Input on best way to secure my computing?

[Joebrown]

Hi everyone,

This is my first thread here. Wasn't sure where to post it...but I figured this was about right. Please let me know if I should have done otherwise.

Me and my wife have been getting badly hacked for some time. Suffice it to say that it's personal against us, not because we have done anything wrong, but rather because of taking a stand to do what is right.

Anyway...I have been learning and hardening up our computing but I just got hacked badly yet again a couple of days ago. Hackers changed my Google nickname, deleted hundreds of emails, and otherwise by commandeering my smartphone.

Here is what I am doing this time on some of our computing and what I would appreciate input on.

Two smartphones. The one has a phone and data plan. The other has none (I destroyed the SIM card on it a while back.

I am installing what I need on the smartphone (the one with the plan)through direct APK download and installation (to avoid entering Google credentials on what may still be a compromised phone). I factory data reset it.

The dumb phone (the one without any plan) will connect to the internet through the smartphones hotspot capabilities and will be using a VPN.

The smartphone will only be used to provide internet to the dumb phone.

The way I figure it, the hackers will only be able to hack and do whatever to my smartphone. Which is the only phone reachable over the internet connection.

The dumb phone cannot be reached directly through it's local IP address.

Is that correct?

Any suggestions or input would be greatly appreciated.

 

[Genux]

If your software is compromised, no hardware is safe. I don't understand all this hacked business, because I avoid hackers. You see those Ads about getting free coins for games and stuff. Don't click on them.

 

[kylprq]

you should completely wipe your phones and router and use vpn for computer use comodo firewall with cs settings(cruelsister) close all remote pc things and i think you can use non google roms like cyanogen or lineage because you can have much more control over your phone with app ops you can define all apps rights you have to change all relevant user names and passwords use strenght passwords 16-24 digits lower upper symbols characters

 

[RoboMan]

The hacking takes place only on your phones?

Follow this steps, in this order:

1. Enable two factor authentication on ALL your accounts (mail, social media)
2. Re-install phone's firmware (factory reset may not delete present malware)
3. Change all passwords, including accounts and phone (use long password, no existing words, symbols, numbers, and letters)
4. Install LastPass to store all your passwords and share none between accounts
5. Install an antivirus on the phone (Sophos is great and free, ESET is great and paid)
6. If you spot any strange app you didn't install or any strange behaviour, install "No Root Firewall" and deny internet access to ANY app you don't recognise

If you have a PC, make sure to format it and install a good antivirus/default-deny solution on a clean install.

 

[Freki123]

I would try to get a linux live cd burned from a friend. (If you can't trust your pc changing passwords on them is a waste of time.)
Completely format all your pc. Boot from the live cd and only then change all your password and enable two factor authorization. Then do the other stuff Roboman mentioned.

Never use any handy apk outside the google store if you are not 100% that they are legit.
There was a nice guide what to do with lots of steps for such case i think from ForgottenSeer 58943 but i can't find it atm :/

 

[shmu26]

I agree with the poster who said to set up 2-factor authentication on your google account. If someone is hacking your devices, he needs a way in, and that is probably your google account, since it has been compromised.
You will need to give Google a cellphone number to do that. So just make sure that the number you give is not compromised. You can choose to receive calls, rather than texts, to get the log-in code from Google. If you use a call, rather than a text, you will know who got that call.

 

[shmu26]

Well, I have been in your place too. Hackers attacked my system as well, fortunately I learned a lesson and followed few things to keep hackers away.

1. Set up two-step verification
2. Schedule your virus scans
3. Only install software from trusted sources
4. Be wary of Google Chrome extensions
5. Know how to spot a phishing scam

Good advice.
There are a lot of malicious Chrome extensions, and people don't know. Sometimes, even Google doesn't know.