Thank you, please don’t misread the following with any attitude as all I am doing is trying to clarify stuff but I appreciate the help so far
- he stole all my $ prior to his campaign attack upon me
(via Social Engineering in a Romance Scam, not by technical ability as everything was on offline hardware wallets)
… so the whole “go get a burner laptop” or “single use case laptop” is not ideal as I have already gotten a loan from a family member for all new equipment and to rebuild out a home network in two households — of which did not include a “single use case laptop(s)” for my mom and I given that we were already buying 2 brand new laptops to replace our compromised daily drivers.
(with this I have only budgeted for 2 laptops, 1 for my mom, 1 for me of which has QubesOS for our security against this Threat Model — because if our IP Address is ever found again I hope the firewalls and Qubes will mitigate the rest of the attack especially since some of his malware and spyware are persistent within network cards and even Firmware. Also, a clean fresh Linux install on an old Microsoft laptop that wasn’t online at all during the duration of the hack is the only one with an Ethernet port so I will be using that 3rd laptop to administrate the LAN only without it touching the 2 daily driver laptops and without that LAN admin machine touching the internet except MAYBE during updates and testing/troubleshooting if absolutely needing to but I will try to work around this yet I might cave-in for “ease of use” to resort to troubleshooting on the same machine I will admin the LAN with so then it will be briefly online during those times with and without firewalls if I need to troubleshoot the firewall ports during this elaborate setup rebuild)
With that all said,
I am considering your proposal in that:
Maybe I could salvage my mom’s Chromebook as it was not [yet] obliterated like my MacBook and ADT system was [when he knew that I knew with proof of his intrusion], though I am assuming since many of his exploits relied upon Google to the point that he literally installed Google Suite onto my MacBook after breaking in so to use it in escalating privileges somehow — that alone tells me that there is a good chance my mom’s Chromebook is infected just not noticeable unless I install monitoring stuff and/or start poking around and logging activity to find out for certain. He has targeted my mom too btw so to retarget me it seems, as he sent the same spyware to her Android phone that he hit my Android with prior to attacking my MacBook on my home network (this I have indeed confirmed, and have kept as evidence for any who can run more in-depth forensics). However, there is a chance that he never found my mom’s home network as she claims to have not been on her wifi [with her phone] most of the time between June 2023 to present, but there is also a chance he did find her home IP Address especially after finding her phone through my phone being hacked and/or by using simple OSINT to track down her IP Address after stealing all the info off of my phone and/or doing a public records search to find my mom’s full name based upon my public records info; so from there he could find her ISP service and account if any of that was in data breach leaks and/or if he has a backdoor from a Zero Day accessing such client databases like he seems to have had with various US cellular companies)
So I don’t know, my mom’s home network may or may not be infected. I am assuming it is given how skilled he was in all the ongoing attacks deployed upon me at my home network and cellular data accounts too.
Unlike many other previous targets I took notice. He in the past hit an attorney with his spyware and turned her life upside down by leaking her medical condition which made her lose her Bar license. She eventually got her license to practice Law back, but it hurt her for months and unlike me she had no idea wtf had happened and how or why her medical info suddenly was even known to the Legal community. It was via his spyware he unleashed on her and her Law Practice, since he was a client in 2019 of hers to file divorce papers only to then use her phone number against her and deploy spyware and then instead of blackmailing her apparently just wanted to ruin her career so leaked her medical condition which my guess is she was on medical prescribed w33d
Anyway,
maybe just maybe if I actually wanted to leave my house and pay for a sit-in restaurant like Panera Bread, I could take [my mom’s] possibly infected Chromebook and plop it onto public wifi (risking spreading nasty spyware to others btw if it is infected) to then log into my GMail to finish migrating everything off those Google account(s) (which also might risk spreading his malware and spyware too btw)
a.) I am unsure how I feel ethically in knowingly placing others like “public libraries” or “coffee shops” or “Panera” at risk of such an intrusive persistent attacker — but since the FBI call center hotline is brainless enough to tell me to go infect a public library just to submit evidence to iC3 then maybe I should negligently put everyone else at risk sure, JFC, why did I pay half a million in taxes during 2022 on 2021 tax bill for a Nation State full of fools that are seemingly useless in 2023 to do cyber crime cases even when someone like me has evidence to hand over (wtf)
b.) I would really prefer NOT to have to leave my home or my mom’s place to access my Google again safely
(I prefer to use my down time to clean up and migrate off of Google, in that I have a physical health condition that keeps me bed ridden for 5 days out of every month so doing this during that down time from my bed is most ideal for me otherwise doing all this any other time would massively suck my actual productive uptime)
c.) maybe I could toggle it onto a burner phone hotspot (so to stay home lol), but this is not ideal given my limited budget plus the threat model includes him finding that cell number and SIM swapping or SIM jacking my number(s) which would drain more $ each instance; not to mention the slow speed of doing any of this on LTE cellular data in my home area (omg please no, it is so slow I might as well be on a multi-TOR-proxy-chain)
Regardless,
here are the other points:
• he can NOT be legally backed any western gov, because if he was then slapping a FIDO passkey onto my Google Accounts when initially detecting the breach would have never stopped him yet it did; it was literally the ONLY thing that stopped him since he had used the then Zero Day to steal my Session permanently which didn’t kick him out even when all log-in-sessions were killed, all devices’ access revoked, and the password and backup codes was all changed btw yet he still remained logged-in (and yes that Zero Day has since been patched by Google). Literally the only thing that successfully ended his intrusion was turning on MFA with a FIDO passkey.
• he also can’t be a literal insider at Google, at least not with significant enough level of access, because again if he had that insider access to its full capacity then again a FIDO passkey would have never initially stopped him (yet it was the ONLY thing to stop him)
I am certain most western govs as well as many corporate levels of Google employees are able to bypass the passkey, just as Twitter/X had once demonstrated that they had a “God Mode” that overrode account passkeys when people with Twitter accounts got taken over despite having a passkey such as YubiKey on their account — the Twitter “God Mode” made all such security efforts moot.
Thus,
I am most certain that even with his spyware blackmail extortion campaigns likely having certain types of corporate and government people in his pocket there is still not enough access to bypass passkeys it appears as of from October 2023 to December 22nd 2023
(December, the last time I was able to access all my main online accounts, since he remotely did a kill switch to brick my then one and only computer the MacBook Pro … the issue is all my passkeys were at that time all on a USB C stick so are unfortunately useless while I remain stuck on a mobile phone until I rebuild and can once again use my FIDO passkey to re-login once safe enough to do so — which is one of many reasons why I been setting up Qubes)
With that said,
here are other points:
• I saw on the ETH blockchain he is apparently sitting on multi-millions, likely all stolen or at least scammed through ill gotten gains
• These were listed on his X profile bio as his specialties, outside of his hosting service offering and AI business chat bot website promotion:
ARIN/APNIC/AFRINIC
• he is also skilled in Python, OpenBSD, Unix servers, Linux servers (for sure Apache), Shell (SSH), JavaScript, Web Hooks using said JavaScript of which he is specifically using the merchant Stripe “web hooks” to automate his theft from bank accounts btw (as he tried to drain the business checking account I opened yet it was already at $0 which left him noticeably upset lol I have that reaction of his voice recorded as evidence too it was a bit hilarious hearing his disappointment in learning there was $0), Google and Amazon APIs maybe other APIs too I don’t know (prior to realizing he was out to ruin me, he tried to get me to hand over a Google API key claiming he needed it for map integration — thankfully I never did that out of sheer terror of the auto-billing I heard so many stories about)
• he also claimed he knew how to do “Signal Intelligence” (I asked if this came from involvement in gov and he denied any gov connections btw, though maybe this was a lie as well); yet he mentioned the French international-recruitment military group The Legion or whatever tf it is called yet went on to again claim he had never joined it (but I have no idea other than why would he even bring up such a spooky para-military gov backed group full of misfits running away needing new identities issued by the French gov then, odd he would even mention their name let alone bring it up in conversation as I never even knew this military group existed prior to him telling me their official name which I queried for more info on search engines and asked ChatGPT of course)
• he claimed all HTTPS traffic is now easily broken, I didn’t really believe him then nor when he was hacking me I still didn’t believe HTTPS in transit could be broken; but then I started looking into it while dealing with all this hacking bs, and found in various research publishings that it can be done specifically either by like you said leveraging vulnerabilities on the servers and/or by altering certificates somehow either server or client-side (all without any fancy Quantum Computing breaking the actual encryption). Some of the yet to be patched ongoing vulnerabilities especially on RAM and chip sets make an elaborate chain of executing exploit privilege escalation possible on nearly all servers worldwide, so there is that too now. Not to mention the vastly reaching GPU vulnerability in the wild unpatched (though likely the GPU exploit is not ideal as an attack vector given the tiny amounts of leakage that exploit yields). So maybe that is why he boasted about HTTPS being completely broken easily according to how he defines as “easy”, I still am not sure how he claimed and is bypassing HTTPS/SSL data in transit.
• Maybe you are right, and he has other methods making HTTPS appear broken but it is not. The reason I say this is since my MacBook was the only machine I had after he robbed me, I found out eventually that he was unable to spy and even intercept my Brave Browser incognito TOR connections (unlike my clearnet Opera, Brave, Firefox, and Safari connections). I knew this for sure eventually because he then attacked my system to specifically corrupt the TOR file used by Brave. The Brave team on Twitter/X were perplexed in how that even happened (but at the time I hadn’t gone public about the hack, so they didn’t know it was due to a hack yet). Despite the Brave team on Twitter being perplexed in not being able to reproduce the corrupted file they still helped me restore the file that enabled TOR to work in my Brave browser (as restoring the browser by uninstalling and reinstalling didn’t even work, as it didn’t repair that TOR file — it had to be manually repaired by going into the directory every time). Once I restored TOR within Brave my attacker then kept corrupting that TOR file Brave relied upon, again and again; while I kept restoring TOR on Brave again and again LMAO. As it was my then only safe way to get a backup on Mega dot io website of the evidence as well as contact key supportive contacts to hand off copies of the evidence to them and was my only way of communicating still especially retaining my access to my Twitter account communications
(which I slapped a passkey on to Twitter as well at the time preemptively the same day he took over my Google accounts which could have reset my Twitter but I beat him to it)
• in hindsight the reason I think he was originally physically positioned in [redacted] France is because there is a huge internet backbone there, so since he was targeting others not just me in deploying pervasive persistent spyware, such as French pop stars, International journalists (especially from Israel) and US journalists, and even US Senators in office and those running for US offices for the Senate & House this election cycle — he somehow has a way to monitor the traffic (especially email type traffic) to sniff out anything he wants as a flag such as “viewing” packets in transit associated to my name as a target. While he has exploits for Google to compromise their email and all that, he doesn’t have exploits for all email providers because he was frustrated and called me “clever” for moving my critical accounts over to my RiseUp of which he apparently cannot access and/or hack for whatever reason unlike Google services and even iCloud services too btw
(I don’t usually go through any French nodes, but if he has been doing that to French internet infrastructure then maybe he has zombie servers he has taken over elsewhere around the globe — and yes he has botnets too btw including an entire annoying account bot farm on Twitter that he spams people with including my account now ever since I went public about his attack on me he pointed his “s3xb0t” Twitter bot farm at my account and has been degrading my algorithm ranking ever since using that bot farm against me
|
(As for the iCloud thing, get this, I set my mom up with a fresh brand new iPhone and used that iPhone to make a new iCloud account; within 3 days — without contacting anyone yet btw or logging into any accounts yet other than iCloud and the cellular carrier payment portal — of doing so he brazenly somehow found and then accessed her iCloud as the log was emailed as an alert to us of a successful log-in at the time we were both asleep (mind you Apple had already patched Pegasus by now and we got these new iPhones AFTER the Pegasus patch). Luckily I put on “advanced data protection”, plus all that was on that iCloud at that time was a backup image of a fresh new phone without any personal data. Needless to say we ended all device log-ins by revoking all, ended all sessions, redid the iCloud passphrase and phone password, factory reset everything, and again reset the phone and reset the iCloud passwords again back to back; have since NOT had another attempt or successful iCloud login occur by any intruder)
My main guess is, since he tried to look for dirt on me (and found nothing lol I am such a dork lol), he does that to most of his targets and therefore if they are in any positions of power and/or access he uses Blackmail to get them to do his bidding (since many people often have at least one thing to hold over them as a bargaining threat imho; but ha I do not and I don’t have any kids ha no one to threaten me with ha). Which was/is maybe how he has backbone internet access to international cables and processing computational power through compromised data centers and how he is able to also monitor AT&T cellular traffic as well in given geographical locations where he has targets being manipulated through Blackmail extortion.
The horrible thing was my contact list on my Google account being stolen, now he has a vast range of various key people in groups across political spectrum from stuffy regular politics to grass root politics and even US military contacts due to the connections I have through my two veteran parents of which my dad works at [redacted - military rocket manufacturing weapon facility] which should be protected given what goes on there
(because some of the phones he SIM jacked from me should have never been found other than I was too lazy to leave the geolocation of my house, yet only cellular companies and gov should have that access as I used a prepaid card to load prepaid minutes and registered it under a bogus name and address so I figured I didn’t have to leave my actual geolocation oh but apparently I should have left fml I am a homebody these days I don’t want to leave)
Now,
regarding my scheme to get back onto the internet in full capacity and log into my Google accounts again too …
I do NOT care if the exit node of a VPN or TOR knows that it is I logging into Google
(I don’t care if Google and the US gov know either, ffs my main Google is my IRL name as my email anyway LMAO)
What I care about is:
-
the entry node need not know my REAL IP address and/or need not see I am logging into Google services (thereby also not having my account log-in info); as I cannot risk having my new network found by my attacker so he can then re-target me ruthlessly again
-
the exit node need not be able to intercept and/or alter my log-in credentials, thereby I wish to keep data integrity intact (prevent injection, and man-in-the-middle); but I don’t care if the exit node sees that [my name] is accessing [my] Google account from a VPN and/or TOR so long as they cannot alter the data and so long as they can’t see my real IP Address
(as I don’t care if they or even my attacker knows that I am logging in, so long as I am behind multiple layers of VPNs and TOR nodes so none of them find my real IP Address as that is the worst thing to reveal to my attacker along side any real phone number of mine)
- I need however many layers in transit so this criminal can’t sniff my traffic to and from nodes, as he likely has something set-up to alert him upon my Google account being logged into (despite him not having access to get into it, he is watching my known Gmail accounts through the traffic email protocol somehow seen on clearnet)
(I am just guessing he would do an alert, but I haven’t found out yet if that is the case; the point is I don’t have the resources to keep finding out his capabilities as I can’t risk replacing equipment again as I am now on loaned money with $0 in savings and $0 in income currently due to his scam lies, sabotage, and attack on me)
- I prefer to do this at home on my Qubes in a disposable VM hopefully hardened against all things Google and Google-DNS and spyware related payload mitigation through containers and compartmentalization
(as I have to retrieve at least 1 infected LLC incorporation PDF as it is part of the evidence I should have included but couldn’t when first reporting this to iC3 FBI … but I also need that PDF to make a sanitized copy so to file reports with other places too like the FTC and IRS as he stole and misused the business EIN tax ID along with doing identity theft on me as well which was how he bypassed all the security to get into my USAA insurance account likely thinking I also banked there but I do not … and he went on to target the servers of my Credit Union though was thankfully unsuccessful as he resorted to a week long brute force attempt that was eventually shut down by the banking IT department)
- do I really have to take my butt to a coffee shop on a dedicated pawned laptop solely for moving my data off Google accounts he is watching but no longer has access to (last I knew as of December 22nd 2023 he still remained locked out due to me placing a passkey on it); I really can’t safely do all this from home at all even using Whonix on Qubes? Really???
I am at a loss at how this was accomplished unless he has spyware on the AT&T peering-stations or something