Spectator

Frequent Security Messages At A Complete Loss!

[ Edited ]

Hello,

 

I'm posting here because I'm at a loss on what to do anymore.  I've had frequent interrupts in my service claiming that I have some form of malicious software operating from behind my router.  Basically that something behind my router is doing something malicious perhaps phishing schemes or otherwise.

 

Some information about the Internet devices in this home.  I own a PS4/PS3, an iPhone and Android phone(s), Mac mini and a MacBook Pro.  The only Windows machine in my home is running in a virtual machine.

 

I've called security a few times about this and they haven't been helpful in diagnosing my issue.  Time Warner does not monitor my traffic and so they can't really give me any information.  The last time I called I talked to a gentleman about it and he was trying to help me but ultimately I didn't get anything out of it.

 

I ran several virus scanning software for OS X on both machines as well as anti-virus on the Windows virtual machine.  Nothing came up whatsoever, like I expected...  I don't use Windows often at all, but it's really the only point of entry I can imagine being an issue.

 

I have used LittleSnitch to monitor every single packet request from my main machine and verified that all traffic was safe and non malicious verifying every IP and domain and ensuring that there wasn't some malicious DNS redirects as well.

 

Ultimately I ended up reformatting my entire main computer's drive (MacBook Pro) to try and remove any possible infection on the machine as anti-virus software wasn't picking anything up (the Mac mini is hardly ever in use).  Just earlier today I got another message about security this time forcing me to call Time Warner.

 

I don't use the standard issued DNS settings on my Mac and instead opt to use Google's DNS settings, so the automatic DNS redirects to keep me off the Internet that Time Warner does didn't get to me until someone else in the house informed me of the problem.

 

We called up Time Warner and tried to get to the bottom of the situation, again I was told that there was some device that has a problem etc etc.  She said it might not be one of my computers but instead someone else using the wireless.  The issue with that is that I have used multiple secure passwords coupled with the fact that I live in the middle of no where where no one would bother to touch my WiFi, it would also mean they would need to be in the house to even connect because of how weak the signal is.

 

I asked the woman on the line about how these claims were made and she informed me they come from a separate deparment essentially that handles all reports made to TWC customers for these issues.  She made an example of phishing emails and that a user would send a report and that they "had their ways" to verify that the claim was true without needing to even monitor my network.

 

The problem is, I'm fully aware of someone who knows many security holes and social engineering techniques to mess with people and has done some pretty terrible things like fake 911 calls to send police to my house and to universities with things as little as break ins to bomb threats all to harass people.  This person has used zero day exploits on a server I owned in the past, and I know he's capable of a lot of really malicious things, both in social engineering and whatnot.  I'm mainly concerned about the validity of these reports made to Time Warner that are allegedly "verified" in a way that doesn't involve monitoring my network to verify these claims.  If this person is making fake reports to try and quarentine my line and keep me off the Internet I would like to know about it.

 

No other information was given to me about the security issue, I don't know what kind of attacks they are, when they happened, or any relevant information that would help me pinpoint the problem so that I could deal with it myself.

 

So, I'm at a loss...  I've tried everything I can to fix this problem and yet it keeps happening.  I thought that after wiping my drive without any sign of problems that it was fixed but yet I'm still getting my service interrupted.  Eventually it's going to get to the point where I might face charges or quarantined from the network in order to fix the "problem".  However, if I'm not given any information on the actual reports I can't really do anything.

 

Even if this was a virus or some malware infected on a computer unknown to virus scanners, or even some security hole in my router (which I have also reflashed from Belkin) I have no way to monitor my connection and Time Warner doesn't do it either.

 

If anyone has any suggestions on what I can do, it would be greatly appreciated.  As I stated, I'm at a complete loss.  I would like to know if these claims made to my account can be faked in any way considering that Time Warner doesn't even need to verify it against my traffic.  Someone could easily get my IP address, but the thing is I don't know what sort of thing goes into these reports, who is actually sending them, and what information is sent.

 

The woman on the phone was getting annoyed with me which I tried to appologize over because she felt like I was insulting her position by trying to ask her if she was sure, but I'm just worried about this whole thing and I have no other options.

 

Thank you for any advice or assistance you may have to offer me.

4 REPLIES
Trusted Helper

Re: Frequent Security Messages At A Complete Loss!

[ Edited ]

LeonBlade wrote:

Hello,

 

I'm posting here because I'm at a loss on what to do anymore.  I've had frequent interrupts in my service claiming that I have some form of malicious software operating from behind my router.  Basically that something behind my router is doing something malicious perhaps phishing schemes or otherwise.

 

Some information about the Internet devices in this home.  I own a PS4/PS3, an iPhone and Android phone(s), Mac mini and a MacBook Pro.  The only Windows machine in my home is running in a virtual machine.

 

I've called security a few times about this and they haven't been helpful in diagnosing my issue.  Time Warner does not monitor my traffic and so they can't really give me any information.  The last time I called I talked to a gentleman about it and he was trying to help me but ultimately I didn't get anything out of it.

 

I ran several virus scanning software for OS X on both machines as well as anti-virus on the Windows virtual machine.  Nothing came up whatsoever, like I expected...  I don't use Windows often at all, but it's really the only point of entry I can imagine being an issue.

 

I have used LittleSnitch to monitor every single packet request from my main machine and verified that all traffic was safe and non malicious verifying every IP and domain and ensuring that there wasn't some malicious DNS redirects as well.

 

Ultimately I ended up reformatting my entire main computer's drive (MacBook Pro) to try and remove any possible infection on the machine as anti-virus software wasn't picking anything up (the Mac mini is hardly ever in use).  Just earlier today I got another message about security this time forcing me to call Time Warner.

 

I don't use the standard issued DNS settings on my Mac and instead opt to use Google's DNS settings, so the automatic DNS redirects to keep me off the Internet that Time Warner does didn't get to me until someone else in the house informed me of the problem.

 

We called up Time Warner and tried to get to the bottom of the situation, again I was told that there was some device that has a problem etc etc.  She said it might not be one of my computers but instead someone else using the wireless.  The issue with that is that I have used multiple secure passwords coupled with the fact that I live in the middle of no where where no one would bother to touch my WiFi, it would also mean they would need to be in the house to even connect because of how weak the signal is.

 

I asked the woman on the line about how these claims were made and she informed me they come from a separate deparment essentially that handles all reports made to TWC customers for these issues.  She made an example of phishing emails and that a user would send a report and that they "had their ways" to verify that the claim was true without needing to even monitor my network.

 

The problem is, I'm fully aware of someone who knows many security holes and social engineering techniques to mess with people and has done some pretty terrible things like fake 911 calls to send police to my house and to universities with things as little as break ins to bomb threats all to harass people.  This person has used zero day exploits on a server I owned in the past, and I know he's capable of a lot of really malicious things, both in social engineering and whatnot.  I'm mainly concerned about the validity of these reports made to Time Warner that are allegedly "verified" in a way that doesn't involve monitoring my network to verify these claims.  If this person is making fake reports to try and quarentine my line and keep me off the Internet I would like to know about it.

 

No other information was given to me about the security issue, I don't know what kind of attacks they are, when they happened, or any relevant information that would help me pinpoint the problem so that I could deal with it myself.

 

So, I'm at a loss...  I've tried everything I can to fix this problem and yet it keeps happening.  I thought that after wiping my drive without any sign of problems that it was fixed but yet I'm still getting my service interrupted.  Eventually it's going to get to the point where I might face charges or quarantined from the network in order to fix the "problem".  However, if I'm not given any information on the actual reports I can't really do anything.

 

Even if this was a virus or some malware infected on a computer unknown to virus scanners, or even some security hole in my router (which I have also reflashed from Belkin) I have no way to monitor my connection and Time Warner doesn't do it either.

 

If anyone has any suggestions on what I can do, it would be greatly appreciated.  As I stated, I'm at a complete loss.  I would like to know if these claims made to my account can be faked in any way considering that Time Warner doesn't even need to verify it against my traffic.  Someone could easily get my IP address, but the thing is I don't know what sort of thing goes into these reports, who is actually sending them, and what information is sent.

 

The woman on the phone was getting annoyed with me which I tried to appologize over because she felt like I was insulting her position by trying to ask her if she was sure, but I'm just worried about this whole thing and I have no other options.

 

Thank you for any advice or assistance you may have to offer me.


Greetings!

 

It sounds like you have strong computer experience.  It also sounds like this issue needs to go above and beyond TWC.  I am going to suggest you register at techguy.org and post in their virus and malware security removal forum.  They are really knowledgeable with issues:

 

https://forums.techguy.org/

 

Jack

 

PS. Copy and paste this story at their forum.

 

Established Sharer

Re: Frequent Security Messages At A Complete Loss!

 

You need to send your message to Security@rr.com.  THEY are the people who deal with these kind of issues, and they're the only ones who can help.

 

 

Spectator

Re: Frequent Security Messages At A Complete Loss!

Thank you for your suggestions so far, the problem is with Security is that I called Security.  I am going to contact them again, but I wanted to know if anyone here had any information that might be relevant they could share.

Contributor

Re: Frequent Security Messages At A Complete Loss!

[ Edited ]

Perhaps I missed it in that long narative, but no where did I see you post a quote of the error message you are getting. 

 

Satch's suggestion of asking over on techguy.org is a good one.  Another site that has great expertise in security and malware removal is www.bleepingcomputer.com.  I used to 'work' there as part of the Malware Response Team.