Hackers are ruining my life

I don't know anything about hacking. But hackers are taking over my life. I got a brand new computer and I'm already getting weird urls, Firefox is already hijacked to us.search.yahoo.com. Google always has me as an admin, and there's "v2", "v3" in my urls with lots of "?s" and "true?" or "false"=identifier + UTF" and it goes on for days and days even if I'm just going to the freakin google homepage. I don't know if that's normal or not. I'm going to try to be as brief as possible and say the weirdest things that have happened.

It all started when I locked myself out of my iPhone. I had 2FA/activation lock. When I got back in a couple weeks later, everything recognized my device as new. Every forum, gmail messages etc., "Eve, we see you got a new device!" Since then I have literally gone through 4 smartphones that all got hacked, almost always that day. One of them was hacked before I got home from the store; I got an email saying that my password had been changed and 2-step verification was set up. This happened in a different city and state than where I usually live. I also noticed I was no longer locked into T-Mobile's network, I could choose AT&T as well even though I was supposed to be "network locked". One time I wondered if the salespeople were messing with me since they sold my phone with the wrong size SIM card, but I was just being paranoid, I'm sure. "Sim-skimming-" is a phrase that appears a lot whenever I google something that's happened. Another phone, when I took it out of the brand new box (Alcatel ideal go-phone) greyed out and stuck on the hotspot checkmark during setup and then I was locked out and needed to put in the "sim puk code". Never even used it.

I don't think the iPhone is what started it; I think it's when I became aware of it. I had an issue last year where I tried to log in to my computer with only one user account on it and it said "too many users active, please try again later". I got reinstalled with windows and "wiped," though the backup profiles were still there, and a few weeks later it just stopped typing.

I noticed a lot of terms including the word "python" yesterday during my AV scan, but my AV says I'm clean, even though all day browsers have been warning me about phony certificates. Obviously I decline when this happens. I'm often rerouted to the dnsrsearch page for time Warner.

I'm not important, I have no money, I'm not a spy - but it seems like this just won't stop. I don't make new phones with the same email or even name. There should be no link between these phones and that's what has my head completely messed up. It's not like I was standing in the same spot and so it's the wifi router. Yesterday I downloaded Shazam from the newest android, and I got an email on my old iPhone about "just one more step" to finish setting it up to an email I know had been hacked previously that's not ever been entered on my new phone. It's still there because I have a lot to download from google photos before I delete it. I always had it off when setting up anything new though. That iPhone Apple confirmed also, was jailbroken, not by me.

They haven't stolen money, but they did change my username and password for my bank. I can't even get my credit report because some information is not consistent; I can't even prove I'm me! They hacked my LastPass account and changed the password recovery hint to something tongue in cheek. Yet my bank I could tell thinks I'm crazy because she said that she can see all changes were made from the same iPhone. No, they weren't.

One more thing - I had a portable hotspot from my ISP. I was on my computer connected to it using the wifi name and password that I made up. All of a sudden, I was still "connected" to the internet, but nothing would work, because the IP address was changed to 0.0.0.0. On the hotspot, name of the network changed from what I had named my wifi to the MAC address of my computer, and the ip changed to all 0's. One other interesting thing is that originally it was connected to an IP address that begins with 192 when in the info packet for the hotspot it says it should be 172.

I don't know if I'm supposed to exclude names of companies, but one thing that disturbs me also is that both of my parents' cell phones, when I use an app like "real caller," say they are Sprint but we are all supposed to be AT&T. It is when I pulled up into the vicinity of that house when the phone got hacked and t-mobile could now use at&T, by the way.

Are there any non-evil hackers that might give me a glimpse into what could be happening to me? One thing I know because passwords have been changed this way are that there are multiple copies of at least a couple of my phone numbers that I've gotten, including non-iphones, and one day that I got one that started with let's say 555, I got missed calls from 555-every variable you can think of. Along with attempted automatic downloads from many different numbers sending multimedia messages.

My ride shares wouldn't work at one point; I'm in the states and it had me located in Mali and explained that it didn't send Uber to Mali. It's gotten ridiculous. Help!

Comments

  • UkkoUkko Posts: 2,990 Superuser

    Hello,

     

    Sorry for my reply.

     

    I'm not friendly with such things... and I'm not the"this someone" you're looking for; 

    Also maybe there will be proper response from F-Secure staff  or from good experienced users... under community;

     

    But your story sounds a llittle be strange; And before some of my suggestions - I able to think about next points:

     

    -- both things (software and hardware) can be with vulnerabilities;

    you have to update software to latest good security build -> for be sure that there missing "exploiting known troublepoints";

    and already after this 'setting' (or before and after) -> re-check all potential available security options, tweaks and improvements. It can be with different levels of 'protection' as result; Privacy-settings also can be with certain ticks;

     

    -- good to have trusted (at least, for you) security software solutions under system. Mainly as double-check. Since - it not totally helpful or powerful against full meanings of threats.... I able to think about it as about double-check (where "double" is 'additional' meanings);

    F-Secure's solutions have multi-layers design in their main security software; If you not a F-Secure customer - there possible to use it as 'trial'-time: https://www.f-secure.com/en/web/home_global/safe

    It can be helpful with some situations as perform full scan system by this (if you are already F-Secure customer - there available many third-party on-demand scanners and potential online scanners by other security companies; Some of such tools able to detect something which is unknown for F-Secure);

     

    -- there can be many potential tricks, rogue and scam tries. where will be unexpected results;

    this is not only about devices(which can be there just as 'channel'); generally can be helpful to use many different tips about careful using;

     

    -- so... usually there can be words and advices like:

     


    F-Secure website wrote:

    In such circumstances, the recommended course of action is to report the crime to the relevant authorities


     

     or even more - any of local 'security' valid companies - who able to perform this kind of investigation.




    But what about my suggestions for some points of your words;

    Generally - there required more research-steps about each of this things; At least, by more searching it with Google (when it reasonable to do)...

     

    I got a brand new computer and I'm already getting weird urls, Firefox is already hijacked to us.search.yahoo.com.

     

    This is not always 'trigger' for suspicious view. Since many PC/laptops can be with pre-installed application by manufacturer-company;

    Of course, if you do not mean that: "when you try to open Yahoo Search domain it redirected to any fake websites or certain harmful pages"; And if there "freshly" installed Firefox;

     

    With other meanings - it can be pre-builded URLs, search engines under pre-installed Firefox browser; Like custom view of browser from manufacturer; OR just as local Firefox advice to use yahoo-search;

     

    Google always has me as an admin, and there's "v2", "v3" in my urls with lots of "?s" and "true?" or "false"=identifier + UTF" and it goes on for days and days even if I'm just going to the freakin google homepage

    Not clear what there means by "an admin" - but if you do not "logout" from some Google services (and if browser saving browser's cache, cookies, passwords and other browsing-data) - it quite possible that session will be still there;

     

    What about "v2", "v3", and certain strange specific 'parameters' under URL -> it can be also potentially 'normal view' - since it based on version of their technologies 'in use' (like "protocol" of communication; or something else); Where another parameters can be based on options like "language of page", "timestamps", "tracking"-items and other. It can be as protection against "exploiting" Google services. But also it can be used by Google or their "partners" for getting "statistics", "tracking"-information and other... which can be used as "improving" their services and your experience. Or just for some strange Google's reasons. It should be explained under their terms (there maybe -> https://www.google.com/policies/ ) - I not friendly with Google services - so not sure about certain points;

     

    When I got back in a couple weeks later, everything recognized my device as new. Every forum, gmail messages etc., "Eve, we see you got a new device!"

    Later you noted that you did not make fresh phones with previous mail/name; So.. there maybe also possible another tweaks for being marked as "fresh device" (?!);

    But it also possible (not sure about couple weeks) that Google will trigger such notifications after some time (of not using device for certain account);

    Also generally... Google should provide link to "your security information" (where you able to re-check last logins/devices); Also - if there 'one' Google account;

     

    Since then I have literally gone through 4 smartphones that all got hacked, almost always that day. One of them was hacked before I got home from the store; I got an email saying that my password had been changed and 2-step verification was set up. 

    Sounds strange  - if you mean that there is "freshly" bought smartphone and it 'hacked' on-the-go;

     

    But... except meanings - that some open WiFi networks can be dangerous...

    Words about "password has been changed... and other" can be as "letters" from or for your 'backup' email-address (which usually can be asked with some services);

     I'm sure. "Sim-skimming-" is a phrase that appears a lot whenever I google something that's happened.

    If I normal understand it -> with such situation - your own sim-card should not be 'valid' (and work) anymore;

    Even such rogue-scam probably quite common - most likely it should be sorted by proper investigation and by related people; Since there can be different meanings and variants; Or, at least, contacting your operator-company; Or as with another phone -> their support or customer service-center;

     

    last year where I tried to log in to my computer with only one user account on it and it said "too many users active, please try again later". I got reinstalled with windows and "wiped," though the backup profiles were still there, and a few weeks later it just stopped typing.
    I noticed a lot of terms including the word "python" yesterday;

    Even though all day browsers have been warning me about phony certificates. Obviously I decline when this happens. I'm often rerouted to the dnsrsearch page for time Warner.

    Sounds suspicious and there can be many potential suggestions about first part.

     

    And for second part - also there can be useful to know where "python"-word located. Such as - folder.. since it can be part of software, game or something else; But - I not sure if this certain "word" should be visible too much often;

     

    Third part can be based on multiple different meanings. Because - you able to re-check (or even contact) your ISP, router, browser's extensions/addons; There can be some malicious or adware files under system - which able to perform suspicious activities. It will be not always like that - since some of browser able to inform about troubles with certificate based on another points (or even - if there tricks by ISP or direct troubles with Router-settings); Some of Wi-Fi routers should not be with default passwords or 'stock'-firmware; It can be remotely exploited;

    That iPhone Apple confirmed also, was jailbroken, not by me.

    I not really know something about iPhone or iOS - but probably it not quite common 'jailbroke' by malware. More likely - if it performed by someone - who able to have access to device (even - not you);

     

    They hacked my LastPass account and changed the password recovery hint 

    There probably was recent large impact/leak for LastPass:

     

    https://www.google.no/#q=LastPass+leak

    I did not re-check about full meanings there (how critical it can be) - but since LastPass can be with many of your passwords and services (or even device Accounts) - if passwords did not changed by you (if your data leaked by LastPass trouble).... it can be an explanation for other suspicious things; Since credentials can be used by someone else;

     I was still "connected" to the internet, but nothing would work, because the IP address was changed to 0.0.0.0. On the hotspot, name of the network changed from what I had named my wifi to the MAC address of my computer, and the ip changed to all 0's. One other interesting thing is that originally it was connected to an IP address that begins with 192 when in the info packet for the hotspot it says it should be 172.

    Since you 'detect' such certain points - maybe there reasonable to investigate it more about certain 'configuration'. Strange (also) that your ISP support did not provide help there (?!);

     

    that might give me a glimpse into what could be happening to me?

    Except point (which I noted at first of reply) - there can be reasonable to contact Customer Support of your security software company. Since there expected that there "in use" any AV-software under devices (and if not 'in use' - maybe good to try some of them and perform scanning... as first try after re-checking all possible settings/meanings under device own options);  And there expected they should provide protection against such threats (or at least.. some of them - which you noted); Since it not happened - there can be reasonable ask them;

     

    F-Secure Support Channels available by this link: https://www.f-secure.com/en_US/web/home_us/contact-support

     

    Also about strange location -> maybe you able to re-check some online tools (for IP/geo/DNS-settings) - where will be visible what it says. F-Secure have kind of re-check for "Router" as if there 'trusted known" DNS servers 'in use':
    https://campaigns.f-secure.com/router-checker/en_global/

     

    Sorry for my reply.

     

    Maybe you have to re-check points about LastPass-leak and re-change passwords under services;

    Re-check security options which platform/OS/device able to provide.

    And perform some scanning by security software; As 'start'-point;

     

    Thanks!

  • SarahBSarahB Posts: 2

    Hi, thanks for your reply, a bit of a language barrier there but I will go over it more thoroughly. 

     

    Updates: the word "python" was found with a text document for my Dropbox (that I just made). They have actually disabled my anti-virus-i uninstalled it, but apparently there's another version "snoozing" and I can't use even windows defender because it says I have another AV program. It's bad. The police think I'm crazy, it's not possible, and don't take me seriously. I got wireshark and the results were REALLY weird. Connected to many ports like in the 50,000's. 

  • AvunitAvunit Posts: 6

    if i were you, I would assume that every account, every login, every password (including, & very importantly: your home router as well as 'possibly' any or all other routers you normally connect to...are compromised.

     

    Do you use entropic passwords? Its easy to learn

    And are your passwords large (at the absolute very least, at  LEAST 12 characters long?)

    Also, do you reuse, or otherwise recycle passwords? never do this!

     

    bear with me, there's 9000 points to follow:

     

    Good password management should be your first religion, & you should be tied up & tortured if it isnt because it IS NOT hard!

     

    Second religion is update everything, Third religion is stay away from free apps, unless from a company who'se name you recognize.... for example: while Twitterapp has accesss to everything except your underwear drawer... you should be able to count on they dont allow viruses in... this is not a perfect rule, as every company gets owned, sooner or later or even all the time (sorry @sony...)

     

    to illustrate the last point: online porn sites are safer than religious or evangelical, in general.

    why? because porn sites follow the rules i laid out above, & churches still dont!

     

    Fourth religion is install security addons to your browser, & use them... i.e noscript disablewebrtc, privacy badger, httpseverywhere, self-destructing cookies.. adblockplus, ghostery, etc, etc... these are suggestions, but everyone listed here does it's job well, imho for the browser that i prefer (which is the absolute best one, by the way...)

    whatever browser you prefer some of these specifically named add-ons are available to some  browsers & not others...

    here google is your friend. 

    google: "YOUR_BROWSER" security addons.

    please replace YOURBROWSER with the browser that you use, & don't include the parenthesis

     

    And, of course: VPN is ALWAYS your friend... never ever use a free one, unless it's tor or orbot/orfox  and if you do use tor services, expect slower speeds than with a subscription service like the EXCELLENT Freedome provided by F-Secure

     

    since it's hackers you are worried about & not Uncle Sam,  I wouldnt worry about which providers   have been backdoored or compromised already by bob, the new programmer that 'such&such" VPN just hired, who also graduated from Yale....because  he's definitely not CIA

    so just use Freedome by F-Secure

     

     probably should also mention encrypt everything & make sure to keep a list of your new unique, long & entropic passwords, just dont keep them on your devices

     

    also, i use bios password & boot password because it makes me look smarter than i am when i travel to starbucks, and now, with your knowing this, now you can too!

     

    maybe this sounds pedantic, or sophomoric but these things, ALL of them matter for what you should prepare yourself to do next: learn some basic survival & security habits & skills & then make them immutable forces in your online/wired habits

    >>>>> and then take all of your wired devices, including IOT devices out into the desert, & pray over them in the full moon. then  dump everything you have unplug everything, forget about every account you have ever used, never log back into any of them EVER again. bleach your hair, grow a moustache, (they wont even think you're a girl!) and then pick a new internet name to use, and make it one that is dissimiliar to anything you've used before [i created an twitter example for you, below]*

     

     

     

    I've been a target of such focused & constant attacks, but it was DHS [Lead partner: FBI]and LulzSecurityCa that owned me for 6 months, but that was back in the glory days when people still remembered Jeremy...& someone offering to give you a nice a bubble~bath with a nice box of zinfandel wine meant they were probably going to narc on you  & you were def going to get you swatted, soon, because you are also a pr*ck

     

    anyways....  to consider.... if you want a new start, you need a new start, and some things you need to do on a network or phone that you dont regularly use, best if not even in address book.

     

    take phone to cell provider & pay the charges to have them factory reset your phone, change your number & install new sim card, & ecnrypt, if possible.

    contact your isp & ask them to cancel internet for at least a full sunrise & sunset

    before this, you research go and find a router with tomato firmware, or some similar product  that, according to your needs and have it ready to install when the internet comes back

     

    throw away the phone your isp encrypted & ask for a new one with a new sim card, & a new number to memorize and then do the following

     

    you basically take a deep breath & start all over, holding seances over your new devices before connecting them, and then once you do >>>never ever tread anywhere you have ever been before. also if you talk often to mom and dad, buy them burner phones (as cheap as $13.99 us  at most Family Dollar stores)

    also if you are dating, make the guy pay for both burner phones (yours & his),

    and remember: if he cares he won't argue

    but whatever you do do everything securely & correctly, & forever...

     

    because everything matters

     

    it always does

     

    i hope this halped

     

    :)

     

     

    @[email protected]_thisSexxyGurl!

This discussion has been closed.