My hackers have already evolved all of this stuff you are talking about. I have been owned for 2 years now and went through 40 new Mac and PC computers. I would take them back a few days after I bought them because they were already hacked by then. I actually got banned from returning things at Best Buy due to abusing the policy!
Google "TRIAD GODFATHER" The #1 result is my blog, I’ve been being hacked by the Triads in China for 2 years now and 60 hours a week do nothing but reinstall OS’s on the 7 computers I settled with ( 3 mac, 3 PC, 1 Ubuntu .
Here's what I think it is. They are booting to a hidden truecrypt volume that loads before the bios since you can set it to load the moment it receives power. They may be turning the machines into VMBR's without you even knowing it too. I have some of their hidden Custom OS's that I got by pure luck when I was playing with truecrypt hidden volumes. Out of nowhere a 666mb custom dragonfly .iso appeared in a new hidden truecrypt hidden volume I created on my Macbook Pro. It was hidden and grayed out and I couldn’t drag it, copy it or burn it, my OS kept saying, prohibited, in use by OSX. I was able to Toast it though and have uploaded it to my Google Drive account. I also have a few USB drives that I haven't used yet but had while in Asia that I plugged in while booted to Parted Magic Live CD and I saw they had a boot flag and were formatted Fat16. I can a super tech on this page one if you want. I'm a tech wannabe, nowhere in your league but I am very clever and can hold my own.
Also, they spoof local DNS and send their payload by mimicking Google Update. I don't trust anything. They even cloned my cable modem for 3 months one time at a point where every update from Microsoft and Apple was corrupt. I found the best tool to help fix a lot of this was an old Windows 98 CD. Low Lever Dos can get in there at their level and formatting from Win 98 helped cure my machines more than Paragon Hard Disk Manager.
I can boot to CD's once they allow me to boot to the particular CD. For example, I successfully booted to System Mechanic once and successfully fixed a corrupt MBR, I couldn't boot to that CD from any other machine, including the one that I successfully did starting a week later than 2 weeks after that I could boot but the mouse wouldn't show so I couldn't proceed to the next step. They are building a database of what they allow me to use and not to use. Close Port 67 and 68, port 137-139 , port 3333 and if you can live with it, port 5355.They are coming through my itunes sharing service and managed to sneak in modified App Store Apps to infect my super locked down new MacBook air last month. See http://wtfisthisapple.blogspot.com
for screen shots etc. regarding the AppStore madness.
for a longer explanation of what I’ve pasted here from that main blog link of my tech woes.
The link above is the main page but there are these links too which I explain other subjects regarding the hack
Super Clever iPhone Hack they did at http://bit.ly/cleveriphonehack
where they were spying on me for months and recording all of my calls "including people's VM message until they had everything they needed to build a fake Skype HTML5 server that I was unknowingly using for at least a month. I called several people for help when I was still in Vietnam and everybody went to voicemail so I had a funny feeling and decided to manually dial my Mother on Skype which she answered right away. I asked if she heard me call the past 5 times in the past hour and she said her phone never rang. They were playing people's VM messages to me from their HTML5 VOIP site that they directed me to by making my Skype Icon go there instead of open the Skype program. That is one of many examples of what I had to overcome.
I realized my phone was a command center when I had a hunch and powered off my iPhone4S as my Ubuntu Live CD Boot was hanging as it tried to connect to the Internet. The second I powered off my iPhone 4S ( never jailbroken nor even plugged into a computer ), my Ubuntu Screen said “Disconnected from Network”. I recreated it 4 times in a row. The scary part is that I was using a Cat5 connection directly into the Cable Modem and wifi was shut off ( so it seemed. They served me fake screens that masked the real settings on my phones and computers). Even though I booted using a Ubuntu Live CD, their hack was still controlling my machine. It was a MacBook Pro15 that I used to boot Ubuntu from and I didn’t even mount a hard drive, it was all LIVE CD. After researching I found that Knoppix has the ability to create a persistent file system that takes precedence over a subsequently booted Live CD ( in my case, Ubuntu 12.04 ) See Knoppix at http://www.knopper.net/knoppix/index-en.html
I am good at computers but not a programmer so that's where my ability to solve this ends. I can’t list everything they did because I would need to type forever but here are a few subject areas I think they exposed to control my machines, upon which I will elaborate on the TrueCrypt set-up after the bullet points.
- They hacked my Power Supply by implanting a trasp device in My Bose Speakers and possibly my high end water machine that sent malware farts through my electrical grid and tunneled into my system that way. I always had a Fire-wire connection open out of nowhere on my Macs and my Window’s computers always had new HID Devices connecting out of nowhere ( A FUCKING GHOST!!! LOL ) I think they use a lot of tools from www.nirsoft.com
( cool site ) like USBDVIEW etc...
I am still hacked but its under control. I think they are using MIDI to send keys to my computer to be able to control it. I have many reasons why I think that... One is when I installed a program called TCP to Serial on my Mac to check it out since I thought they might be using that. I updated all programs with Zeobit's Macware and Zeobit saw that program called TCP2serial on my Mac when MacKeeper said it needed updated and even though the program was only 2MB, MacKeeper started to download a 3.5GB copy of Propellerhead's Reasons.
They use these mixers to send boot media and keystrokes but I can’t seem to unearth it before they adapt and get ahead of me again.
- The Most clever of all is when they knew I was on Match.com so they had a Chinese Girl contact me and I was amazed at how quickly she wanted to come to my house, it was too easy actually but right after she came I noticed the hacking got 10 times worse. I now realize she came to get my cable modem Mac address so they could clone my cable modem. Did you know that if you clone a Comcast Customer's Mac address on their modem and plug it in at your house, you will instantly have the same cable service as them for Internet. I was shocked that Comcast doesn't run cron jobs looking for duplicates since it allows people to get free internet but they can see if they check though, they just don't check I guess because not many people are bad-ass enough to clone a cable modem's Mac ID. Anyways, they cloned my Mac Address from my Cable Modem to an older Motorola Model and they were sitting in between my house and Comcast intercepting all of my traffic until I figured it out and called Comcast. The Guy at Comcast almost shit himself in amazement as we had him send a refresh signal to me but there was a 10 second delay as the Hackers Cloned Modem received it first, and rebooted and upon sending a second one right away, the second refresh signal hit my modem since theirs was rebooting. Comcast cut them off and just to be safe I went and bought another new modem. The guy said he never saw or even heard of such a thing and this guy was in the abuse department Tier 2 support. Yes, these fuckers are clever.
, they are using that in conjunction with Knoppix as 90% of their operation ( I Think.... ) If you are familiar with TrueCrypt, Read on......
I suspect that they used a hidden volume as the keyfile for the outer volume in order to prevent the outer volume from mounting at all if I removed their hacked OS hidden on my system. This would assure that the system always booted with their backdoor fuse file system which I discovered through pure luck when I was creating hidden and outer truecrypt volumes on a hacked machine. Their hack made a mistake and assumed that the hidden volume I created was part of their set-up so they proceeded to copy over a 666MB .iso file that had the same name a Linux Dragonfly Live DVD except that Dragonfly is 900MB, not 666MB like this one. I am guessing at saying it is a remastered Live CD of Knoppix because Knoppix can actually embed the file system to stay persistent across reboots but i’m not techie enough to go much further on that subject. I zipped the .iso file and uploaded it to http://bit.ly/666hack
if you want to check it out. Let me know what it does..... I also made a video of me extracting it from the .iso file where it kept saying certain files already exist during the extract even though I extracted it to an empty folder. Must be due to duplicate files with two dots in front and it moved it up a directory ( just guessing but I would love to know what this .iso file does. This is their bread and butter for their hack. The .iso file wouldn’t open on my Mac, it said cannot open, being used by OSX. I couldn’t even copy it or burn it using disk utility either. I had to burn it using TOAST to get it off the machine. This file is possessed. http://bit.ly/666hack2
This isn't even the half of it. FYI, i'm not a programmer, just have awesome computer common sense. I design software and have programmers code it, so excuse the lack of any super techie system logs if you think they are missing.