ÿþIBM Z60T Hacked July 14th or 15th_ Downloaded BackTrack3, FreeBSD 8.2, both bad Has daily connection to two IPs - 201.191.202.18, 201.191.202.25 ' discovered July 25th Discovered skype contacts deleted July 25th. Changed all account passwords Macbook Pro 8.1 Hacked July 23rd or 24th discovered local hack Sunday, July 24th after mounting my 8gb USB drive. There was heavy disk I-O for a couple of minutes and the process load on the 2nd to 5th level processes (ranked by percent of proc. load) increased significantly. After that I tried to install Toast Titanium 8. Installer came back with an error indicating that there was another pending install. Upon reboot system attempts samba connection to local IP address 192.168.200.30. I then installed Toast 8 however upon trying to run that some of the related Toast processes would fail if Toast was the only active application. Did system re'install. Upon configuring the system to connect to the internet using the family Huwaii 3g modem I noticed this activity: 1) system UI server connection to 192.168.33.1 port 192 udp 2) after 20 minutes of Skype noticed nmblookup connection to public IP 100.0.0.100. tied to usr/libexec/configd 3) heavy spurious UDP traffic HP 4100 workstation Configured July 26th. Worjked July 27th. Installed Skype at 2:30 pm. Upon triggering install another package labled only as UPDATE and installed without requesting authentication. I worked the afternoon on one IP. At 5:30pm I created a public SSH key after disconnecting from the internet and releasing my IP lease. I reconnected at 6:00pm. I contacted Ignacio (skype - ignacio-nin) and then sent him my key via email - siliconj@gmail.com. I noticed at that time a few of my reloaded skype contacts were missing and that there was a new contact - skype: ndlawrence. I downloaded Ignacios instructions for connecting to IRC, company email, etc. and paused for dinner. I started a download of centos6 while I ate and continued monitoring the traffic. At 7pm I noticed a connection to 201.191.202.25 same IP as the IBM laptop. I became highly suspicious at that point. I logged into my gmail account and noticed that all messages in my inbox had been opened - one hour before there had been 10 to 12 unread messages. I disconnected form the internet and immediately went to the internet cafe and changed my gmail and skype passwords. Upon return I attempted a clean install of centos5.5. Machine failed upon reboot - bad motherboard or bios AMD Sempron purchased motherboard, processor and memory to build system July 30th. Had problem with internal NIC and then noticed bios change after booting to BackTrack3 Dell Optiplex 745 Purchased August 1st. Installed system centos5.5 on August 3rd. Worked August 7th on Seelye farm creating initial draft of this document. Worked August 9th in my office. Went to get movies at 5:00pm. Shut down computer completely. Upon return noticed that the machine had been turned on. On August 10th booted system. Noticed an intel microcode update being applied - machine has not connected to the internet and no software other than the centos5.5 i386 install disk installed by me. Also noticed that the system time in the bios had changed. Pirelli DSL modem - ICE Hacked July 12 - discovered July 28th trace to yahoo 192.168.1.1 200.91.104.195 200.91.110.58 201.193.98.249 200.91.110.49 200.91.105.25 201.193.86.154 201.193.89.97 100.0.0.100 trace 192.168.1.1 200.91.104.195 200.91.110.58 201.193.98.249 200.91.110.49 200.91.105.25 201.193.86.154 201.193.89.97 144.223.245.133 144.232.2.200 204.255.168.233 152.63.85.81 152.63.85.73 152.63.4.10 no response