My routers have been hijacked by remote and VPN I think?

192.168.0.7/255.255.255.0 [192.168.0.255] this just one of several interface and IP changes on my mothers Galaxy SIV that the VPN that came with phone somehow at some point when was my phone someone set up it has added interfaces
Added interfaces;
14:'wlan0' mtu 1500
THEN A BLANK LINE IN THE EXACT SAME MINUTE ON LOG
Rmoved interfaces:
Fe80::f225:b7ff:fe14:74c8/64
192.168.0.7/255.255.255.0 [192.168.0.255]
BLANK LINE SAME EXACT MINUTE ON TIME LOG OF VPN
Removed interfaces:
13: 'p2p' mtu 1500
fe80::f225:b7ff:fe14:74c8/64
14: 'wlan0' mtu 1500

I know nothing about what this means I do know that when I drive to my parents they have a MTA voice over ip ARRIS router from TWC when I get there if go to try and use VoIP phone it takes several hang ups and back on to get dial tone as if it is being dialed into then there is an AirPort Extreme connected to TWC router which I believe allows it to hacker to connect to my phone all of the messages from my moms phone all of a sudden reload in my notifications on my iPhone does any one know who I can send my ARRIS ROUTER LOGS FROM MY HOUSE MY PARENTS ALONG WITH PC, MACBOOK,IPHONE DIAGNOSTICS I REALLY NEED A IT NETWOTK ENGINEER TO DECIPHER ALL THIS WE SUFFERED MAJOR ID THEFT THAT INVOLVED S.S. CHECKS NEING REROUTED V..A benefit checks ect.. Secret service and Department treasury got involved but did not help fix problem they are still there they know a lot about fraud, ID THEFT WITH MILITARY KNOWLEDGE. ANY HELP WILL BE GREATLY APPRECIATED. TY JAMES W DURNER
James W DurnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
James, what you are asking requires a computer forensic specialist to get an image of all the networked devices in the home.  Also what is required is a network tap to capture all incoming and outgoing traffic for analysis.

By the content of your message I can only assume that you are in the US.  Have your parents signed up with the 5 major credit reporting agencies (Experian, FICO, Equifax, TransUnion, Innovis, PRBC) and are getting monthly reports or have locked their credit reporting status.. This costs about $20 / month and must be renewed every 3 months. You also have to contact all of the credit card companies and lock down the credit cards to then use a call to authorize all credit card transactions. (two factor authentication)

Identity Theft has been around for a long time (pre Internet) and prevention is really the only item as recovery from ID theft is a long and arduous process. The entry point may not even be computer related but via social engineering and dumpster diving to get the required information.

Your parents might have been duped by an email message and given out this information to a counterfeit site or over the phone to someone impersonating a legitimate company. The avenues of ingress are quite considerable.

Router and other logs can be helpful but they can also be incomplete or misleading depending upon the level of the hacker as once they have access they can delete entries or add entries at will.

Suggestions: have a 2nd router behind the ISP's connection and turn off remote access from the WAN to this router, disable the wifi connect button on the router. For WIFI always use WPA2 and never WEP.  If possible use a hidden SSID.  If the bank or someone else calls you and you did not request the call.. then tell them you are busy and then call them back using the listed phone number as Caller ID can be spoofed.. If you get an email about suspicious activity on your account don't open the link from the email and first examine the mail to check that all of the addresses are 'exactly' as to what they say they should be .. i.e. support@paypal.com and not support@paypa1.com.  What you should do is go to the site yourself and once there check the certificate i.e.note the green certificate and the name matches the website where I want to goEV Cert and using httpsissued to is who I desire and issued by a trusted 3rd partynote the additonal infomation
Unfortunately this is ALL before the information was stolen once the information was stolen or otherwise acquired it is a long and arduous process to recover from it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
James W DurnerAuthor Commented:
How much do you thing the forensic analysis would run because unfortunately I really need to try to figure a way to just start over because no doubt the hacker does erase ISPs info and they without question got to much info so I really need to figure out some kind of port security and network addressing
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.