Identifying monitoring across devices?

[chelseafallon]

Hello everyone. I have been long suspicious that my ex (and child’s father, with whom I am in a legal matter with for DV) may have access and is monitoring my devices. I don’t know if it’s one device, or all. My suspicion is he may have access to my texts, internet activity, location, possibly social media messages and activity. My intention is to somehow identify this, leading back to him as the source. He is not an expert in this field, however he is in smart home security sales, is “savvy” enough if you will to have Helium for crypto purposes, IPvanish installed on his PC for gambling (so he claims), is aware enough to spend over $300 for his own mobile security…. So, not completely incapable of such things. He had access to my devices, had access to my passwords over the years, had sufficient time with all of them alone over the years. We had a couple separate networks - I think (forgive me, I am not an expert by ANY means I’m learning as I go here) because we had two separate WiFi accounts to connect to with a password. He had purchased these devices to put around the house to make the WiFi connection stronger, or at least that’s how he explained it to me at the time. We had Sonos speakers, Vivint security system (cameras, thermostat, motion), that I was connected to through the app and Bluetooth. So….probably lots of opportunity for someone to install either physically or remotely, some kind of monitoring on my devices. I’m doing all the reading I can but (obviously) it’s beyond me. I’m looking at activity monitor, log info on my MacBook Pro and iMac, I see some weird things, but I need help so I’m not spinning my wheels for nothing here… my question to you all - can you advise me/guide me, what and how I can possibly confirm this? OR who I might be able to hire, what their title is to do so? I’ve spent hours on the phone with Apple over the year already they seem to have taken it as far as they are able and suggest I hire outside of them (for the record it wasn’t very far, and it was led by me…the novice..) I’ve combed through my sign in data from various sites - some of which state I had sign ins from a Verizon connected device. Which I have none, he does. Nor was I connected to any that I am aware of the day it is showing. My Snapchat account shows I was logged in on a “OnePlus” device - none of which that I have personally. Perhaps I can dig in there to see if it’s traced back to anything related to him - record of his name, location, other networks it’s connected to (I hope I’m making sense here). Clearly eager and desperate to get to the bottom of this if I can. The evidence is really critical for me and my child… so this is not about finding solutions to get rid of it, it’s about having evidence. Thank you very very very much for anything you can offer.

*** last note - my personal Apple ID icon was synced with his phone number months ago. When I went to his name on Find My, at the top of the map it said MY name. Not his.

 

[Bigwaff]

First, verify your account info and contact info, change your password, security questions and remove “known” devices on every single web site you access. Make sure you keep track of all this in password manager or notebook.

Second, speak to your law firm. I imagine the firm can recommend a cyber security expert or service to work with you to identify any unauthorized access and ”clean up” your tech. I recognize this could be expensive.

If you don’t want to spend the money, you have a lot of reading and practical experience, across multiple technology and security domains, to learn before you can effectively use any advice the community can provide.

I recommend working with your legal counsel and security experts for the piece of mind.

 

[hobowankenobi]

For evidence, you will need a very good forensic specialist. I doubt you will find what you need here, or anywhere online. I don't want to dash your hopes, but it may be challenging and quite expensive to find the right person for the job.

----

If it were me (and I work in IT), generally speaking, I would start fresh. My opinion (which you are free to fully ignore) is that outside of a custody fight or division of assets or something...it won't be worth the time and cost to prove something fishy is going on. I would want the piece of mind of knowing that if there was any monitoring, snooping, or spying going on...my first priority would ending it, not proving it.

Again, not trying to talk you out of it, just suggesting that it could be healthier to move on ASAP rather than trying to win this fight.

I would come up with a plan to save your unique user data (photos, documents, etc) preferably to an external device.

Then I would erase and start fresh, with each device. I would give each a unique name, and I would come up with a new user name as my default login.

Next, I would employ a cloud-based password manager. Apple now (as of the last couple OSes) has pretty good password management, but there are some great 3rd party tools too. The free/personal version of BitWarden is quite good. A few quirks to learn but worth checking out. Besides just passwords, you can store identity stuff and simple information there too.

The hardest parts might be cloud services and internet accounts. One-by-one I would either reset them, being sure to either:

• Create a new password and use multi-function authentication when offered.
• Close the account and start a new one.

While erasing devices might seem a bit drastic, it may be cheaper, safer, and more satisfying than paying a "professional" It may feel like overkill, but there are a lot of good things about a fresh start, with tech, and in life generally.

I would also live by the mantra that less is more. Every account, password, and device is considered another area or surface that can be attacked, so it must be defended. One computer and one phone might be a good start. Minimize the number of devices and accounts as much is practical. iCloud and Apple ID would be good candidates to close down old accounts and create new ones if possible.

I would also suggest updating to the latest OS on every device. Apple has gotten very strict recently in making it nearly impossible for remote management or monitoring tools to be installed without user consent.