Active Directory Hacking
Hi everyone, I'm not sure if anyone can help me but I'm desperate for help. I've chatted with Microsoft numerous times but they aren't much help. My Personal Home PC and also my Samsung (and LG) android cell phones have been hacked/taken control of 3 times in the last 4 months. I suspected an ex-girlfriend, and one time she stole her sisters phone but we got it back. I did a detailed investigation on the phone and went into the saved passwords on the google account and there was something new saved in there called firstname.lastname@example.org. I tried to find this email or website but when I googled it I find nothing. Microsoft told me thats an email from a website but thats ALL they will say. They said the first part is an ID, and the second part is a domain. So where is the website? As far as I can tell b2c is Azure AD business to customer authentication login or something? I can't find any information about a website like that anywhere on the web. Then I noticed errors on my home PC...one day it powered right off by itself (it has NEVER done that before) and I went into event viewer and it said something about an active directory error...I immedietly knew it was her again. And now since that day I can't log into my email or calendar apps (only get into email by using firefox browser), I've found MDM logs like someone is logging into my PC under a work profile or something but when I go to the work profile settings there is nothing.
I've been having sooooo much cell phone trouble for the past 5 or 6 months I've gone through 10 different phones. I scan with antivirus software, nothing...malware scans, nothing. But I know because the keyboard keeps changing by itself, or settings change themselves, or files app keeps crashing, or my battery won't charge. Then today I found a hidden folder called .adac - active directory acbridge! I don't work anywhere, these is my Personal Home PC, and Personal cellphone and I'm layed off because of covid-19...I should definetly not have anything on my devices with a work domain!!! I also know this ex-girlfriend of mine has been doing strange things like creating businesses(but she uses drugs and has never worked one day in her life) , has an american business lawyer in conneticut (we live in Winnipeg, Manitoba, Canada), and has been constantly going on IT security solutions websites for businesses, and she keeps discussing some big huge plan she has. I think she created a business so she could make an Azure account and create her own website (use it for hacking), and to get business accounts with these IT security websites (also for hacking), and to use this business to take control of many peoples cellphones and computers using either Azure AD or some form of MDM. I suspect there's a bunch of illegal activity she's up to...microsoft keeps telling me to contact police but thats a joke as no crime has been committed here at all, and I'm not an expert I barely can understand whats going on here. What the hell couldI even tell the police, who cares if someone is hacking into all of your electronics? She hasn't even stolen one cent from me...but every electronic device I ever get is hacked or controlled within one or 2 months and I have to throw them in the river. She keeps calling me and threatening me saying she's gonna miss me when I'm sitting in a jail cell...she keeps saying I'm going to jail!!! I'm really really worried she's gonna transfer images onto my phone or computer....illegal type images!
I have 2 questions...what is email@example.com....and if she is using Azure AD to hack into my home PC and cellphones how can I ever put a stop to this???? How can she remotely access my computer wih Azure AD, over and over again? Does she use my microsoft account??? Does she use my email??? Even though I change my passwords??? Like, if I wipe my computer (as Microsoft tells me to do)...I even used CBL shredder on the hard drive (3 passes to shred all data) and do a fresh install of windows...and factory reset my router, shes right back in it within a month. Microsoft says she must be getting into my system through the router. But if my Windows PC is authenticating with Azure AD all the time, and I can't stop it from doing that...it seems virtually impossible to stop this besides unplugging the router and internet basically making the computer uselesss. How is she using Azure to do this??? How can I stop her?? Firewall?? Network packet capture wirehark or something??? What if I enroll in my own MDM??? I don't understand it?? Can anyone out there help me??
I guess thats a few more than 2 questions....but can anyone pls help me???
@Derek Ziesmann , I am so sorry that you are facing this situation . Let me provide you with the information I can as per my knowledge.
b2clogin.com is a URL Azure AD B2c uses as a authentication endpoint. Microsoft does not provision emails using the URL so it is highly unlikely that anyone would have an email firstname.lastname@example.org . Any user can get a prompt to save credentials while using modern browser(chrome, edge etc.) while they are on a login page within the browser. At this point any editing of username is possible . It may be possible that they accidently saved it . A user can go to [business name].b2conline.com for authenticating to their B2C applications if they have registered it there. Since the information was saved to google account If you go to passwords.google.com then you may be able to find the website listed as well by searching through the listed entries.
As you mentioned about weird changes in home PC . Home PC powering off by its own could be due to some hardware issue as well or heating of the device. The Active Directory related error can only show up if the device was at some point joined to a work network which you mention you are not sure. It may be possible that the system is hacked . Furthermore if you say that any new electronic device gets hacked within a month or two then it may be possible you have something in your network which allows that kind of access from external network .
Sign in to comment
If anyone tried to hack any device then you may have some incoming connection allowed on your router . You would require to find the setting which blocks incoming connections on the router or other entry points of your network. You can capture a network trace from your router itself which I am assuming will be the first entry point in your network. Will all the information that you have provided , I believe you require a cybersecurity consultant to review every device on your network . Getting specialized one-to-one support would be far more helpful on this as compared to this forum. I would suggest you to engage a home network security specialist in your local area who can check and review everything and help you with this .