How I Got My Mac Back from a Hack Attack

There are two types of citizens that belong to the United States: Americans and Americant’s

Americans are the type of people that do not give-up and solve the problem.

Americant’s are the type of people that attempt a solution but never achieve it.

The Story of How I was Hacked

Okay, so I was a little snobby towards computer hackers because I have a Mac. It’s the cliche when you are sitting beside a friend on a Windows computer and you hear curse words from his or her mouth as McAfee Virus Protection starts running a scan in the background causing Windows to run slower and lag. I sit there with my Mac and pat it mentally…I have a Mac, I think proudly to myself, it can’t get hacked. 

Wrong.

Mac’s can get hacked, because my Mac was hacked, and I just solved a major issue into getting it back to all mine – just the way it should be!

The scary thing about my Mac Hack was that it was not done by malware or a virus so no scanners were picking it up, but I after a period of time, I knew my Mac had been hacked (the hackers in their own way tried to tell me – it was not as fun for them if I did not know I had been hacked, and even they were growing tired).

True story: I did notice that some information was going around that no one should know about but actually thought that psychics, as in telepathic people, were actually hacking my brain before my Mac could be hacked – it’s kinda of funny when I think about it now, but that is how incredulous to the fact that a Mac can be hacked when I had not downloaded anything).

However, here is what you should do if you find yourself in a similar situation:

Step One: Malware Bytes [Helpful]

So between my hackers and guardian angels, I was fairly certain my Mac was hacked. The first thing I did (which if you are reading this article, should be the first thing you do) is install  Malware Bytes which is a free malware scan for Mac that Apple Genius’s recommend. Naturally, I had already had that downloaded and ran a scan. No Malware.

Step Two: Dr. Cleaner [Helpful]

The next thing I did was opened Dr. Cleaner, a verified App Store app to scan my files for any viruses. No viruses.

Step Three: Googling My Issue [Helpful]

I then did some of my own studies using Google to see if I could identify my issue starting with searches such as: How can a Mac be hacked? Within a few days, I was fairly confident that the only way this could be done was by remotely getting inside my computer directly via an application or otherwise. While rare, cases had popped up on the Internet where people had been hacked in such a manner.

At this time, I was proficient with all Mac System Preferences, Activity Monitor, how to access my Library, and dabble in communication with my Mac via Terminal.

Step Four: Put the Computer in Safe Mode [Helpful]

I put the computer in safe mode and noticed that my sound was automatically disabled. Since I was relatively certain I could be heard through my computer, I assumed this would be a clue that perhaps an additional plugin was installed. Also, Google Chrome was not working (my normal browser) so I was limited to Safari. I also created an additional user on my account and tested to see if the issues existed just in my admin account and there. It was relatively certain that the issue was in the user account as well.

Step Five: Immediately Changed my Security Settings [Helpful]

Okay, I will admit, my Security Settings were not what they should have been, and I saw how someone could have gotten into my Mac if they were able to access my Network. I had vaguely remembered clicking on a link in an email that had my name in it. The link directed no where, but later I learned that clicking on links such as those can give someone access to your computers even though nothing was downloaded. I am not sure how that all works, but let’s look at what your Security Settings should look like.

Go to System Preferences –> Sharing and make sure that all of your settings look like this below:

systemrefef

Next, you need to go to System Preferences –> Security and Privacy to ensure that your Firewall is turned on as below.

firewall

After you have enabled Firewall, click on the Firewall Options… tab.

incoming-connections

Here, I was told by Apple to check Automatically allow built-in software to receive incoming connections and Enable Stealth mode. I also denied use to incoming connections from services such as launchd, kdc, and netbiosd (as I had no clue of what they were). These settings allowed me to see who was trying to access my Mac without it happening automatically.

Step Six: Scheduled an Appointment with an Apple Genius at the Apple Store [Not-Helpful unless Prepared to Wipe Out Your Mac]

So, with some prodding, I make an appointment with an Apple Genius at the Apple Store. Afterall, they were the Genius’s, right? When I went in, my Apple Genius ran a series of tests as we discussed newest Microsoft’s virtual reality headset that seemed pretty cool. Naturally, all the tests confirmed that my hardware was perfect, but I was there to have my software replaced – not hardware.

To get my Mac’s software back to it’s original defaults, Mac would have to wipe out my entire computer. I had not performed a back-up of my files before I went into Apple and had not prepared for the fact I would be starting with a fresh Apple computer. I have a lot of documents and applications and the thought of going through a manual install seemed daunting considering the fact that since I did not know how the hackers had gotten into my mac, I did not know if they had been able to infiltrate my Time Machine back-up.

Without knowing how the hackers operated, I had no way to defend against the attack in the future and that bothered me. So I took my Mac and resolved to figure this issue out.

Step Seven: Called Apple Security Specialist’s via Phone [Helpfulness Remains to be Seen]

The first specialist I talked to, I was far ahead of his knowledge base when it pertained to Mac’s so I was escalated to the head of the department by a man named Frank. Frank was a great guy, he really was, but I was also ahead of him when it pertained to knowledge of my issue. Frank had to call me back twice and was at a loss of what the problem could. Frank did take the correct action by having me download Capture Data where I was able to upload a copy of my computer drive for the coders to determine what was going on.

The problem when you know your computer has been hacked because people are telling you indirectly is that you need some form of evidence to show Apple other than the feeling of your computer being hacked so they have some place to start. I had seen files moving and other weird instances to know my hackers had access to my system, but other than that was somewhat at a loss except for one VERY crucial detail. 

When my computer was on sleep mode, a screen sharing icon displayed on the right side of the screen, yet all my security settings were blocked towards screen sharing applications. This confused Frank and myself. The icon looked like this:

screen-shot-2016-12-27-at-14-15-56

When I logged into my computer, the screen sharing icon disappeared. It did this on all user accounts. Frank could not figure this out.

Thus, I will be receiving a call back from Apple on December 31, 2016 from software engineers to see if they can figure it out and will update.

Step Eight: Never Giving Up [Helpful]

I, however, figured out my own issue thanks to the help of one of my favorite applications in the universe that I highly recommend: CleanMyMac.

CLEANMYMAC.png

Under the Extensions panel of Clean my Mac by Google Chrome, I noticed that I had Google Chrome Extensions that were enabled that I disabled. There were also two files that I have since removed that looked suspicious called:

nmmhkkegccagdldgiimedpiccmgmieda and pkedcjkdefgpdelpbcmbmeomcjbeemfm

Hmmm….I moved both files to the Trash obviously, but this is what they looked like. I aso looked at the date that the applications were added. While I believe I was hacked before then, I could not say for sure, but I knew I had not installed the extension for Google Chrome at that time.

virus2virus1

So I put those extensions in the trash.

And what do you know, when I put the computer to sleep, the screen sharing icon was no longer there!

I still have no idea if the hackers can get in other ways, and am interested to see what Apple Engineers come up with and if they are able to figure out what I was able to figure out. I do believe the Apple Engineers are the ones that will be most versed in seeing if a deeper software issue is at bay here with the hackers.

Either way, after my call with Apple Engineers, I feel that wiping out my whole system will give me peace and mind (although I am interested to here what the Engineer’s say). If they can’t find anything on the system, that means I can also use a back up version of Time Machine that will hopefully be better than than starting purely from scratch.

Step Nine: Remember Macs Can Be Hacked [Helpful]

I am posting this blog post to remind Mac users that yes, your Mac can be hacked. Here are some other steps and useful actions I took as well that can help you avoid going through your own Mac Attack!

  1. Change your administrator’s password
  2. Change your network password and make sure it not set to default passwords
  3. Check all your applications and sort by Date added by right clicking and selecting that option so you can observe when the application was installed
  4. Turn Wi-Fi off when you are not using your Internet.
  5. Do not attempt to change password on your Mac that are not *** if you fear your screen is under observation for the obvious reason that your hackers would have your password.
  6. Set-up all of your third party apps to do a third-party verify to your phone – while it may be a headache, you don’t want your hacker impersonating you and if they have access to your system, they can login if your passwords are automatically saved.

Remember, hackers can access your computer to spy on you with a webcam, listen to you, get your files, and a lot of information about you. For some people, this can be very damaging and for everybody this is a major privacy violation. However, the worst thing you can do is freak out because the damage is already done – the hackers have everything – be proactive towards steps to resolve the issue.

For those that use their computer for browsing and do not have a lot of applications, going into the Apple Store and doing an entire reset of your device is the quickest and most assured way of knowing your hackers are out of your system, but the best form of correction is prevention so making sure your Mac has the proper security settings and your Internet network is protected is paramount.

Step Ten: How Did My Mac Get Hacked?

For those of you who are interested with my theory, this is what I think happened: I clicked a link that allowed access to my computer. If that is not the case, the hacker was able to get in through my Windows computer that my stepson was using who had complained about a computer a virus before. I installed McAfee on it, but never thought to make sure that my other computers were protected.

I was relatively certain when I saw a topless picture of myself posted on this very blog on December 7, 2016 that someone was able to access my files. When I went into my security settings, I noticed that my Firewall was not turned on and I also had File Sharing enabled. I quickly updated these preferences and thought I had solved the issue.

I was incorrect, and may be missing more but at least I solved the issue of which Apple to date has not and my screen sharing icon is off and we are one step further!

This is what makes me an American…not an American’t!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s