Re: Home network hack 2017/18

Sides956 · ‎20-06-2018

Hi, it’s a long story so I have posted my questions first. you can read the story if you wish in your own time...! Can only apologise for the grammatical errors that may exist but I’m having to type this out on my iPhone and I I’m tired and just want my life back.

any help will be appreciated , as BT technical support have yet to be able to answer any of my questions.

Question 1. I asked BT can someone access the BT FON private network on my router via the Internet? Or, does someone have to be in range of my router? Question raised by UK police days ago.

Question 2. How is it possible for someone on the BT FON private network to access my home network? BT are unable to answer this.

Question 3. What should be the correct IP address for the default gateway on the HH6, Should it be equal to the IP address of the router itself? (Was amended approx NOV 2017).

Question 4. Should the factory reset correct and remove all entries in the router’s log, because it doesn’t?

Background story, Not sure if I’m allowed to submit the NFIB Crime reference number for the case but if anyone wants to verify the story please contact me directly.

Back in November last year 2017, I noticed strange activity on my MacBook pro this extended to my iPhone but didn’t think much of it. This strange activity , Continued until February 2018 when I noticed, what I thought, was suspicious activities on my home network.

It later transpired that it was a hacker who gained access to my MacBook and iPhone. He continued (gender identified after he spoke to me through my MacBook) managed to access my iCloud account after gaining super user access to Apple’s Keychain, where the majority of my documents were deleted. All except for photocopies of my passport, driving license and all my bank statements.

After contacting my banks, both personal and business, they immediately froze my accounts and continue to be To this day. I later received a call from HM Home Office who interviewed me regarding my passport. The outcome was my passport was cancelled due to the compromise with Apple’s iCloud account et cetera.

This is not the time or place for me to pass on my experience with Apple in this matter, but for BT it has been similar.

Two days ago, 18th of June, Similar attacks started again. Suspicions appointed towards my home hub six, both series a and B. I noticed after doing an arp scan on my network there were intermittent devices entering and leaving my network, some even gained access to the HH6 admin GUI (as seen in the logs). I am Unable to post these logs due to them containing back addresses and also potentially identifying the criminal.

After identifying that the Hacker accessed my account via a malicious script in embedded in a legitimate (TV player app) on App Store, this is now understood by myself that, scripts were injected into my MacBook and iPhones which later (I believe) infected my home hub six.

I noticed two days ago (17 June 2018) after an ARP scan on my Broadcast BT FON (That was confirmed to be off by BT) was Harbouring a Suspicious Gateway. Not soon after the ARP scan had finished , I noticed my screen change and started flickering soon after my Internet connection stopped. Logs confirmed that a forceful reset was activated remotely.

There is more to the story but it’s about six in the morning and I’m tired And going to bed.

Thank you again.

Sides956

gg30340 · ‎20-06-2018

If this is subject to an ongoing criminal investigation this forum may not be the place to seek the answers to your questions. Presumably this could end up in court and you would require somebody, an "expert witness" to speak to those questions and answers in court.

The questions should be put to BT by the Police and BT should be able to give the correct answers to the questions and will be able to back those answers up with credible evidence.

All Police Forces have a communications/data liason officer who should be able to progress this.

Daniel24 · ‎20-06-2018

I'm having a problem with security at the moment. Bt said that apparently some mac addresses from the fon side can show on your router. However someone from the technical department told me its a completely different section of the router. The logs wipe when you factory reset. Have you tried wireshark? That is a good piece of software to monitor your Internet traffic. I won't even comment on apple. They seem to think they are fort knox. I'm sorry to hear your having a rough time with this. I get you must be feeling hopeless. Have you thought about setting up a honeypot. Its something I'm considering. I'm already 2 phones down. A smart TV. And 2 laptops. Because they keep breaking things. If they are getting into your Gui they could be using a collecting keystrokes or packet sniffing.

I can't offer much help but just to say I know how it feels and these people are idiots.

Andy_N · ‎20-06-2018

BT Fon or whatever it's called now, has a limited reach in distance. So a potential hacker would need to be pretty close. Also to use Fon they would need a bt id. Naturally they may have got that from social engineering or other nefarious means.

As for hackers breaking things, frankly this sounds like a local security problem. So you need to make sure your own systems are properly protected. Before changing passwords etc, everything needs to be clear, otherwise a keylogger could pick up the changes.

Sides956 · ‎25-06-2018

Hi

Thanks all for your responses, I have been online/offline intermittently with this on going issue.

I have gone back to the hh6B as the latest router sent to me (HH6A that I purchased from BT ) is acting strange. I am very security conscious but it seems this one has worn me out, thin edge off the bat, leg side and caught by the slips.

I now use a 3rd party password manager, however what is really annoying is one can’t copy the generated password and paste in to the system admin screen! You have you type it out. Does anyone else have this issue?

Second piece of info I’m after regards the default gateway on the HH6A or B. If I factory reset the hub (which no longer works on the HH6A) the standard gateway is 192.168.1.254 right? But on the advanced tab, under TCP/IP information, the default gateway is something completely different 172.16.xx.xx Is this right?

I’m also trying to track the IPV6 link local address that my iPhone has assigned to itself. It looks out of place, and when I view the external ip addresses in the network system settings there are 4 addresses (that I think I can understand) but additionally there is the link local address. Is this normal? So 5 in total.

I guess what I’m really fishing for is someone who understands this stuff and is willing/able (as I’m extremely grateful for your previous replies) to just walk me through my concerns.

I’m stuck between a rock and a hard place at the moment. The FMiB want me to upload all evidence that I have, but I’m currently unable to, so I have to revert back to calling them and explaining the issue. As I’m sure you can imagine I don’t want to lead them up the wrong path or indeed waste their time or mine.

The Met Police came round last week and suggested I contact an expert. BT are unable to provide me with someone who understands this stuff at a granular level, so I’m wondering if anyone knows a good contact (obviously willing to pay) who could help, if not you?!

Help me Obi-Wan Kenobi, you’re my only hope!

If someone from this forum is amble to help, what is a safe protocol to follow to take this discussion offline?

Thanks again, I really mean it.

Sides

Sides956 · ‎25-06-2018

Quick one, The home hub 6A now comes up on the network scan as a WFA Device. Does anyone know what this is? Thanks