ID THEFT Victim thinking I’ve been hacked again

I don’t want to go into to much detail, but I am an ID theft victim. I have been diligent in starting over since everything happened beginning of March 2022 (ie new router, modem, phone, even phone #). Now, I am experiencing some similar issues as I initially did in March before I realized I’d been hacked. Again, I’m deliberately refraining from exposing too much info, but I really need help.

So…I have have taken a dive into my macOS logs. Specifically, the Wi-Fi and install logs. Also, I’ve been keeping an eye on my network settings per the system preferences dashboard. Nothing looked out of line until I noticed reference to some network changes per the install log that was generated per a clean wipe and fresh install of the macOS on may 10.

Per the log:

Configd: DHCP en0: publish success
Configd: network changed v4(en0+: DNS+ Proxy SMB
…addl output…
RTADV: en0 DNS experiation timeout Mon May 16 …

There is also reference to the following:

configd: QoS marking policy: XHC20: enable
QoS marking policy: sysctl


  1. Per the above output, am I connected to a proxy server?

  2. If so, why don’t my Network Settings per system Prederence show such?

  3. Is reference to XHC20 in install log referencing potential use of wire shark, etc on my network?

Sorry for Bree city of this post as there is so much more to explain, but suffice it to say I have confirmed my online banking passwords have been changed again. I certainly didn’t change them yesterday so someone else did. As those issues were concerning to me, I thought I should research a little on my end.

One of the things I did was to use terminal and execute nslookup to see what the up Indicated per my Mac was. Naturally, one of the ways my passwords could have been intercepted is per browser redirects.

Suffice it to say, I confirmed the output I received was not for discover. I had an exhaustive discussing with them about this so please don’t bash me or question how I know (as occurred on another board where the first response was that a Mac can’t get hacked so I must be making this up). To be honest, I wish I was. I’d certainly be a lot better off.

I’ve been through a lot over the last couple of months. I’ve returned three (3) brand new MacBook pros and a new iPhone 13 pro max that had been analyzed by Apple personnel both in person and via screen share sessions on numerous occasions. I even followed one Apple Senior Techs advice following one screen sharing session to buy all new equipment. I’ve contacted the Authorities on several occasions about things that had occurred as well as closed all of my online checking and savings accounts after they had been drained to a zero balance. And…there is so much more I’ve done. I’m exhausted and need help so please help if you can.

And thanks in advance for any and all feedback.

I’m providing a screenshot of my network settings panel per System Preferences on my MacBook. I have no idea what has happened but I no longer have an internet connection on it (sending this from iPhone).

How did my settings just disappear? I mean there isn’t even reference to a Wi-Fi setting anymore. I’m dumbfounded right now and really can’t believe it.

Sorry to read of your plight. I had an account compromised over a decade ago, when I was naively re-using passwords across multiple sites. Since then, I’ve stepped up my security posture by using a password manager, which generates unique long random highly complex passwords. If you aren’t already doing the same, I suggest doing so immediately. Some password managers will even check your passwords against known lists of compromised passwords. Also enable some form of two factor authentication on critical accounts, especially financial.

Security breaches occur almost every day, not all of which you will receive a timely notification, if at all. You can check if your userid, email, or passwords show up in a list of known compromises.

Dr. Mike Pound from the University of Nottingham did a Computerphile episode and even created a GitHub repo of scripts to check your passwords using the web site API.

For computers/devices that you suspect are/were compromised, your best and only solution is to completely wipe them and reinstall from scratch. Refrain from using suspected compromised devices to change passwords as you do not know if those have a key logger installed and sending the new passwords to a control server. You might also look for possible malicious or rouge APs near your home that might be impersonating your SSID in order to gain man-in-the-middle (MITM) control of your wireless devices.

Although I didn’t get good news when I visited that site, I really appreciate you sharing that link with me. Looks like my iCloud account being compromised is how the MacBooks and iPhone continues to get hacked. To make matters worse (and to explai. A little about what I think happened recently), I logged back into that account. Explains a lot. I will definitely stay away from the account even via web based login.

Looks like about going to have to wipe the drive again and reinstall the os. The network settings have basically just disappeared and I can no longer connect to the internet (despite the Wi-Fi logs and ipconfig suggesting otherwise).

If they had/have access to your iCloud account, you have to assume they have access to all your accounts with credentials stored in iCloud Keychain.

1 Like

@elvisimprsntr advice is pretty sound. In your case I would use another laptop, install some version of Linux to do your banking / financial stuff on ONLY. Use Apple / Google etc for social stuff.

Personally I use a vm for my financial stuff, on specific email accounts, with a 2nd mobile number.

Had a similar expense a few years back, SIM card was skimmed on my phone which gave access to my credit card attached… my iCloud email got flooded with 4K of spam a day to try and hide the large purchases….

First use a friends computer nothing owned by you, Toto name cheap, no ip ……and set up a domain name I paid for one and had it parked, added a email account which I only use for my Apple ID. Once you have that set up go to apple and change your apple is to your new email, make a complex pw, and set up 2FA for your Apple ID and all accounts that have 2FA available. Do not install that email mailbox on any device set up a forwarder so anything emailed on that account is send to another email you have access too. Do not send or use that email for anything other than your Apple ID. If you want to set up a second email for financial institutions then do so.

I after doing so I have not had an issue since.

Pegasus victim?

You could boot into a Tails OS USB drive and get everything squared away, unless your router is compromised. A reset to factory default may or may not fix a compromised router. I’d have a trusted friend download and prepare the Tails OS drive for you. Tails - Get Tails looks like if you have a M1 you are out of luck, buy a cheap laptop or desktop somewhere that is supported. Not sure if you can download and install Tails from a Chromebook, also not sure you could boot the Chromebook from the resulting USB drive.

You are going to have to work with Apple to fix your account and probably change your ID, or get apple out of your life completely and don’t store stuff in the cloud.

Did you change the DNS to Quad9? Normally you would have DNS set to your router or your ISP as that would be what the DHCP on your router hands out.

Going to ask the difficult question… Who has access to your devices? Who has access to your network? If you live with anyone, better check what they are doing. Downloading software from a torrent (you know what I mean) could compromise their machine which could lead to compromising your router, etc.

But more likely somewhere your Apple account could have been breached and since it makes a copy of basically everything, all they would need to do is “add” a new device to your account to take control of your information. Pay someone at an Apple store or other cell phone store enough, and they have access to all kinds of wonderful tools and techniques to steal your stuff, KPRC 2 Investigates: Cellphone store employee caught selling customer information
You’ll find more articles if you look around, it’s big money on both sides of the transaction. And they can become the authoritive device on your account through the use of the cell phone store so that 2fa goes straight to their new (stolen) phone account.

You might try buying a new phone on a pay as you go service, assuming in the USA, Verizon, T Mobile, Straight Talk (Walmart) and go through the online process to ship to your home. Going to be a little harder to get your info from some jerk at a store if you don’t use a store. It’s going to require some form of credit card for payment, which makes life difficult. I would not get another iPhone, get a cheap Android phone that is at least Android 9 or higher. Some decent LG and Motorola available for low prices.

You are also going to have to work with your banks to help protect you, there really should be some kind of prevention that they can do. Maybe switch to a local credit union? Something that is really very close to home so you can go there when you need to do things and don’t use online banking for a few years so your name goes dark.

It is unfortunate that hacking is a part of the internet, however there are some things you can do to help mitigate the issues. But before that is the case, there are some questions we must examine: What kind of security do you have on your network at home? It could be some weak security that is in play that made it possible to be hacked that often. I would suggest that you change all of your passwords especially those that would give you access to your network when you are away from home. The next thing is if you are using WEP or WEP-PSK for your wifi security. If you are using WEP then you need to change that to a more secure method. For example, it is easy to crack a network that is using WEP since it could be compromised by a brute force attack. While its not impossible, it is difficult for an apple device to be hacked. With that being said though, was the devices secured with a strong password or 2fa? If not, then you should setup and use 2fa as well. Also, I know this is a rather mundane question, but do you keep all the devices updated?

The reason I stated the above paragraph is because a couple of weeks ago, my security at home was compromised. I had to change all the passwords, ran updates to be sure, and I enabled and required 2fa on every device that is on my home network. PS I have all of my alexa devices on another network and they cannot see the other networks. I have a wifi network setup just for IoT devices.

Hope this helps a little. Cheers.