which is causing errors.

A datacenter I worked at we replaced servers that got hacked. Why take the chance something is hidden.

Just get a cheap Chrombook for your browsing needs and scrap the hacked mac.

Won't help; the OP said in their first post (bolded for emphasis only):

• "One thing the Mac Store people proved--it's not my iMAC that's the source of the hack. I am being hacked through my network." So it would seem like the computer wouldn't make a difference.
• The OP then goes on to say: "They suspect there's something embedded with special privileges but because this is YEARS deep -- they would have to keep my Mac for up to a week and take it apart.". Back to it's the iMac, not the network. But the Apple store said they had 'proof' it was the network; amazingly, the OP can't provide that proof.

And they claim to be "IGNORANT about technology" on one hand...yet able to do network diagnostics, see network packets being transmitted, do EFI installations on a Mac to external hard drives on the other. Just seeming to fit the pattern to the numerous other threads in the same vein.

How did you put the disro onto the usb?

I read through this and if I understand the OP, they believe their spouse, who is a cop, hacked their PC, if so here is a suggestion. But it is Country Dependent.

Assuming the OP lives in the US, instead of calling the Police Station where the spouse works, call another Police Station. By that I mean if the spouse works for the local community, call the State Police.

A friend when through something similar a very long time ago. There were lots of drug dealers in the neighborhood where he was raising his kids, making no effort to hide their activities. He called the City Police almost weekly for months. No action.

He then called the State Police and they arrested all the dealers within 1 month, area cleaned up and the dealers never came back. Doing that should help the OP through this issue.

Hi, can you share more details about it, what is the error you are facing.