Router Hacking

Hi @XfinCustomerX10! Thank you for reaching out to the Xfinity Forums for assistance with this security issue. I'm so sorry to see that's been happening! It's important you have a safe online experience and the peace of mind to connect your devices securely. Our Customer Security Assurance Team would be the best to help with making sure that's the case! They are the experts with online safety for you and your connected devices. You can report suspicious online/connection activity to them on their website or call them at 1-888-565-4329 between 6:00am - 2:00am EST, 7 days a week.

@XfinityCassandra​ Thank you so much for the response! I have a total of six level two security tickets in with them. They cannot seem to get me past level two. I keep going back and fourth between tech support ( who drops the ball the second I ask for guidance on how to configure my router, disable port forwarding, etc. )

Security Assurance has been unable to help. I went by the Xfinity store the other day and they had advised me to ask for a level three coach in PA. I could not get anyone onboard to do so and essentially have been told to go to the police (which I have multiple times) and hire a network specialist. The network specialists are thousands and I cannot afford one. With all due respect, my Xfinity bill for internet only is 180/month plus another 70/month for my cell phone - both being hacked in every way possible, it really upsets me that there is no one there who can guide me in fixing this issue for a service that you render. 

This has been costly in every way imaginable. It has impacted my life in a way where it has been very traumatizing. 

I’ve had to do all the legwork on my own to try to find out where the issues may be - to help me help you , and be able to articulate the problems that are happening. Here is what I know:

Number one: my local network has been cloned. Someone is using UPNP services in order to assist them in streaming/mirroring my activity to another device. I also believe that my DNS is messed up due to all of the redirects that I get when trying to visit a legitimate website. When I run a network scan from from a routing table under IPv6 I noticed that there are quite a number of stops along the way. Some of them are even outside of the country, like Australia. One local IPV six address  takes me to a man’s house who lives across town. I am very concerned that someone is using my network for something really awful and terrified that whatever they are doing is going to come back on me. I really need some help from either you guys, or if you could bubble this up to to level three in my behalf since I’ve already done so?  I have also found a network of surveillance devices tied to my network with sequential SS ID numbers. INSIDE MY HOME. I don’t even feel comfortable changing my clothes or sleeping anymore. 

not to mention all of my VPN that I try to use to veer away from this, are also coming up “split tunnel’.

whoever is doing this may have access to my device somehow - perhaps a neighbor?? The reason I say this is because they seem to be exploiting me via AWD/WiFi Direct, Google Play Services, Airplay. They disabled me from being able to pan for what’s around me. I cannot disable Airdrop or mirroring also somehow someone installed an app on my iCloud that pertained to IoT.io on 4/11. When looking at the app itself it’s a Bluetooth scanner to see what’s around and I believe it to be nefarious in nature. .io is a domain that hacked me to begin with. 

There appears to be some sort of wire shark device on my Network, An additional router, possibly virtual, a media renderer on the Xbox, which I assume is to video my activity. It looks like my Xbox is set up to be it’s own network!? My sons Roku TV is somehow involved in this as well based off the activity on the IP address. That scares me to no end because there is a camera in it! 

I even had two Xfinity technicians at my home to bring the last two routers. They also seen the connected devices out on the network before plugging the new gateway in. The only guidance they could render was to call because troubleshooting this is outside of their wheelhouse. The latest tech said that it’s some sort of spyware.  

I cannot tell you how much I would appreciate assistance. I keep running into roadblocks. I am where I feel like my safety and my son’s safety is in danger over this. I don’t know who to trust anymore and I’ve never had to deal with something like this. I truly think someone must be using my network for something awful. All devices are also cloned. What someone could do with that is beyond imaginable. 

everyone is always very nice, but not able to assist me not do they have any knowledge on how to do it. My knowledge is very limited and everything I know so far I have learned in the past couple of months by force because if I didn’t, I would still be clueless as to where the problems are. 

This hacker also stays a step ahead of me - because they are watching what I look up and what I learn constantly. They have disabled helpful utility tools to the point I have to keep buying new software until they break that too. This is next level espionage type of stuff I did not even know was technically possible. The more I learn, the more I want to crawl under a rock - and I also realize how much I don’t know. Only puzzle pieces- I really need someone knowledgeable to help me in putting this together to fix it. I need some peace and some sleep in my life.  Please help me find someone who can help! I even tried to do the FBI form online -and I get to the end and somehow it refreshes as soon as I am about to hit submit. 

The store advised me to call security team and ask for level 3 in PA and to ask for a coach. I was refused and told there’s really nothing anyone can do. It’s the account that security will assist with, not the service. 

Yo I’m dealing with the same thing I haven’t even finished reading it all yet. I’ll post again when I’m done.

This has been driving me crazy almost literally. I can’t access certain websites. At times someone will literally take control of my computers and phones if you find any solutions please let me know please.

My take on this, you would have to wipe clean all your devices, all your cloud backups, preferably just delete them, all your email accounts etc, just start over from scratch, plus don’t restore from a backup, it’s not your router, your devices are passing your info between them and the “Hackers”…

We have been through this six times with sanitized devices introducing them to the network one at a time. My job has issued me a new laptop. Someone must have a keylogger as well because they somehow are able to know every single password.

I would rationalize this to think the issue is in a device as well at first. No one has really messed with my financials and that is typically the goal when it applies to hacking. This is someone who wants to pay close attention to who I speak to and what I’m saying and doing - surveillance, if you will. Why else would it be configured to “dvr” my phone activity? Plus

due to the fact that a separate neighboring network is communicating with my cell IP and Xbox along with all the WiFi Direct and Airplay logs tells me this is potentially someone spying on me. I can’t think of anyone with a motive though. I’m pretty boring. 

I don’t think the person that did this gave me enough credit to look under the hood and learn. I still don’t know anything but I have learned enough to see some of the dynamics - and those dynamics don’t seem to fit the MO of a hacker that is just trying to hack. I think it goes deeper and what’s happening is that my network ID is being used for something nefarious in nature. This is what scares me - that and the Bluetooth network that surrounds me. I don’t feel like I’ve had a private moment since 2/20. 

Since Feb?  You need to nuke this issue.

As far as 'sanitizing' devices goes, there is no anti-virus tool that will be dependable running on an already compromised device.  Scorched earth is the way to go.  Make sure your IT guy is aware of this at your work too.  They might want to re-image after you fix other problems. 

Your phone may be root kitted, cloned or otherwise compromised (the least secure device you own by the way).  Un-root kitting is unreliable and there isn't anything you can do about cloning other than switching phones.  Get rid of that thing, and be careful what you install on it.  You got an issue from something added on.

You might consider buying a 3rd party gateway just so your router configuration can't be changed from the web or an app.  It's a horrid Xfinity idea in the first place.   Call xfinity from the new phone or land line to add the new gateway and remove the other one.  (takes care of wifi password too, pick a different one).

On wipe day, everything off!  Only one device active.

To prep for the rest of this, get/create an Ubuntu DVD.  You can boot from a flash drive too.  That's a quick search.  https://ubuntu.com/download/desktop

When you boot Ubuntu from your DVD drive, there's an option to boot from the DVD directly without installing Ubuntu.  It runs in memory without installing on the hard drive.  We use that from here on.   

When that is running, use it to download and create install media from windows for the rest of your PC's/Laptops.  You'll need your 25 digit product key to reinstall windows (sticker on device itself).  Create Install DVD's or memory sticks from Ubuntu https://support.microsoft.com/en-us/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d and https://computingforgeeks.com/create-windows-10-bootable-usb-on-linux/

If you are going to try to save anything (photos/documents), use Ubuntu to copy them directly from your hard drive to a USB stick, or larger external drive (format it first if it had anything on it before.  They could be problematic, but with a new windows install and new anti-virus running on a brand new windows install, you've got a chance of saving them without getting reinfected.

From Ubuntu, now create a temporary email account someplace like protonmail.com.  You're going to use that for a recovery password for every account you have.  From Ubuntu, chance every account you use including gmail and xfinity to use this address as a password recovery address, and not your phone or any other account you currently have.  Then reset the passwords.   Test the recovery with the 'forgot password' link on all of them.

Great, now blow away your laptop/PC and make sure you reformat the hard drive with the windows install media.  1st thing you do after that, is update windows manually and toss in a free anti-virus tool like Avast.com  before trying to install anything else.

Other devices like Roku's, cameras and IOT gear like nest?  Well, if you changed out your gateway, they won't be able to connect to wifi or through bluetooth on your new phone anymore.  There's a factory reset on all of them.  Power them one one at a time and reset them.  That's about all you can do with them, but it's unlikely without physical access anyone could flash the ROM on them, so they're likely OK.  Try to update them all without your DNS redirection issues using your new gateway.

In the future, social media and banking information on a phone is a bad idea.  Try not to do it.  You'll find social media is a common attack vector, along with leaving your phone's wifi and bluetooth active in public, and they're after your banking information usually.

Starting over is really the only way to get rid of this.

This is a lot of VERY helpful information! Thank you so very much! 

Have you had any luck since these original postings? The literal EXACT thing is happening to me, though I’m not as far along as you. First it was my Galaxy S20, completely taken over and I had no control over it. A few times prior to the final takeover, I was able to factory reset. That did the trick but “they” always found a way back in and eventually in late May 2022, my phone was completely taken over and the they disabled the factory reset, even when I put my phone in safe mode. Next, new router, new phone (iPhone even though I hate it), new boxes for the whole house and also new laptop from work. It’s now happening all over again. I’ve been back to Xfinity, Verizon for my phone, geek squad at a Best Buy. Every single person has basically told me the hacking isn’t possible and I must’ve “clicked on a link”. Absolutely maddening. The Xfinity (Fakefinity) apps are a joke and half the time when you call, it also gets somehow routed to a non Xfinity person. I refuse to download their apps any longer. I’ve also noticed other accounts attached to mine, but like you said, they haven’t hacked my banks account or credit cards. But I feel watched 100% of the time, whether it’s through the microphone or camera and most obviously through my home network. My husband also has an Xbox. I can’t tell you how many times I have unplugged my Wi-Fi, turned it all off, but it doesn’t matter. I even bought a “burner” phone and they hacked that within 15 minutes. My life, sanity, marriage, work is all crazy because of this. The hardest part is that anyone is tell and at this point, BEG, to help me…they think I’m a nut job! 

I’m having the Arxact Same thing happen for 2 years!!!!!’  Please help!!!!! 2 of my so called freeness are on the EXACT same dns servers all the way back to MY private ip! I have Swiss showing up all the time that shouldn’t be here! Does that mean the hackers are are that close to me!? Y’all have no clue the insanity this drives one to.. please help

It’s been a while because I’ve had my iPhone in airplane mode for almost two months. Not that it mattered. 

yes, it’s still happening. 

you gave me chills when you spoke of the burner being hacked 15 minutes out of the store. I’ve had such a similar experience as you that it makes me very uncomfortable. Like all of it. 

I wonder if this is even the Xfinity legit site? Or how many of those many level 2 no help tickets were legit?

I’ve done everything. It’s in my network and it has to be a neighbor. 

can someone tell me what a Wi-Fi alliance is? Spectrum? 

I have networks follow me all over the place using BLE. 

Essentially, my home network is somehow made into a corporation where all of the traffic from my devices goes through a server. Also, to make it even more ludicrous the server is highly censored. It is very hard for me to look up troubleshooting and educate myself on things like cyber security, networking etc.. I am also prohibited from looking up the stuff that includes spyware, malware or you know stalking, abuse.

I also used a tool to crawl websites to see what sites are disallowed from my server. It tells me I can’t get on too many Xfinity sites, my dude who works for IT at my job said I’m also prohibited from looking at my own YouTube accounts, my own Twitter accounts, and I don’t even have any type of account that involves social media anymore. So now I’m worried that somebody made one of my name that I’m blocked from seeing. There’s also this website called despair.com and I’m not allowed on much of that one either except for the homepage. It doesn’t make any sense to me none of this. My Bluetooth is always on, my phone is always listening , my camera will turn itself on and the hits just keep on coming. I truly don’t know what to do anymore. April 18 was the last day I made an attempt to go to the police, they advise that they are not even equipped to investigate cyber crime. On the iPhone I caught the hacker using an app called shortcuts, tethered to an Apple Watch I don’t have. They also have my laptops and phone set up as servers. They also edit, delete and write storage.

lots of weird stuff. I have not had a moment’s privacy in over six months. 

Oh and don’t even get me started over the Bluetooth peripherals that are all around me and the ridiculous networks that follow me around. 

my gateway says it’s a Wi-Fi 6 WAP and part of a Wi-Fi alliance and they are streaming my activity like a flipping DVR to a cloned device so it looks like I’m hacking myself. Maddening isn’t the word. What [Edited: "Language"] is a Wi-Fi alliance? I’ve had networks from one side of town pop up on the other - and they are too out there to be coincidental