Yep, and that's where I am. Not a lawyer and did not charge enough to afford one, but certainly seems the safe bet.
Already contacted him. The silence bothers me, frankly. But my hands are tied as of now.
I can say I had a HDD crash recently and lost a lot of my reports on the malware. The delay in remaking them may have shaken his confidence in me, but our last email was friendly and you'd think he'd claim his hardware... dunno.
I will say technically speaking, this is all way over my head now. I can bios flash. I can tell you your board is infected. I can even tell what modules are infected. But I can't fix it. Not at this level. Not when every device becomes a vector repeatedly and the orgin can't be cleaned without going ISP side. I'd need either ISP cooperation or the fricking source code to whatever this thing is and I'd probably be lost then.
I can even UNDERSTAND why they targeted him (though I can't tell you guys, I will say it's nothing bad on his part). But then we have other infections and I don't know if this isn't part of something bigger.
Wish I could help more but them damn ethics lol.
Thought I might add 2c to the thread. Having recently had our home network hacked heavily, I had a terrible time trying to isolate and reload without reinfection.
I learnt a lot, but in the end I had to just segregate off all my own devices into a subnet of our home network. It was literally too hard to get _everyone_ to reload every operating system, at the same time. Eventually I just gave up on the rest, and carved off a subnet, as I knew I was/am the main target. Since then, I had to reload my own network of devices about 3 times, each time tightening down everything on both the router, and my devices. Now I'm infection free device wise, but the others in the house aren't. And I have no way of telling them they are because, 'there is nothing wrong with my computer/phone' is how it is. This is even with a file named hax.log (for example) sitting in the root directory of a c drive on one person's pc... urgh.
Anyway, my 2c. Never underestimate use of wifi being an attack vector via mobile devices. Both on a rogue network nearby that the device connects to silently, or to the users own already compromised network.
Once a mobile device is infected, you cannot clean it unless you wrap it several times in aluminum foil, or use a high quality faraday bag, and then reload the rom via a secure offsite hardline networked computer.
If you try to reload without isolating it from both wifi and phone networks, via the alfoil/faraday bag method, it will reload the infected rom from a hidden partition on the device.
Turning off wifi, and reloading it via the 'phone companies' network does not work. It may 'say' wifi is off, but it isn't. Wifi is still on, even if it says it's off.
And even though the rom reload will appear to be working, it's really just reloading it's the hacked rom upon boot again.
Clean installing a rom is still difficult if you don't have the proper low level tools. Mobile devices are terribly hard to clean install and know it worked too. It's not always obvious you got it right, til you figure out the method of the hack.
Then finally, to really stop an attack, you need to buy a quality router that specifically makes it basically impossible to brute force attack. I use a one of the Draytek 2860 range. It's expensive as f, but can really lock down any attack vectors. It would take a hacker about 30 years to brute force the password.
I also do not use wifi now, even with the draytek (although I probably could, given how much defense the draytek has built in).
But wifi just has too many attack vectors these days, and it isn't worth the risk for me atm. I go via hardline, or for a phone, the phone networks wireless network.
Also public wifi is not secure at all. Never ever ever ever use it. As soon as you connect, your device can be compromised within a minute or 2 by an experienced hacker on the same network. And once compromised, always compromised... as almost nobody alfoils/faraday bags on a mobile device reload...
And a mobile device is the main attack vector these days for hackers, because soooo many people use them on public wifi, get compromised within 5 minutes, go home, connect to home wifi network, now also compromised, and every device on the network compromised.
Anyway, food for thought
Cheers,
Ian