Loss of my privacy

[27Astrid]

I believe I am being hacked but I do not have the tech knowledge to know how this person is able to do what he does. This is what
I have experienced:
- I signed onto my Amazon account and found a football game. I was able to exit the game and then found a statement across my screen that
said “I am going to call the police.” I did not order the game.
- after I changed my Apple password it would not work again. I had to change it a second time.
- I turned off my smart Sony TV and instead of going off it was on a different channel.
I purchased a VPN but I suspect it was being turned off because many times when I checked it was off.
Any thoughts on how this person is doing this stuff?

 

[Rick998]

See Neighbor Hack (September 15th) for original thread. None of my questions were answered in the original thread nor does this subsequent thread add any factual info about what changes, if any, OP has made since then with her Xfinity service nor if she has contacted Xfinity support (or anyone else) about her concerns.

I signed onto my Amazon account and found a football game

I'm assuming this means 'a football game on Amazon Prime Video'? Please confirm. On what device? So far you've mentioned an Apple Air (which I assume is a MacBook Air) and a smart Sony TV (which I assume is connected to your home network [by WiFi or wired?] and also usually includes Amazon Prime Video). Please confirm.

Q1. Have you turned your (shared) Xfinity Home Hotspot service OFF?
Q2. Have you changed the password on your (personal) Xfinity WiFi? (This would mean you would have to sign back in with the new password on any WiFi-network-connected devices, e.g. MacBook Air and Sony TV.)
Q3. Have you ever used Invite Users to share your Prime Video Direct account?
Q4. Have you changed your Amazon account password? (See this Amazon support doc.)

 

[27Astrid]

Answer 1. Yes, I have turned my shared Xfinity Home Hotspot service off.

Answer 2. I have changed my password on my personal Xfinity WiFi. It is a 19 character password. I have not changed it
On all devices. This I will do.

Answer 3. I have not used Invite Users to share my Prime Video Direct acccount.

Answer 4. Yes, I have changed my Amazon password.

My web devices are: IPad Air, Lg Smart TV, IPhone 14, Sony Bravia Smart TV, Sonos Sound Bar, Smart Thermostat.

1.5 years ago I filed a complaint with the the FBI Cyber Crime Unit but nothing happened.

I am looking into filing a complaint with local police authorities.

Thanks for taking the time to help.

 

[Rick998]

Sorry, I though it was MacBook Air. It helps if you are specific.

More questions, I'm afraid, whilst trying to build up an accurate picture of your circumstances.

Q5. How are your WiFi-connected devices still connecting to your personal Xfinity WiFi if you have changed the personal Xfinity WiFi password?
Q6. Do all your devices connect to your network using Wifi or do any (TVs?) connect with an ethernet cable plugged into your Xfinity router?
Q7. In your previous thread you mentioned an "outside WiFi hub". Do you use one or more WiFi extenders to extend coverage?
Q8. Are you the sole user of your personal Xfinity WiFi or are there others?

 

[27Astrid]

A5. How are they connecting to WiFi……I am not sure…I did change the password on the WiFi but I don’t remember changing all of my
Device password. I have always felt that he can get into my IPad Air because I have changed a password and the password would not
Work the next day. I have also noticed that at about 3am something is downloading automatically on my desktop GMail icon and my Reddit icon.

A6. There is a wire that goes from the router to a cable box to the LG TV. I have another cable box for the Sony Bravia and a wire that goes
From that cable box into a small round screw into the wall. Both cable boxes are also plugged into their respective TV. Sometimes in the morning when I first turn on the TV I have a message that pops up indicating that my cable box is turned off, do I want to turn it on. I don’t have time to answer caus somehow the cable box is turned on quickly.
My Sonos woofer is just plugged into the wall and my Sonos bar is plugged into the wall with another wire plugged into the TV.
My IPad and IPhone are just WiFi connected with no wires.

A7. I don’t know what a WiFi extender is so I can’t answer that one.

A8. I am the sole user of my personal Xfinity WiFi. No others.

Sometimes I when I turn on the Sony tv I get a message on the tv screen that says an “HDMI device is connected to my tv. On that same tv
I will get a message that indicates that my tv is “not hooked up to the WiFi”. I have thought it was peculiar that the tv was still working well
When not hooked up to the WiFi. ?????

I have had to have my old Dell computer scrapped by the Geek Squad about 4 times. They would always find access software embedded.
They also told me that they believed my personal router (not the current Xfinity router I have now) was compromised. I went through three
Routers.

 

[mmerlinn]

I have had to have my old Dell computer scrapped by the Geek Squad about 4 times.

This does not make any sense at all.

Are you saying that the Geek Squad scrapped (threw it in the trash) your Dell computer and it was replaced (and later scrapped) with another different Dell computer around 4 different times? And every single Dell computer had the same exact issues?

If that is true, it is HIGHLY unlikely that there is anything wrong with any of the Dells.

 

[Rick998]

Thank you for your answers... your setup is becoming clearer now.

A6. There is a wire that goes from the router to a cable box to the LG TV. I have another cable box for the Sony Bravia and a wire that goes
From that cable box into a small round screw into the wall.

The wire between your router and the LG TV's cable box is almost definitely an ethernet network cable. I'm still not clear how the Sony's cable box is connected to your network.

A5. How are they connecting to WiFi……I am not sure…I did change the password on the WiFi but I don’t remember changing all of my
Device password.

When you changed the personal Xfinity WiFi password then ALL your WiFi-connected devices would have lost their WiFi connections to your Xfinity router. They would not have connected again wirelessly until you had entered the new password on each WiFi device. This is what I don't understand... and asked whether some devices were connected using ethernet cable instead. From your description it sounds like at least one of the cable boxes to each TV is connected to the Xfinity router using ethernet cable and the cable boxes use HDMI cables to transfer audio/video to the TV's.

Sometimes in the morning when I first turn on the TV I have a message that pops up indicating that my cable box is turned off, do I want to turn it on. I don’t have time to answer caus somehow the cable box is turned on quickly.

Sometimes I when I turn on the Sony tv I get a message on the tv screen that says an “HDMI device is connected to my tv. On that same tv
I will get a message that indicates that my tv is “not hooked up to the WiFi”. I have thought it was peculiar that the tv was still working well
When not hooked up to the WiFi. ?????

This is absolutely normal. It takes a far shorter time to display a video signal than it does for your smart TVs to power up their various connection ports and work out which are connected and to what, including networks. Next fastest is HDMI... so that will get sorted quickly. Slowest is WiFi... there's a lot of wireless network 'stuff' (technical term) that has to be agreed upon between devices (known as 'handshaking') before WiFi connections are made and settle down into a stable connection. As a result WiFi is almost always the slowest 'signal' for your TV (and other wireless-connected devices) to recognise. The TV would still work because it was getting various signals from the attached cable box which, if connected to your Xfinity router via an ethernet cable, has an 'always on' network connection, unlike WiFi which is always very slow to start.

(Fun fact: In my experience Apple devices are always quicker to connect/re-connect wirelessly compared to other devices like smart TVs, printers, etc.)

I have no knowledge or experience of Sonos equipment but it sounds like your Sonos 'woofer' is a mains-powered Sonos Sub... which has both WiFi and Ethernet network-connection capability. If it only has one cable in use - to the wall - then this suggests the cable is the mains power cable... so the 'woofer' is most likely connecting via WiFi.

Q9. Did the Sonos 'woofer' stop working when you changed the personal Xfinity WiFi password?

Similarly, your Sonos soundbar sounds like it's mains-powered but without knowing a model number I can only guess that the connection between it and the TV is an HDMI input cable for audio.

(HDMI cables usually pass just audio and video. Unfortunately this is where it gets complicated... HDMI has been in use for a long time and modern HDMI can also pass network connections... if your devices and HDMI cables support HDMI Ethernet.)

A7. I don’t know what a WiFi extender is so I can’t answer that one.

Routers are normally placed inside. Sometimes the WiFi signals don't reach as far as people need to the range has to be 'extended'. There are many ways to do this but in your previous thread you mentioned an "outside WiFi hub". This made me suspect you may have the Xfinity router inside but with an "outside WiFi hub", i.e. an 'extender' device to extend the WiFi range.

I have had to have my old Dell computer scrapped by the Geek Squad about 4 times. They would always find access software embedded.
They also told me that they believed my personal router (not the current Xfinity router I have now) was compromised. I went through three
Routers.

Like @mmerlinn, I find this impossible to understand. It sounds like Geek Squad's 'cure' was to just condemn your equipment instead of fixing it and finding out why and how your Dells had become infected. Similarly, I have never heard of a 'compromised' router that couldn't be 'fixed'. I'm not going to dwell on the service you received from Geek Squad... but I would love to have read their written reports on 'cause/resolution'.

Sorry about the length of this. Sometime is takes a while to get a clearer picture. I think the most important things at the moment are:

1. Make sure you have changed your passwords for your personal Xfinity WiFi, Apple ID and Amazon Prime/Prime Video. If you have any doubts, change them again.
2. Post back with any current issues. Please stick with factual observations rather than guesses or feelings.

Hope this helps...

I'm sure there are others watching this thread... so please chime in with observations, particularly anything you think I may have wrong or may have missed. I'm hampered by being in the UK and have no experience of - for example - Xfinity. As a result, some of what I've written are themselves guesses, based on what I've discovered online, e.g. Sonos.

 

[27Astrid]

I wish I could give you a hug.

Sept. 22 I opened the Sonos app on my IPhone and an article popped up. It was entitled “Configure your firewall to work with Sonos”.
I have never searched for that topic.

My Sonos password does not work.

3:00am While looking at my IPad Air desktop I noticed that my GMail and Reddit icons looked like they were experiencing
A download situation. They changed color and had a “clock hand” moving on the icon service. Took screen shot.

Sept 23 I opened my GMail desktop icon and immediately saw a red colored statement indicating that I was logged into my
1:30am My account under my normal gmail credentials.

Part of the puzzle: The suspect told me a couple years ago in a chit chat that he has a device that shows him what is happening
on 6 computers. He said one of them is mine.

Thanks for your efforts.

 

[Rick998]

Sept. 22 I opened the Sonos app on my IPhone and an article popped up. It was entitled “Configure your firewall to work with Sonos”.
I have never searched for that topic.

As I mentioned, I have no experience with Sonos devices... but, from reading online, here's what I suspect may have happened:

1. You opened the Sonos app on your iPhone. It searched for Sonos devices but couldn't find any.
Your Sonos soundbar wouldn't show in the app unless a) it was powered on and; b) it was connected via HDMI Ethernet through your TV to your cable box then to your router. (That's the only possible network route I can think of.)
2. Your Sonos 'woofer' wouldn't show in the app unless the woofer was connected to your WiFi. I believe it probably isn't connected to your WiFi because you changed your personal Xfinity WiFi password, thus disconnecting the woofer from your network.
3. The app assumes you have one or more Sonos devices (why else have the app?) and made a 'best guess' that this could be because of a firewall issue so - trying to be pro-active and helpful - popped up the article automatically.

My Sonos password does not work.

I am assuming you are referring to a Sonos account password? If so, it looks like the process is this:
a) Reset your Sonos account password. (See this Sonos article or Google 'Change or reset your Sonos account password'.)
b) Once you have done that, use the Sonos app to rescan for Sonos devices and connect. (See this Sonos article or Google 'Connect Sonos to a new router or WiFi network'.)

3:00am While looking at my IPad Air desktop I noticed that my GMail and Reddit icons looked like they were experiencing a download situation. They changed color and had a “clock hand” moving on the icon service. Took screen shot.

I am 99.9% sure that this is just those apps downloading updates automatically in the background. The desktop icon goes black then slowly changes back to normal as the clock hand advances, showing the download progress of each automatic update.

You can check this is what's happening on your iPad Air by opening the Settings app and, in the left-hand navigation pane, scroll down and click on App Store. In the right-hand action pane, check the slide-switch setting for App Updates. I suspect that yours is green, i.e. enabled, meaning apps can update themselves automatically. This is absolutely normal.

If you want more control, slide the swith to OFF. Apps will then notify you when updates are available by displaying a red roundel with the number of available updates superimposed in white on the App Store icon... for example:


You will then have to use the App Store app to manually update the apps. (This is the setting I use. Maybe I'm a control freak. )

Sept 23 I opened my GMail desktop icon and immediately saw a red colored statement indicating that I was logged into my account under my normal gmail credentials.

I don't use any GMail app but, after a GMail app update, I would expect either this or a statement that you needed to login, if the update had logged you out. As such, IMO this is normal.

Part of the puzzle: The suspect told me a couple years ago in a chit chat that he has a device that shows him what is happening
on 6 computers. He said one of them is mine.

I can understand your concerns but only a few nation states - not Joe Public - have the capability to spy on home computers UNLESS the following occurs:
a) Physical access to your router and/or devices AND knowledge of your router/device passwords for the purpose of installing a RAT (remote administration tool).
OR
b) Social engingeering is successful in tricking you into compromising your own devices by allowing the installation of a RAT.

Either way, Geek Squad should have been able to tell you the name of any RATs they found that had compromised your Dells.

For example, if Joe Public knows or can guess the IP address of your router (the 'gateway' to your network) AND the user/password combination for the router's web interface (which is different to the router's user/password combination to its WiFi network) then Joe Public can use your router to see what devices are on your personal network and how they connect, e.g. wired or wireless. They cannot guess this information... but if they walk past outside they can probably pick up sufficient information to guess what make of router you are using. For example, the WiFi SSIDs (Service Set Identifiers) of my neighbours' WiFi networks show as:


It doesn't take a rocket scientist to work out that 3 of my neighbours are using Virgin Media routers whilst 2 are using Sky routers, 1 neighbour has a Sony Bravia smart TV - all password-protected... and one neighbour has an unsecured Pod Point EV charger (duh!).

Years ago devices, including routers, came with a default user/password combination printed in the accompanying documentation... which soon became well-known. The IP addresses were also well-known... so it was often very easy crack an insecure WiFi network protocol (like WEP, then WPA) to grab the password then, when on the WiFi network, open the router's web administration interface (a web page actually embedded in the router) and basically take the router over.

These days routers come with unique user/password combinations for both the web administration interface and the WiFi network(s). This information is usualy now found on a card behind or underneath the router. The wireless protocols have also been strengthened immeasurably (now WPA2, unless it's something like an old Kindle) so it's almost impossible (and certainly time-consuming) for Joe Public to crack the WiFi's SSID user/password combination to gain access.

What might possibly have been do-able 6 years ago almost certainly isn't possible today for Joe Public... UNLESS he/she has physical access to the router. This is why I asked you "Q8. Are you the sole user of your personal Xfinity WiFi or are there others?". It was a (hopefully) very gentle way of trying to find out if other people were close to you without intruding on your privacy. The only other way I know of is by social engineering, i.e. by tricking you into installing a RAT. However, whilst RATs are still occasionally found on Windows PCs, I don't know of one for an iOS device, i.e. your iPad Air or iPhone.

So, a recap:
What may have been possible 6 years ago isn't likely to be possible these days by Joe Public, despite what anyone tells you to frighten you:
If no-one has physical access to your devices then your WiFi should be secure IF you change the password for WiFi access on your router.
If you change your user/password combinations for accounts like Amazon/Apple/Sonos then these accounts should also be secure.

The only possible threat I can think of is a 'rogue Xfinity engineer' (see below) and Google shows no hits for this.

If it's any help, although the user/password combinations for my router are unique (and printed on a card stuck under it), I still changed the password for both the router's web administration interface and WiFi SSID. I also disabled the WPS (WiFi Protected Setup) button and stopped remote access by my ISP - the router supplier - to thwart the almost infinitesimally small threat of a rogue ISP engineer... but that's just me.

Hope this helps to put your mind at ease. Post back with any further concerns or questions.

 

[27Astrid]

Hi Rick998,

I took a couple days off from dealing with this situation. I appreciate your detailed explanations of what you believe is happening and it
Has made me rethink some of the issues that I am experiencing and has made me put some limits on solving this situation. I am not 100% sure
That all of my tech experiences are innocent and I am not 100% sure that my suspicions are all correct. I feel that the truth will fall somewhere
In the middle.

More pieces to the puzzle:

- My WiFi network name was changed by adding a number 1 after the end of the name. I also noticed that my WiFi network has been
Removed from the neighborhood WiFi network listing. It is gone.

- Both of my smart tvs are sending me messages that my WiFi is not connected. However, I am able to watch a channel that I normally
Watch. I also saw a message on the tv screen indicating that my WiFi was weak. Two Factor Verification sent me an email stating that
My WiFi network was hidden. Some app icons on my tv screens were removed. I was able to access My Netflix account from my IPad Air but I cannot locate a selection for changing my password.

- On IPhone under the message heading…..I received a text from an unknown phone number. It stated “Please join my session at:”
I opened it and my WiFi name and address was revealed.

Thank you for all your efforts and kindness.

 

[Rick998]

I am not 100% sure that all of my tech experiences are innocent

I have no idea what this means.

- My WiFi network name was changed by adding a number 1 after the end of the name. I also noticed that my WiFi network has been
Removed from the neighborhood WiFi network listing. It is gone.

Q10. How exactly did you notice these two changes?

(Note: You still haven't answered my Q9 about your Sonos woofer from a previous post.)

The WiFi network name (SSID) on your Xfinity router cannot be changed except by someone with access to your router's web administration interface. However, anyone within WiFi range can set up a fake SSID spoofing your own and appending a 1 to the name. (Note: A fake SSID would only be connectable if it was 'open', i.e. unsecured by a password.)

- Both of my smart tvs are sending me messages that my WiFi is not connected. However, I am able to watch a channel that I normally
Watch. I also saw a message on the tv screen indicating that my WiFi was weak. Two Factor Verification sent me an email stating that
My WiFi network was hidden.

I am still not 100% clear how your smart TVs are connected to your Xfinity service. Previously you wrote "A6. There is a wire that goes from the router to a cable box to the LG TV. I have another cable box for the Sony Bravia and a wire that goes from that cable box into a small round screw into the wall." At first I thought the connection route was Xfinity router > ethernet cable > cable box > HDMI cable > LG TV. (The network connection route for the Sony TV is less clear.)

Why would - for example - the LG TV display a message onscreen. that your 'WiFi was weak' if it's connected to your router via ethernet, albeit via the cable box? I am guessing that you mean your Sony TV displayed the 'WiFi was weak' message... is that correct? If so, it suggests your Sony TV uses WiFi to connect, probably via its cable box. What I mean is... it's most likely that it's your cable boxes that are recognising poor connectivity... and the TV's are just being used to display a warning to this effect.

Q11. Surely both your LG and Sony TVs have 'Settings' pages that show details about how they are network-connected?

My problem, as I previously mentioned, is that I have no idea what methods Xfinity engineers use to connect their internet service to devices like their routers and to customers' TVs. For example, my ISP uses fibre to a tiny splitter box just inside my property. This tiny little box splits the signal to two co-ax cables; one to my Virgin Media-provided modem/router and the other to my Virgin Media-provided TV box which my main TV connects to.

Q12. Who provided the 'cable boxes' connected to the TVs. Are they branded?

Q13. What do you mean by "Two Factor Verification sent me an email stating that my WiFi network was hidden"? What do you use for Two Factor Verification? (Why would Two Factor Verification care whether your WiFi network was hidden or not? It's irrelevant.)

Some app icons on my tv screens were removed.

Q14. Were they the same app icons on both TVs? If so, this would suggest that the service that the app icons referred to was withdrawn.

I was able to access my Netflix account from my IPad Air but I cannot locate a selection for changing my password.

You can reset/change your Netflix account via email. From the Netflix Help Center:

• Go to netflix.com/loginhelp.
• Choose Email.
• Enter your email address and tap or click Email Me.
• Look for an email from Netflix about resetting your password. ...
• Tap or click the link in the email to be signed in to Netflix automatically.
• Once signed in, you'll be asked to create a new password.

- On IPhone under the message heading…..I received a text from an unknown phone number. It stated “Please join my session at:”
I opened it and my WiFi name and address was revealed.

First... you should NEVER click on a text from an unknown phone number.

Q15. Second, do you mean the address of your property or the IP address of your WiFi network?

Anyone walking past outside knows your property address. Similarly, anyone walking past outside can see your WiFi network name (SSID) if it's broadcast... and even if it's supposedly hidden from broadcast (albeit with a little work). If your router's SSID is an easily identifiable provider (like my neighbours' SSIDs show which use Sky and which use Virgin Media) then the router's IP address is easily guessable. None of this is rocket science... but the message is to give you the impression someone knows all about your network.

Q16. Previously you mentioned you have a 'Smart Thermostat'. Did this stop displaying when you changed your personal Xfinity Wifi password or did you have to enter the new password?

Sorry for all the questions but I find myself having to clarify a lot of your statements so I don't make a mistake trying to work out what you may be experiencing.

 

[27Astrid]

10. I have been told by my neighbor who assisted me in some tech issues that he was the one who changed the WiFi name
By adding the “1” at the end. He also hid the network. I did notice the change to the password by accessing the Xfinity app on my iPhone.

11. How is my smart tv connected to Xfinity service? I need to do some research on that topic tomorrow. I will tell you then. I will check
The “Settings” on smart tvs for connection.

12. The cable boxes are made by Xfinity (Comcast).

13. I probably have the 2 Factor Verification wrong as a source.

14. No, they were not the same apps that disappeared from both tvs. One tv was missing a Netflix app and the other
A Curiosity Stream app (a streaming service). I added the missing apps back

15. When I opened the text It showed my WiFi admin name and password. It was was an invitation to join my WiFi.

Long day…so tired. Good night.

 

[Rick998]

10. I have been told by my neighbor who assisted me in some tech issues that he was the one who changed the WiFi name
By adding the “1” at the end. He also hid the network. I did notice the change to the password by accessing the Xfinity app on my iPhone.

Your original thread was titled 'Neighbor Hack'. In this thread (titled 'Loss of Privacy') I wrote "If no-one has physical access to your devices then your WiFi should be secure IF you change the password for WiFi access on your router."

Now you write that a neighbor not only has/had access to your Xfinity router but knows the router's user/password combination to its web administration interface (which, in Xfinity speak is apparently referred to as the 'admin tool').

He/she apparently changed the WiFi's SSID and password without your prior knowledge, as you only discovered this later "by accessing the Xfinity app", thinking the changes were evidence of a 'hack'. Is that correct or have I mis-read what you've written?

If it's correct... your router is now compromised.

To recover from this situation, you need to do this:

1. Change the 'admin tool' name/password to a combination that only YOU know.
2. Next, change the WiFi SSID name/password to a combination that only YOU know. (Oh, and DON'T 'hide' the SSID. It's a complete fallacy that this makes your WiFi more secure... it doesn't. If you're interested, read the first section of this article - https://www.howtogeek.com/880883/6-tricks-that-wont-secure-your-wi-fi-and-6-that-will/ ... it's not technical.)
3. Reconnect each WiFi-enabled device using the new SSID name/password combination, starting with your iPad Air and iPhone (as you use these to access the Xfinity app and device interfaces like your Sonos equipment).

You should have a manual for the Xfinity router that explains how to do these 3 steps. Alternatively, I've found this article - How to Access Your Comcast Router Login and Manage Your Home Network - which I think is easy to read and follow. (As a side note, the article was written this month. I was flabbergasted to read that the Xfinity router's web administration interface (or 'admin tool') apparently still uses “admin” for the username and “password” for the password.)

Your 'cable boxes' are apparently 'Xfinity X1 TV' boxes which are wireless-capable so I suspect this is how your Sony TV connects. However, I'm not going to address any of the other issues at this point... there's no point.

Instead, I suggest you take back control of your router before you do anything else.

Hope this helps...