May be attacked by zero days

I will repeat this again

If he was gov even illegal rogue gov, it makes ZERO sense as to why he would not be able to bypass a FIDO passkey on a Google account (the passkey was the final and only thing to stop his access with his then Zero Day session stealer)

I am fairly certain FIDO passkeys are meaningless on Google when it comes to a gov, especially US gov, still accessing the accounts.

Therefore, I am certain he is not gov — at least not of any western gov which would have such privileges to abuse.

I don’t know why people keep jumping to the conclusion this guy is some gov agent, at first I thought maybe too when it started happening but after he failed to bypass the FIDO passkey I calmed down and realized this wasn’t some crazy crooked gov plot against me at all and was just a very experienced and skilled criminal Black Hat hacker who has done this before as I am not his 1st ever target

I have not read through all these. Seems to me that OP is more knowledgeable than myself about the technical part of this.

Some webpages which might be interesting to you.

Neal Rauhauser has one posting of a scammer who appears to be from overseas, but is local. They just use Overseas Servers as part of hiding.

If these guys took money from you. Then, I would guess, they are either not the government. Or if they were the government, they would have taken your money as cover for some other purpose. so what else do you know, or you are that they might be concerned with?

For myself. If the government ever heard of me. I am just obnoxious, I might want say I know something that I really know nothing about. I do not keep weapons. I do not live close to where important people are, or go near them. I do not make threats.

There was once a story of a Journalist, who found a geo-locator on his auto. This was years ago, before the easy to use Apple Pods and such. As a Journalist, he had gone to protests against Atomic Reactors, and the radioactive waste they produce.

On a scale of the government being evil. That is not much evil at all. They did not threaten him. Or harm him. Well, except one way.

He offered to give the device back to the FBI, they just had to say it was theirs. When they did not acknowledge it was theirs. He offered it for Sale on Ebay. Feds accused him of --selling -however they termed it, property of the US government. Then again. Might be the guy who wrote the story made it all up.

Unless your family is super rich like Elon Musk, Bill Gates, and who might refresh your bank accounts with huge sums of money. They are probably gone, as they do not want to be caught by some Cyber Crime division of the government who might be watching your accounts.

You did not say if you gave your complaint to -whoever the government has that investigates this type of Cyber Crime. (FBI, or ----)

If you really felt it could be the US government, you could file a FOIA request of any information that pertains to you. I would guess, https://www.eff.org/ could help with that. Of course, that might put you on their suspiciously weird person list. I probably would not file an FOIA.

I would also guess it is possible that those who got into your electronic devices, are not one person, but a team of hackers. They might be back after several months with a new pitch, crafted towards a person already burned.

I do recall a story about how Cell phones, can somehow have, indirectly have their cell services downgraded to earlier Networks, which had less protection against the cell phone having malware installed. Like forcing the 5G to 4G, then 3G, to 2G. Just long enough to install malware.

Only thing I can be sure of, “I am gullible.” just I am too poor for anyone to find it valuable to mess trying to empty my bank accounts. All risk, and no financial benefit to them.

I recall a quote about a Police Detective; He said, he “could be talking to a suspect. and the guy was so good, that he wanted to believe the suspect had done nothing wrong. While at the same moment he had a file in the next room with absolute proof that the guy was a crook. when he finally showed the file to suspect. The suspect would admit he had done it, and start working a new line. Like my grandma needed medical care.”

What I am saying, it is easy, even for those who are not gullible, like me, to be taken in with by a confidence man, scammer. Who would not find Robert Redford in, “The Sting” to be believable?

Wanted to add:

Might OP want to comment on how their experience/knowledge intersects with SIM Swap $17,300 Loss - by Neal Rauhauser

I guess you know of this fellows comments on Security.

https://www.schneier.com/

here is the TLDR cliff notes

• I know who it is
(assuming it is just him and not him plus a team)

• He was at time of the active scam and hack in a major coastal city of France
(I am pretty certain of this due to various facts)

• However, he is US born thus an US citizen

• yes he 1st scammed me for over $100K USD, prior to unleashing a relentless ongoing cyber attack against me
(no I am not rich but I think due to the CoinTracker leak the darknet must have assumed all leak data was accurate when it is actually inaccurate at the time of leak so I have never in my life had $22M USD yet at time of hack that the impression it gave due to a DeFi bug in CoinTracker)

• I repeat for another time:
he is likely NOT government

• Yes, I already filed a iC3 report through their impersonal God knows when they see it web portal

• his “AI” skillset can make him seem like a team, yet there still is a possibility that he is part of a team but he is very capable by himself too and is an “OG” hacker from as far back as the 1990s:
(For example other than his tech knowledge he knows various foreign languages too and he spoke these live in-person on Twitter Spaces and over a real non-VoIP number so like he isn’t using a translator as he is fluent enough to argue with people in these languages:

• English
• Spanish
• French
• Arabic
  possibly a couple more I am unaware of)

No offense but I did the basics and medium type stuff like what you cited here:

Did you know there are SIP exploits to port SIP numbers?
Oh yeah I didn’t know either so just like Neal in his article I thought surely moving the accounts he compromised onto a VoIP would stop it
NOPE
this attacker ported my Google VoIP(s) to a French carrier.

I learned about the existence of SIP port exploits the hard way.

He has SIM and SIP exploits, so this cited source given is useless for me and provides nothing additional as you admit you are giving advice without reading what my Threat Model even is — no offense. But thanks for trying

New user but long time lurker of this forum. I’ve seen a lot of @Lace posts the last few weeks and I had to create an account.
Your stories makes ZERO sense.

In one of your message on this forum, you told that you were going to install hardware firewalls on your network, which would require some minimum knowledge to be able to set them correctly based on your super Snowden CIA based threat model, but you don’t have any capabilities on this matter since you have been asking things for weeks, even for things that are considered basics in UNIX based systems.

Your “attacker”, based on your previous messages, is able to find you with “crawlers”, but you keep doing detailed monologues about your life and how you got completely robbed by a single guy that seems to have all the digital super weapons in the world. Based on the “crawler” fact, he would already know you are here with all the details you told, wouldn’t he?

Robbed of +$100k with a “romance scam”, but still the attacker literally burns millions worth of “zero day” to track and steal things from a single random internet guy while he can get the same thing by multiple other means with no investments at all. It’s funny and all, but you have to stop this madness. You are no one of value and if you were your place would be in the shadows, not on a public forum talking about how you somehow fell in love with some random person online who was able to rip you off of your money.

If you are really into that kind of story telling, you should probably move to Dread, lot of people would love to talk about their fictional stories all day long with you.

I don’t even know why this category exist to be honest, this seems to be only about people thinking they are high targets but are in reality nobodies like everyone else on this forum.

I’ll stop my rant there. That’s sad this forum even allowed this kind of things to exist in the first place.

Sorry I am not doxxing myself from a gaslighter victim blaming me for not compromising what my attacker looks for most = my IRL name

I have left out many details that would have him pick up on this as an alt ID of mine. From the looks of it, I understand it still looks TMI; this is merely the tip of an iceberg I assure.

You either believe it or you don’t, feel free to ignore me. I don’t have time for misogynistic victim blaming. You will hear about it in the news later, how about that?

I don’t believe anything you ever said in this forum. Nothing makes sense in your stories and you have been contradicting yourself on multiple points over the time you posted on the forum.

You got scammed $100k from a romance scam, but your “attacker” don’t have your real name from that? I don’t get it, you’re assuming that you gave him a fake identity, but you still sent him that much money? Sorry but that makes no sense.
You also said that he hacked you and that he add access to different accounts, there’s absolutely no way he doesn’t know your real name. You even said at some point that he add access to your ISP, which like you would guess it, know your identity and location.

Little quote from you:

Seriously, stop. You don’t have the knowledge to lie like that with people that know how things works in the real world. Nobody will burn zero days for you while they could be used against bigger targets, like big corporations, with higher rewards regarding money than hacking contacts on a google account, like seriously, this is getting ridiculous.

You have obviously wasted too much of these brave people’s time. They think you are really under attack when you are not. You are not the first to create these kinds of scenarios to get attention and quick answers to everything. It’s time to stop and get on with your life.

You lack reading comprehension, I can’t take you seriously other than you came here on a new account to troll

He has my real name that’s why I refuse to fall for your bait to out myself here

In fact he has 98% of my PII

Unless you have a problem making yourself clear, your previous post literally said you don’t want your “attacker” to get your real name:

And now, all of a sudden, he does?
Not to mention the fact that you keep dodging the questions I raised in my previous replies, now you’ve exposed your own lie, in just 2 posts.
You seriously need to stop all of this, this is really getting ridiculous.

In any case, I’m afraid that Qubes OS will not be able to help you with any of your situation. No OS will, unfortunately…

I think QubesOS will help a lot

But since Qubes has Python in its codebase it does make me nervous which is why I am still layering up on security, as that is one of my attacker’s strengths is not just UNIX systems but also the Python programming language of which he uses to facilitate his passing of stolen data from his spyware

I have gotten plenty of help btw from wonderful Qubes team members, so I am not nihilistic as your attitude asserts I should be

So, problem solved? Log in and grab your contacts! DONE!

You may well be “under attack”, however since this discussion appears to have absolutely nothing to do with any vulnerabilities of Qubes OS, nor being compromised while using Qubes OS, it is likely to be shelved.

Unfortunately, I have to agree. I don’t think there is much that anyone can help you with on this forum, especially if you cannot communicate your circumstances sufficiently.

For reference, here are some guides to assist you with routing your internet traffic in sys-whonix:

I hope this helps.

Thank you for these sources! I really needed these

Problem btw NOT solved, still need to protect my hardware as I am too poor to replace it this time if found and attacked again

If scrolling up one would see the original question before the troll came and went off topic with misogynistic victim blaming

Apologies for the “thread drift”, and perhaps not helpful to @Lace , but I am wondering: Since he said he is using a hardware VPN should that already be sufficient to hide his IP address, even from home?

Do I understand correctly that an attacker would either need inside access to the VPN logs (which VPS services usually claim not to keep), or else need to hack the hardware VPN to identify his IP address?

A Hardware VPN with (updated) open source firmware installed, would be much more difficult to hack than a PC, if I am not mistaken?

Correct, I am worried he might target the main VPN provider. I trust the main one I will be using which is the hardware based VPN, but it is a small business operation and I am unsure how hardened their servers are and will stand up to an attack by him. He was bold enough to attack the servers of the Credit Union I bank at for an entire week, which is why I am now concerned about the strength of the VPN provider.

Aside from that, I do wonder if there is any way he might send packets to trace my connection to then target my LAN home network to make it leak my IP Address somehow, but I am unclear about this scenario as he would have to still know the IP Address before hand right? Like there is no way even with a poisoned connection upon logging into my Google that he could force a compromise without first knowing the address right???

I was unaware of this, I hope it is true it would give me more peace of mind.

Thank you

BTW FYI I plan on doubling up VPNs, maybe triple. So either a software OS wide VPN + the hardware VPN on my LAN; or a VPN on the browser within a qube, plus a SPN on my OS, and the hardware VPN. I haven’t purchased the SPN yet so I am still deliberating on this as it would be more money taken from the loan I am rebuilding with (on owed funds back).

Sorry but that sounds rather naive.

For one thing, I have made FOIA to the US about my own files (not related to surveillance), and got completely jerked around: We don’t have it, try making a new request at dept. “A”, then when I did a new FOIA request to “A”: we don’t have it, try making a new request to dept. “B”, the US gov. has a lot of depts…

I spoke to a lawyer who told me that as a non-US citizen I do not have any actual rights under FOIA.

Accurate, only US Citizens have Rights to request a FOIA on themselves

Famous overseas activists have gotten around this btw by using a US based NonProfit (fyi) where the NonProfit files on their behalf

IMG_28241179×1802 371 KB

9 days later after I mentioned this on this forum, and nearly a month after using my mom’s ChromeBook infected laptop at Panera in sheer desperation to get an order of a new ISP service to authenticate for acceptance, R.I.P. Panera the only one listening is the adversary … apparently.

FYI, what happened to Panera is EXACTLY what happened to me (everything was hit, my phone my LAN my MacBook EVERYTHING), but at this point I no longer care if everyone finds out for themselves the hard way so to understand that this is not a made up story. It is a very REAL nightmare, everything from SIM to SIP to PBX to DSL to fiber to cable to UNIX to SSH etc — he has those exploits and a bag full of Google Zero Days.