Help! Hacked!

Kacy Member Posts: 2
First Comment Photogenic

My ex has hacked into my WiFi, phones, Roku, security system and all devices, which I confirmed. Even going as far to add himself as an authorized user on my Comcast home account. With that said, I have (from a new non network connected device) changed all passwords, removed the fake name as an authorized user, am in the process of hard resetting devices, etc...

I am not finding multiple networks at my house that have been set up. Can someone advise why he would be running and using different WiFi networks through my home? Also, is there a way to crack the password so I can see what he is doing, as it clearly has to do with me.

Thank you!


Best Answer

  • Marc
    Marc Moderator, Beta Tester Posts: 3,109
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    #2 Answer ✓
    Hi @Kacy, really sorry to hear this.  There are plenty of people on this forum who can dive into the technicals but I wanted to add a few simple things you can do to help keep him out.  
    On any of your online accounts, make sure you have used either Complex passwords and/or (both are better if supported) two factor authentication where the site would require a password and something like a code sent to your phone to allow access. It’s not perfect as he could be able to socially engineer his way in, depending on the customer service policy of the manufacturer, but it helps.  Also, use no password he could guess at like birthdays, social security numbers, pet names or  milestone events.
    Cracking WiFi is tough unless you can guess at his passwords.  If you could figure out the brand of the WiFi router, I guess you could try that brands default password but if he smart enough to figure out your passwords, I doubt he would have left things stock.  
    Lastly, you could try getting a FingBox if you don’t have one already.  Put it on your network and let it block any attempt for a new WiFi device to attach to your network.
    Thats Daphnee, she's a good dog...


  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 91
    Second Anniversary 5 Answers 25 Likes 10 Comments

    So let's give some security basics here first. Use 2FA if the account supports it. Use Authy because it can sync between devices so if you move to a new phone you're not locked out completely.

    Now let's address your questions.

    Why a separate Wi-Fi? There's 2 reasons for this. Firstly, cracking WPA2 keys is really difficult, almost impossible actually. You can crack them but because they're dynamic the best you can get from it is replay attack where you can look as saved encrypted traffic. WPA2 keys won't let you on a network. The second reason is to hide devices. Because NAT exists you won't be able to see what's on the other side of the router (yes that includes even with a Fing). If there's multiple Wi-Fi networks then there's multiple routers (most likely). He could have 200 cameras hidden behind the one router and you'd never know.

    Even if you crack the WiFi password and do a replay attack it's still going to be encrypted traffic so there's no real point to that.

    I second the idea of using a Fingbox to block by default, however make sure you turn off IPv6 in your router first or Fing won't work.

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 250 Awesomes
    Thanks a lot @Marc and @Crowgrandfather - am wondering if any other users can help with some advice too. @SimoneSpinozzi@kltaylor@Pooh@Hronos
    I've not got too much experience personally with this. But definitely I agree with @Marc and suggest immediately changing all your passwords etc. Also the password on your router too. 

    If he were to hack into your network and monitor your traffic he could be:
    - viewing your online behaviour
    - getting your passwords 
    - reading your messages
    If he was intercepting your passwords, you should definitely change them on everything. Online banking, social media accounts, email accounts. Enable two factor authentication wherever possible too. 

    Community Manager at Fing

  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    Contact Comcast and advise them of your life situation without giving much detail.  Tell them that you should be the only person on the account who has access to make changes, etc.  With the ex on the account, they can feasibly contact them to request a reset of the device so that they can access it remotely. 

    That should be your first line of defense that happens ... like, yesterday.  Once you have that, then reset your passwords as others have suggested, ensure that you use a robust password, meaning do not use something that could easily be guessed from someone who knew you on an intimate level.  Two-factor authentication should be your mantra now.

    If your ex persists, then I would encourage you to seek assistance locally, stalking is only the beginning.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    VioletChepilKacy[Deleted User]
  • Kacy
    Kacy Member Posts: 2
    First Comment Photogenic
    edited November 4, 2019 #6

    @Marc @Crowgrandfather @violet @kltaylor Thank you all so very much! I am still learning how to utilize this thread, so my apologies if I didn’t thank you all.

    All of your advice was invaluable and very much appreciated, all of which I will follow.

    As of last night, TMobile confirmed my telephone lines were also hacked and there was an Apple Watch attached to the main line. Additionally, texts were being diverted through the Digits app. Furthermore, there was an “authorized user”, I definitely did not authorize placed in my Xfinity account. To top it off, a block was put on my bank card and when I tried logging in, I would only be redirected, which is now the case with any of my devices.

    I will be purchasing the Fing box, trading out the router for a new one, looking for additional routers in the house and much more.

    is there anyone that would be willing to assist me with some questions I may have, or point me to someone that could?

    Again, thank you all so very very much!!

  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 91
    Second Anniversary 5 Answers 25 Likes 10 Comments

    I wanted to circle back on this real quick. First off I'm terribly sorry this happened to you.

    You should sue your ex for damages. A case recently went through The courts in New York where man was fined roughly $1000 for each day he was spying on his ex wife.

    I would highly recommend contacting a lawyer.

  • Komo
    Komo Member Posts: 30
    10 Comments Name Dropper 5 Likes Photogenic
    edited December 16, 2019 #8

    If he has ever had physical access to any of your devices, I don’t think that changing your passwords would be 100% effective. He could’ve installed kelogging software which would obviously capture all keystrokes. He could’ve done an “Evil Maid” attack Or DMA attack. Having physical access to a device can let the hacker have more control. You might have persistent threats that restart during bootup and don’t go away if you do updates. Your network can be hacked but it sounds like your devices are compromised as well.

    if you aren’t seeing any malware or Trojans during scans, then try to check for rootkits. They have many programs that are free online that you can download. Be careful tho, and make sure to have a disk or usb to boot from just in case you remove files and corrupt your system. You’d need to install a new OS.

  • Komo
    Komo Member Posts: 30
    10 Comments Name Dropper 5 Likes Photogenic

    And that is unfortunate he is doing that to you. It is stalking and a Federal Offense. If you can prove that it’s him, call the police and report him to the IC3 group if you live in the US.

    You could invest in Faraday cases or cages to put your devices in. You can use good practices that are free. Like unplug all your devices especially before bed. This is when a lot of unattended updates go through. You can make iptable rules and change ssh config and network config settings on your system.

    you can also learn how to use IDS or intrusion detection software. I’m sure that once you do a few of these things, he will no longer have access.