Question What do I do now that it's clear I've been owned?

Jun 11, 2019
1
0
0
So six months ago I was browsing a foreign website looking for a rare manuscript on magick when you guessed it...nothing happened. I left without a hitch, or so I thought.

A few months ago I noticed my mid 2012 macbook was underperforming when I ran my recording software. Like any good diligent mac user (sarcasm) I opened activity monitor and noticed that my computer was busy and normal everyday processes were hogging up CPU things that I haven't even used lol like Cloud. I have been a Mac User since 2010 but hadn't really messed with anything other than email, social media, youtube, and while in the past I had always been careful to set up my router and set a firmware password, partition a browsing drive etc. I had grown lazy.
While I never subscribed to the foolish notion Macs can't be hacked, I was still in 2010 where most Mac users didn't need to worry because the backdoors and threats were not so well known nor was the user base as large. Let this be a cautionary tale.
Here I am now with proof that I have been COMPROMISED, I have screen shots and web links where the messy hacker left stray bash hack instructions, vendor names with models and open ports, and a myriad of other documents pertaining to other shells and screenshots of security certificates to websites I've never been to including Swiss banks and the Hong Kong post.
I wiped the drive and apparently my recovery partition that I can't remove because of permissions and user privileges is also COMPROMISED not to mention the correspondence I have had with the hacker. I write a text document and Siri activates for yes, and he has put things on my calendar from back in January and has December 31st at 10:44 marked, so it's safe to assume that's probably the day it happened.
So far he's made no demands other than not to use the computer at night and to endlessly query Google. Thanks for the bot check Tom I get it.
I have no interest in debating whether or not this is a remote attack and since I ceased all correspondence with the hacker and removed my battery and ram right now I have no access to the mac formatted HD that the screenshots are on.
I suspect he gained full access through tricking me into trying gate keepers hands opening a package file disguised as a free plugin or some other means. Tbh I'm not sure, what I am sure of is he can issue commands on the fly like keeping my interfaces turned down then turning them back up, has access to my mic and cameras the proof is like putting something on my calendar that has text from a conversation I had with someone like: "band practice 6pm" etc.
Trust me I would not make this up and while I'm not ace programmer I'm also not ignorant of the devices that people are privy to and while ge hasn't demanded ransom and I'm no high profile target I believe I am the victim of a reverse shell, .ssh attack. I have no proof of the former it's tough to detect especially by a person with my skill, the latter is obvious.
What do you do now, if I'm right it's game over, since I won't wipe the drive and sell it to mitigate my losses and pass it on to some poor unsuspecting fool. I also refuse to allow my machine to engage in spam or worse, what should I do? Log on stay unconnected and save for a new computer? Everything I have read says this something no one can overcome due to the fact that he's had a full six months to add and modify my boot framework etc. Buying a new drive doesn't seem like it would be the answer as I am sure my network has been COMPROMISED and he has the keys to the city in terms of keychains, open ports, etc. Any advice?
One more time this is not made up nor is it a debate, what should I do now is the only advice I'm looking for, because the forums are pretty dismal it's looking like cut your losses. Any brow beating about my laziness and knew better is welcome. :) Take your security seriously folks, you don't need to be a high profile target for someone to take interest in your machine, you've been warned.
It should be noted I had also not gotten any firmware updates and was on El Capitan. Update people UPDATE.
:unsure:
 
Last edited: