Hacked to Death? (A MacBook Mystery)
I discovered these folders in July, none of which I have access to.
In the SHARED folder, I discovered a filed called WONDERSHARE plist.
The left-side panel also had THUNDERBIRD as an option, though I do not use THUNDERBIRD, or any other kind of external hardware. I also discovered around this time that PARENTAL CONTROLS had been enabled, all of the LOCATION SERVICES had been enabled, and someone was remotely turning on Bluetooth before all of my files, etc., disappeared from the desktop.
These are the other WIFI/ROUTER settings from mid-July.
This is a more recent screen grab, but under DEVICE IMAGES, there were numerous items listed when my desktop was remotely wiped about a week after discovering the hack.
I turned to the router dashboard, which showed 20 devices connected to the network, none of which appeared to belong to me. There are three people in the household and I am the only one who uses Apple products. Further digging revealed that MATTHOME was an alias for both my MacBook (userID: nathancomp) and iPhone (Nathan's iPhone).
These screen grabs, from my iPhone, show 29 devices connected, but offline. Again, neither of my devices appear.
I found my iPhone among the offline devices, despite viewing this information on my very-connected phone. So, I changed the network name from Linksys11599 to ATTwire5150.
I discovered then that both my phone and also my MacBook were represented by the alias MATTHOME, though the MAC addresses are different. The one below is the one that appears in my phone specs.
MATTHOME often appeared under SHARED in Finder, along with another device named DESKTOP-DNAR9LU, which I soon learned is a Cyberlink Media Server.
Moving onto my GMAIL accounts, I found that POP3 and IMAP functions had been enabled. As I changed this one account, it appeared as if people were logged in with me.
The following screen grabs were taken between then and yesterday (Aug. 21, 2019). The locked folders are still there, having only been renamed and relocated. Root User is disabled. I'm using a new router. I've reset both devices, though my information was retained by both. In fact, after using Terminal to try and find any hidden files, the command I used was thereafter disabled. (After my files were swiped, I renamed the MacBook Pro from nathancomp to jamesnathan.)
You can see how the folders in Finder are currently configured in this screen grab showing the message I get when I try to open screen grabs saved to my DESKTOP folder. Saving them to the DOWNLOAD folder, however, leads to a more favorable result.
In this new scheme, I am EVERYONE. Who the others are, I have a clue, but would like to know for sure.
I've gone to the police who, without looking at a thing, decided these are signs of a hard drive failure and mental illness. Needless to say, I disagree. Any suggestions for how to wrest myself from the press of this hacker's thumb? I keep thinking DNAR9LU means DO NOT ATTEMPT to RESUSCITATE-9 LIVES UP. What should I do?