What to do about possible apple based hack.

weikelbob
weikelbob used Ask the Experts™
on
What to do about possible apple based hack - An iPhone 6, an iPhone 7, an iPhone X, an iPad AirLight, and a Macbook Air

These were under the same iCloud password, which has been changed since.

Symptoms:

1. When it started, the owner was using his MacBook Air and all of a sudden he lost control and files started moving around and then deleting themselves as if he was being remotely accessed. When it was done, he went into his contacts and there was only one contact left. He restored his devices, and watched for other symptoms.

2. Messages keep going across the screen on the iPhone X, like foreign languages along with the words "delete a" and ",". When he tries to find these messages they are nowhere to be found.

3. Other messages being sent to the devices and then automatically deleting themselves. Some of these messages involved the people he thinks were involved.

... along with some general strange behavior that we're doing updates and cleanup with to make sure they're not related.

He has an idea who might have done it, they have been contacting him and they are a shady character. They haven't admitted anything. The owner's concerned he's still hacked, and he wants to find out who did it and clean up the situation. He is under a secure, hidden network in a remote location and isn't sure if his network has been compromised. We've updated all the devices to the most current iOS, and took off any shady programs. We ran malwarebytes on everything and didn't find anything. We've also checked all his settings and had him change all his passwords.

How do we:

1. Gather the evidence of who did this.
2. Lock out all his devices so that he is secure.

Thank you so much, the owner is really worried.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Principal Software Engineer
Commented:
The best thing to do is do a full factory reset on each device and then put different strong passwords on each device.  Strong passwords, individual passwords, and not trivial variations such as "passwordphone1", "passwordphone2", "passwordipad".

Then if one is compromised, the others cannot be using the same password.  The owner won't want to do this, of course.

As far as gathering evidence, that is a rewardless task.  Unless you can prove it was done by someone residing in the same state and put a finger on them directly, if you take the evidence to the local police they won't have any interest.  Nor will the state police.  And the FBI is too busy covering up their tracks at this time to deal with crime.
Reinstall the whole thing and restore data from backup.

Author

Commented:
We're still working on this, but I'll go ahead and close it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial