Hacked XFi, Hacked App, Hacked Website, Hacked Account....and Xfinity Security Continues To Ignore Me

Thank you @flatlander3 for your input on this issue! 

@courtney.cakes, @user_c9bf0b Please reach out to our Customer Security Assurance Team (CSA) That will be able to better assist with each of your concerns. They can be reached online, here.

Their site also includes a phone number if you prefer an over-the-phone method of contact and numerous resources to help protect yourself online. 

 [Edit: fixed link]

@user_c9bf0b​ 

welcome to my world.  i've been hacked and cyberstalked relentlessly for 10 years.  the police weren't knowledgeable enough to even see it, and the FBI (i went in person) couldn't have cared less.  i hate to be the bearer of bad news, but there are no "real" resources in place or available for victims of these crimes - unless you're a corporation and have $1M+ that you're at risk of losing.  every account, device and app i use is hacked, including my medical records, and my browsers have so much javascript and cookies embedded in them that no website i visit, including xfinity's, works the way it's supposed to.  today my apartment felt oddly warm - i keep the thermostat at 71 - so i looked at the setting and it was set to 85.  i live alone.  i now see what they're doing with all the "home" apps in my devices and on my roku tv, which, by the way, has a new serial number.  lol.  i swear to god.  

being a victim of hacking is beyond maddening and depressing, especially when you get revictimized when seeking help from people who call you crazy or paranoid.  i have lots of evidence.  i even know who some of my hackers are.  and i still get no help from anyone who is in a position to stop it.  

@XfinityEva​ 

the link "here" opens as https://internet-security-site-web.ho-g3.cf.comcast.net/help/report-abuse%C2%A0, which is a blank page.  why is everything so difficult?  can you please just type the link?  thank you.

@flatlander3​ 

thank you - many of your suggestions are worth trying.... however, once hacked, my devices never actually fully factory reset again.  there's always either residual config files and programming left behind that can't be deleted, or, like with my xfi, sys.cfg files that run as soon as i perform a factory reset on it and before i even have time to login to the admin tool to block them from downloading.  i've lost count of how many phones, tablets and laptops i've purchased over the past 10 years.  they hacked my current xfi via the cable connection and moca, which opened the door to their subsequent hacking and reconfiguration of my second of two roku tvs purchased in four years, giving it an all new serial number.  the first tv, like my first xfi, was hacked into not turning on at all.

another bit of fyi for xfinity....i believe that my hackers are hacking my xfinity acct by linking comcast residential services and xfinity services, and i know for a fact that they are hacking my account by linking variations of my address that xfinity has assigned to my account, ie, unit 817 versus #817 versus apt 817.  i have all but begged several xfinity agents to delete the unit and # versions of my apt number and to use "apt 817," since that is the actual postal address version, but they never do it.  and when i first signed up with xfinity three years ago, i had to accept the home phone number and voice service to get the lower price for internet, and that gave my hackers two great new tools.  they also use my comcast email, another service i didn't need or want.  thanks for nothing.  might as well roll out the red carpet for em while you're at it.

my hackers use azure and other enterprise apps, admin control via work and school accounts, tons of javascript embedded in every browser, adobe assets, akamai/new relic/cloudflare/aws/solarwinds services, apis, developer tools, cdns, domains, web apps, cloud computing, databases, expired or bogus certificates, peering, grouped asns, and hosting to hack, but their widespread monster hack tool is embedded objects in global advertising.  and, of course, the standard advertising opt-out sites don't work for me.  every ip i find connected to me is shown to be either google, amazon technologies, microsoft, akamai, or apple. they even hacked my car.

lastly, on securitytrails i found hundreds of their domains - some not linked to ips - such as itunes.apple.com.edgekey.net.8.1.adiosnof.roksit.net.  

i honestly think that all of the open source <Edited: Language> and apis and developer tools supposedly made available for people like the so-called whitehats, to do some hacking good for the world, is a bunch of ridiculous <Edited: Language>  it does nothing but give the blackhats more weapons to use to destroy people.   if you compared the benefit of open source to the harm it has done to me and others like me, whatever pro-open source argument ANYONE might have to offer falls right on my deaf ear.  hacking has, by all accounts, ruined my life, and the stress has made my health decline to the point of being disabled.   i have not had one shred of privacy in 10 years - text messages are secretly screenshot, calls are recorded, photos are blacked out or stolen, emails and cloud storage accounts are taken over, and my past attempts to find a job online - because what other option is there these days? - were nothing but a huge waste of time and effort.  does anyone have a story about how open source saved someone's life?  i think not.  a hacker is a hacker is a hacker.  i used to love technology.  i now hate it.

@flatlander3​ 

if i could just find a flip phone that didn't have bluetooth, i'd pay as much for it as i spent on my currently remotely managed iphone.  lol.

@courtney.cakes​  Open source isn't the issue.  In fact, that's WHY bugs are found.  Closed source?  They use the same libraries and programming language to compile THEIR OS and programs, you just can't see the code, and can't see how bad the coding muppets are at the outsourced company they use.

Yeah.  Wipe compromised devices immediately.  When you do it, wipe EVERYTHING at the same time, not just ONE machine at a time.   I suggested a boot CD so you DON'T create alternative email accounts with compromised devices.  Blowing away the OS is beyond the skill set of most folks.  They also do not have backups and suggesting it will cause data loss for just about everyone I know.

I would NOT use ANY 3rd party company for email or backup these days.  Doesn't matter WHO it is.  For me, I lease rack space and do it myself and run my own gear.  There is also an issue with management software for virtual machines (cloud servers) and they are commonly hacked, so the attack will come FROM the sever room (local attacker).  If you lease a physical machine, you at least control the physical machine.  The company you lease it from can shut it off, even steal the hard drive, but you can guard against the BMC/CMC software running on the server board itself, and block any management software they have.   Some OS's are better than others.

The majority of attacks on my gear are in fact compromised cloud servers.  They are also unpatched granny machines running windows 7.  IOT gear like cameras and thermostats as well that are commonly used in botnet attacks.  Many are known hostile actors.  Some of them are even state sponsored.

Well here's the deal.  If I can look at the code, I know what it does, and where the problem is.  I also know every library used to create the code, the compiler, the linker, and the language used.  If I can't, I have zero chance. 

When an exploit IS found, CISA security reports it (on all platforms/devices) these days.  I can patch libraries and recompile programs (and firmware) that are impacted by a security flaw in a library, or disable function on an application that DOES have a specific issue -- this is really common and happens all the time -- they all have bugs and exploits that are uncovered.  Doesn't matter what it is.  

Do I have to wait for a "Quarterly Update" from anyone?  Nope.  I can patch when the library is released, or disable function impacted BEFORE a patch exists.  By the time a closed source OS or application gets through the QA department at a company, if they even bother to fix their software, you've likely been running with a known active exploit for months, and you've been an "Open Book" during that time.

Your firmware on an Xfinity gateway or ANYONE's gateway?  A phone app with the ability to map location to control it from a remote location?  Windows -- the company that makes computers for viruses for decades?  Chrome OS that is really just a private data collection tool?  Apple is no different, but it's a bit different because they at lease kept user and program privilege from BSD.  They're still selling private info. 

Identity theft is a big issue.  People have terrible data practices everywhere, but if YOU are getting "hacked" all the time, examine how you handle data.  Are you reusing passwords?  Do you click on links that come in an email?  Are you using "social media" like facebook on an unsecure platform (windows)?  Are you using a dedicated firewall to guard against network penetration, do you have any gear that analyzes suspicious activity on your own network, or just a consumer grade gateway with firmware that is never patched?  Do you isolate devices that contact cloud servers on another subnet like TV's/streaming devices, IOT gear, security cams?  Do you leave bluetooth and WiFi active on your phone when out and about?  Do you use public WiFi?  Ever do any network penetration to verify your own security practices?

You can mitigate risk.  White hat?  Black hat?  Doesn't matter.  What does a white hat do?  Make cash from pointing out exploits the right way.  What does a black hat do?  Make cash from demonstrating an exploit a company should have fixed in the first place -- and without them, you wouldn't even know you have a problem.

I definitely want to make sure you can connect to the internet, @courtney.cakes. You are correct, if you factory reset your modem, all settings that were changed from default will be reset. Are you able to establish a connection over ethernet? 

the saga continues.... i had to factory reset router #2, which xfinity suggested i swap out for a new one, so i did two days ago. a tech came out to install the new router and hook up flex because they wanted to check my cable hookup, i guess, and because everyone at xfinity, except the techs themselves, seems to think that the techs can fix everything and add extra security to your router, etc., etc., when all they can actually do is test the connection to see that it works, plug the device(s) in, and at most, reset them, all of which a 5th grader could accomplish.  i've probably done more resets than all the techs combined.  lol.

anyway, they hacked into my new router and then into my flex, then reprogrammed it just like they did my roku.  i know this because i can't change some of the settings, and my flex mac address is one number off as shown in the admin tool (10.0.0.1).  i'm not a hacker, but i can obviously see some of the not-normal results of their hacking.  i don't know what the flex "about" screen under its settings should look like, but this is what mine shows (i named it to differentiate it from the other random hack devices thatshow up in my router; however this name shows up with the wrong mac address): 

"About Xfinity TV

Device Name      My Apt

Device ID     [list of 19 numbers beginning with 408 that isn't listed on device or label on box or anywhere that i can find]

Release Version     v38.0.0

Release Timestamp      06/29/23 7:51 AM

STB Timestamp     Mon 26 Jun 2023 09:43:51 PM UTC

eCM MAC     N/A   [obviously this looks suspicious]

STB Version      AX061AEI_6.2p13s1_PROD_sdy

XRE Protocol Version     2.8.0

Receiver     6.2.0

Environment     of1-x4"

Standard or no? 

@XfinityEmilyB​ 

you know, i've tried to remain calm and friendly with all of the MANY agents i've spoken with at xfinity about my account and their devices' security problems the past two years, beginning with my request to have my three slightly varied addresses changed to the correct one, which is the actual postal address.  it seems like such an easy fix, yet still, they have three variations of my address, which are 'linked" accounts, and which have served as an open door for hackers to access my account, which is exactly what they did.  how do i know this?  because today i found out that one of my addresses was linked to a different name, someone i don't know, and another was linked to my old email, but one i've never used with this account and no longer use at all, although they obviously do.  they also use my comcast email and voice service, neither of which i've ever used or even want, but can't get rid of.  xfinity's failure to simply fix my address caused the hacking nightmare that followed and the ramifications of which i deal with on a daily basis, and that's enough to anger anyone.  now add to that an online chat agent promising me a few weeks ago that she would schedule a tech to come out to put added security in my router which would prevent it from being hacked into, then he shows up and can do nothing except reset it, admitting he has no idea how to make it more secure, and then getting a bill from xfinity for $102 for the service call and fraudulent charges from the tech.  i'm beyond angered.  this whole experience has been nothing but a comedy of errors and epic failures on xfinity's part.  tomorrow i'm going to find a new internet and streaming service and be done with it.  can only get better from here.

and i'm not paying that [Edited: Language] bill.  i'd like to tell them exactly what i think they should do with it.