What to do about possible apple based hack.

What to do about possible apple based hack - An iPhone 6, an iPhone 7, an iPhone X, an iPad AirLight, and a Macbook Air

These were under the same iCloud password, which has been changed since.

Symptoms:

1. When it started, the owner was using his MacBook Air and all of a sudden he lost control and files started moving around and then deleting themselves as if he was being remotely accessed. When it was done, he went into his contacts and there was only one contact left. He restored his devices, and watched for other symptoms.

2. Messages keep going across the screen on the iPhone X, like foreign languages along with the words "delete a" and ",". When he tries to find these messages they are nowhere to be found.

3. Other messages being sent to the devices and then automatically deleting themselves. Some of these messages involved the people he thinks were involved.

... along with some general strange behavior that we're doing updates and cleanup with to make sure they're not related.

He has an idea who might have done it, they have been contacting him and they are a shady character. They haven't admitted anything. The owner's concerned he's still hacked, and he wants to find out who did it and clean up the situation. He is under a secure, hidden network in a remote location and isn't sure if his network has been compromised. We've updated all the devices to the most current iOS, and took off any shady programs. We ran malwarebytes on everything and didn't find anything. We've also checked all his settings and had him change all his passwords.

How do we:

1. Gather the evidence of who did this.
2. Lock out all his devices so that he is secure.

Thank you so much, the owner is really worried.
LVL 7
weikelbobAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dr. KlahnPrincipal Software EngineerCommented:
The best thing to do is do a full factory reset on each device and then put different strong passwords on each device.  Strong passwords, individual passwords, and not trivial variations such as "passwordphone1", "passwordphone2", "passwordipad".

Then if one is compromised, the others cannot be using the same password.  The owner won't want to do this, of course.

As far as gathering evidence, that is a rewardless task.  Unless you can prove it was done by someone residing in the same state and put a finger on them directly, if you take the evidence to the local police they won't have any interest.  Nor will the state police.  And the FBI is too busy covering up their tracks at this time to deal with crime.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
serialbandCommented:
Reinstall the whole thing and restore data from backup.
0
weikelbobAuthor Commented:
We're still working on this, but I'll go ahead and close it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Ethical Hacking

From novice to tech pro — start learning today.