Question

Retired Military Policeman that’s at my whits end.

  • 10 September 2019
  • 4 replies
  • 343 views

Badge +3
Hello everyone, I’m not sure where to post this question so forgive me if I am in the wrong place; but I need some help. I’m a medically retired Military Police Officer that’s trying to just take things as easy as I possibly can from here on out but I’ve got a problem.
For over a year now I have been dealing with some strange issues involving my electronics such as my cell phone, computer, router, and anything that is connected to the internet. Now I know that there’s some people out there that claim that they are being hacked and in reality they have a virus, Trojan, or malware. I’m not saying that isn’t my case either. But I’ve got a little more going on that I need to get some clarification on.
I’ll try and make this straight to the point as I can. It seems to have started with getting locked out of my hotmail account over a year ago. I didn’t really think much about it because I hadn’t checked my email regularly for a while and when I got the message my password wasn’t correct I went ahead and reset it. But then the next time I went to login I got the same message. That’s the last time things were normal.
After finally getting back into my email (hotmail) account, I decided to make sure I wrote down my password and put it in my wallet. I thought maybe someone was trying to access my email and they were just locking me out after too many failed login attempts. But the next time I tried logging in I got a more serious message and I had to verify my identity before getting access to my account.
Well needless to say I kept getting locked out time and again. So much so that I took my fiancé’s advice and opened a Gmail account to remedy my problem. For a week or two this seemed to work so I pretty much forgot about the hotmail account problems. Then I started getting the same problem with the Gmail account. Except this time I couldn’t get into my account without additional verification and for some reason the account didn’t have my phone number saved and I distinctly remember saving it. So I tried calling Google to get access because I was about to start some online classes. I never could get through so I had to create another new Gmail account. This time I immediately filled out everything and made sure it was saved and turned on 2 way authentication and included my fiancé and dad as my backup verification methods.
Things returned to normal afterwards and I again didn’t pay much attention till a couple months later when I got a new computer. I bought a HP workstation that was on sale from Amazon and came with Microsoft Office which I needed for school. After setting it up for the first time, I noticed that it was a little bit different than my previous computer but only because it was saying my network was a Workgroup instead of a Homegroup. I didn’t think much about it though at the time. I installed Norton 360 and purchased the VPN protection after a friend advised me to be cautious. The next day I started up my computer and noticed it took almost 10 minutes to load after it was updating drivers. Once it finally finished I logged in and immediately didn’t see the Norton or the VPN anywhere. I reinstalled both after and started my homework assignment. But once I was ready to save my work. I kept getting denied permission to save it. I just received a message to notify my system administrator if I needed to be authorized to save my work in a file. Now this is when I started getting concerned. I checked my profile and it said I was the administrator. But I couldn’t save a file to anywhere on my computer. So I saved it to a usb flash drive for the time being.
I asked my fiancé if she was able to save anything from her login account and she logged in immediately and saved a test message. So I had her log off and rebooted the computer. Again I had to wait for drivers to update another 5-10 minutes and after I still wasn’t able to save anything. I reverified my account was administrator and started trying to look up what was the problem. I didn’t even notice that the VPN and Norton were not activating again. When I did notice, I couldn’t get Norton to start up and the VPN kept giving me an error message halfway through installing it again. Needless to say I never got them back on the computer after that day.
Fast forward a month and things were only getting worse any time I logged on to the computer. I’d have to wait 5-10 minutes for PCIE and Graphics drivers to update along with NT. After I finally got on I logged in to my Gmail account and noticed that the layout was different and that I didn’t seem to have as many folders and I didn’t see any of my messages that had been previously opened. The only way I could find them was to do a search for it and hope I got lucky. You see, it just kind of started snowballing. And what was worse, it was only happening to me and not a single issue with my fiancé. The computer never needed it’s drivers updated when she logged in and she was able to save anything with just the basic profile permissions.
Because of all the strange stuff that kept coming up I tried taking pictures or screenshots if something looked out of place. Then my iPhone memory filled up and started showing the system apps were taking up 13-14 GB of storage on my phone. My photos all were somehow corrupted and couldn’t be opened. My router was the next problem I had. Not only was all the other issues happening to me; I then couldn’t login to the router to verify any settings. I was particularly curious about why I couldn’t seem to use the internet on my phone or download anything anymore because my service was so slow. Yet as usual my fiancé never saw any of these problems. I finally decided to replace the router and upgrade to a more secure and faster model. I checked with some friends that usually game on their network and made sure that QoS had my phone as priority but this didn’t help anything. Then by accident I was on my Amazon Prime Account shopping and accidentally clicked on AWS at the bottom of the screen. I found out that my Prime account now also had AWS attached to it without my knowledge. I verified it wasn’t a mistake after calling Amazon and was assured that they would remove the access. So I started trying to find out more information on what AWS was but for some reason I couldn’t find any search results for AWS at all. Zero! That’s when I noticed a bunch of extra stuff inside the browser that I had never noticed till then. Normally after I had typed in my search I would get some results from whatever I was looking for and it would look like what+is+AWS?= and then a result. But now after the ? I had a bunch of what I later found out was code that seemed to go on forever. After copying and pasting enough searches I learned about Open Source and started finding GitHub and StackExchange in my phone and computers browsing history. My fiancé said that she had no clue what or how it got there.
Ok now we are almost done. Just recently I decided to check back into my hotmail account that I was locked out of before this all started. And guess what I got right in with the password I had been trying to use and was denied. What I saw was that someone had been using my account and now it wasn’t just a hotmail account. It’s a MSN Account that’s got access to something called Azure and apparently I’m a developer. So I checked my other Gmail account and it let me login fine too. But it’s now got something called Firebase and Cloud attached to it. It’s also listed as a developer account for me. I contacted both MSN and Google and was told that they would be closed within the week but I have kept checking on them and they still haven’t been deactivated, nor was AWS removed from my Amazon account.
At first I thought I had gotten a virus or something that was just gaining permission escalation but now after finding the additional services to my accounts I am leaning towards I’ve been hacked. The strangest thing is that it’s starting to all point towards my ex fiancé. By this I mean there’s a lot of stuff that’s really too coincidental to overlook. During all of this she had been trying to mess around on me and whenever I would question about her whereabouts all of a sudden my stuff wouldn’t work so I’d deal with that. I also found out that she rooted her last phone and her tablet. Only thing is that I don’t believe she could be doing this alone. I mean because she actually was arrested for Dow and ended up serving 2 weeks rather than paying her fine. And during that time I went and bought a new computer after the last one kept crashing it’s hard drive. I also replaced the router and modem and had them setup by Best Buy in my home so I couldn’t make a mistake and leave an open port or something. I even got a new cell phone and created a new email account so that if somehow this was happening and related to my accounts then it wouldn’t be connected. But here it is. My brand new Asus RT AC3100 router can’t keep the security software on it that it came with nor the VPN that also was included. It also keeps changing it’s settings from what I select. I have it set for no UPnP, no remote, no FTP or Saamba. I looked yesterday and found out that somehow it registered itself at 4 o’clock in the morning and set up a ddns Account through Asus. I’m really at my wits end with everything. Just as soon as I think I’ve found something that will explain how someone basically has Parental Controls over all my stuff, something different happens and I have to see what is going on with it. Last question I have is; yesterday I noticed my iPhone had made reference to “mdm” as in mobile device management and said that it was actively running in the background. Could that happen where I had it installed on my devices and didn’t realize it was on there? Seriously any advice besides going off the grid would be appreciated.

4 replies

Userlevel 7
Badge +55
Hello @Tooleman75

Welcome to the Webroot Community,

Sorry for the delayed response. I read your post this morning and your story is heart wrenching and it's a shame that something like this is causing you such turmoil.

You have gone through a lot with having all these issues. I would talk to my ISP and tell them your situation and hopefully they can check some things out for you.

Maybe have a look at these sites HERE and HERE

I wish I could help you out more as all I can really do is tell you to Submit a Support Ticketand see what the Support Team has to say. This is a free service with your Webroot subscription. Input your post in the ticket so that you do not have to rehash this all over again.

Best of luck James T. Please keep us posted if you get a chance. It would be nice to know if you received any resolutions to your issues.

@TripleHelix & @ProTruckDriver & @Baldrick can you assist here?

Hope this helps?
Sherry
Badge +3
Thanks for the response. I contacted my ISP earlier last week about this after I had contacted both Geek Squad and my local computer shop and both had advised me that this was “above their pay grade”. After an hour and a half and speaking to 3 different individuals from Spectrum I was told by the first individual “oh yes sir, I show that our security team was attempting to contact you in reference to the issues I was having”. The next person who I expected to be from their internet security team said “that there wasn’t anything in their files showing that I was having any problems with my internet and that there’s nothing really they could do even if so”. I then asked if I could get my IP address changed and was told that since I didn’t have a business account that I couldn’t. I asked also what was going on with the security team trying to get a hold of me and was told that they didn’t have a internet security team and they didn’t know what I was talking about. So guess I’m back to square one.
I’ve even talked with my local police about this and if there’s anything that they could do? I pretty much was told that without any monetary theft that they couldn’t do anything and that their cyber security team was a few guys that they hired from Geek Squad. 🤦‍♂️
My only other option is to see if I can call in a favor from an old buddy in the FBI, but the closest field office is an hour and a half away in St. Louis.
I honestly am considering going to Hire a hacker and paying a complete stranger to see what they can find out. I’m just that far into this that I’m willing to pay whatever it takes to get this done. Do you have a better solution???
Userlevel 7
Badge +55
James.

I do not have any solutions to this issue. I understand your situation and I am not able to provide any added advise ... wish I knew more about hacking..this is out of my expertise. I truly hope you get this all sorted..such bad people out there. 😥
Badge +3
So I think I’ve finally got an idea what is going on here. Now I just have to figure out how it happened and how to stop it.
I’ll try and explain as much as I can and please; if anyone has anything that I’m missing or that I’ve gotten wrong. Please let me know.
So lately (last 30 days) since I bought my new computer, modem, and router; I’ve still had the same issue with seeing settings changed on my devices. Doesn’t matter what I bought for security, who had set it up, or what passwords or security was enabled. I kept overlooking a big clue. I’ll explain...
A few months back I kept seeing IPv6 addresses showing up for my devices on my home network analyzer app. I am in a fairly small town in Missouri. I already double checked and we’re nowhere near having that setup yet. But for some reason all my devices were showing up with both IPv4 and IPv6 addresses.
I had tried asking about this but pretty much got told it wasn’t anything, so I guess I did. Only thing that I didn’t understand was something I’d never heard of till just a couple hours ago. 6to4, it explains some of the stuff that I couldn’t figure how someone could be getting to me directly no matter what security I had up. I had seen a few instances where I had read IPv6 connected through tunnel broker, but usually by then I was paying attention to some new problem that had popped up. I mean this explains why my external ip never changes even though I double checked with Spectrum that I didn’t have a static IP assigned. It explains why no matter what firewall settings I had; someone just kept walking right in and disabling everything as soon as they had noticed I was trying something else.
Now here’s where I need the help. How do I figure out how this happened and what can I do to stop it? I mean, I am assuming that there’s more than just one tunnel broker from what I’ve been reading. How could someone set this up and would it make any difference when I kept switching routers because I had either very minimal access to my internet or couldn’t keep from getting forced out of my own network?
What kind of access to my devices or my information would be needed? I also had been reading the logs from my new modem because I was reading my routers log and noticed it saying showing that the modem’s ip login was being bound to another ip address on my network. Anyways I’m guessing that all this means that someone that is or was close to me and had access to my network at one point or another set this up without my knowledge and has been using it to either keep tabs on everything I’ve been doing, where I’ve been going, and such. Because my phone keeps getting my location turned on after I make sure it’s off and my Bluetooth turned on after I know that I turned it off also. I did it initially because my battery keeps running down from a full charge within 2-3 hours of minimal use and even with hardly anything allowed to run in the background. Again sorry for the long post; just excited to finally have a solid lead after all this time.

Reply