Hi,
I usually leave my notebook in standby and yesterday I opened it up to see that the browser had been started, the files browser was open, Thunderbird Mail was open and another app I couldn't even recognise, just a window with the word Anon in the top left hand corner.
Noone in my household has the knowledge to be able to do this, in fact none of them have ever used Linux and I doubt they would bother anyway. The only conclusion I can come to is that someone has been looking around my laptop remotley.
Has anyone else ever had this happen? Is this even possible?
Hope I am posting this in the right section.
Thanks
Bob
[Solved] - Security - Have I Been Hacked?
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
Bob55
[Solved] - Security - Have I Been Hacked?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
trapperjohn
Re: Security - Have I Been Hacked?
It sounds pretty creepy to me bob and, yes, malicious remote access is posible on a Linux machine. Some will reply that Linux doesn't get hacked. See: http://www.ibm.com/developerworks/linux ... index.html for one of many reality checks. There are Linux backdoors in the wild. Trust me on this, part of what I do in the real world is demonstrate this to complacent Linux users. Social engineering combined with a common, open source application called the metasploit framework can do this and is quite well known by the good guys and the bad guys.
Because the browser was open, you may want to review the data in the Firefox cache and browser history. If the user was a malicious outsider, he/she was very clumsey in leaving the blatant evidence of open applications and has probably left a trail. Dare I say it... reconsider the non-malevolent insiders.
If you cannot - using forensics like cache review, router logs, OS logs, etc - establish that the breach came from inside your network by friendlies then consider a clean wipe and re-installation on a well hardened network. This is usually all it takes, but re-flashing the BIOS is another step I have taken in rare cases where re-installation still resulted in a suspicious system.
As for the future, there are many prudent precautions that you can take. As for possible physical access, configure you machine to require password entry upon resume. Be certain to close incoming ports on both you router and your machine. Doing this will not prevent a backdoor that you haplessly enable... a pitfall that typically occurs when viewing active web content on malicious sites (WOT/Noscript), clicking links in tainted emails, installing untrusted software, and using sullied thumb drives.
Because the browser was open, you may want to review the data in the Firefox cache and browser history. If the user was a malicious outsider, he/she was very clumsey in leaving the blatant evidence of open applications and has probably left a trail. Dare I say it... reconsider the non-malevolent insiders.
If you cannot - using forensics like cache review, router logs, OS logs, etc - establish that the breach came from inside your network by friendlies then consider a clean wipe and re-installation on a well hardened network. This is usually all it takes, but re-flashing the BIOS is another step I have taken in rare cases where re-installation still resulted in a suspicious system.
As for the future, there are many prudent precautions that you can take. As for possible physical access, configure you machine to require password entry upon resume. Be certain to close incoming ports on both you router and your machine. Doing this will not prevent a backdoor that you haplessly enable... a pitfall that typically occurs when viewing active web content on malicious sites (WOT/Noscript), clicking links in tainted emails, installing untrusted software, and using sullied thumb drives.
-
Bob55
Re: Security - Have I Been Hacked?
Hi TrapperJohn,
Thanks for the feedback. I am feeling a bit paranoid, all the items that were open were the sort of things someone would look at if they were snooping. I think I wil play it safe and do a complete re-install.
Thanks again.
Bob
Thanks for the feedback. I am feeling a bit paranoid, all the items that were open were the sort of things someone would look at if they were snooping. I think I wil play it safe and do a complete re-install.
Thanks again.
Bob