Compromised machine...help would be appreciated.

lg4l

New Member
I'm a recent Linux convert and it's been a blast these past sev mos. breaking Mint, re-installing, learning....rinse, repeat. But this a bit more serious.

Linux Mint 19.3...I'm contantly tinkering on this machine. I had every intention of learning how to PROPERLY utilize "secure boot" today and possibly attempt a FDE install. However, after realizing I was supposed to have installed Mint w/ secureboot DEactivated initially, I put it off.

Hours later, with some careless browsing behind me, I noticed something strange. I hadn't been online for hours and Network Manager was disco'd. GFW was also set to deny/deny bc I had tinkered with ITS interface some, too. I happened to peruse System Info and immediately noticed that a couple of mysterious USB devices were present. One was virtual USB Networking device (Realtek RL888...something), the other was labled as a Bluetooth device.

I should have been more vigilant gathering onfo, but I sort of panicked. I went to CLI and began looking at things admittedly, I understand little of. Iwconfig and ifconfig produced seemingly normal outputs. But several TTY's were being used and "C processes"(?) as well. I checked the GUI Sys Monitor and in the section after processes and resources (I believe it lists the drives/devices), instead of the usual 3-5 entries representing just MY partitions and removable media....there were over a dozen various devices at work.

One was in sys/F/ ....I believe. In CLI the Who command confirmed that at least two "devices" or processes were "online". I had remembered hearing about Virsch command for killing VM's, but I don't have it installed. I opened the folder in file sys as Root and tried to just delete the folder representing "C2" user/device/processes but it "wasn't allowed". I couldn't change ownership, permissions...so I shut down and here I am. On mobile. Asking for help if anybody has a moment, please.

I would have screenshots and better info but I wanted to shut down ASAP. Sorry for the noob verbosity, as well. I'm sure that I butchered the jargon and proper terminology. I'll be right here waiting/hoping for help. THANK YOU in adv.
 


wizardfromoz

Super Moderator
Staff member
Gold Supporter
My bad, this is in the right place.

Wiz

BTW any help appreciated
 

lg4l

New Member
Hello, Wizard.

Long-time lurker, 1st-time poster.

I should also mention that I had DL'd quite a lot of various files of the P2P variety throughout the morning. I'm all but sure this is related.
 

lg4l

New Member
About to format and re-install. The only real option in a situation such as this. Luckily, no important data lost. Well, aside from the aforementioned, dodgy DL's themsleves (Mr. Rogers Neigborhood, Seasons 3-6...).

I'm done with Mint and SystemD, I think.

All ears for any secure distro suggestions. Not that Mint can't be just fine and secure when you don't go willy-nilly DL'ing Mr Roger's episodes. I'd just like to try something else.

Void, perhaps? Better yet, Artic??
 

Condobloke

Well-Known Member
It very much sounds like you were downloading torrents without a vpn.

Either that or your browser has not been secured at all, and some dodgy site has chosen to load you up with a gob full of crap

I say this because I download an enormous number of torrents each week.....and have done for the past 5 (approx) years on this Linux machine without any adverse effects whatsoever.

I use airvpn.
I use Firefox browser with malwarebytes and ublock origin
 

lg4l

New Member
Greetings.


No. VPN's do literally nothing for actual security. Unless you're calling "obfuscation" security -- which, it isn't -- that is false premise. VPN's are snake oil, by and large. They have some use-cases, of course. DL'ing torrents is definitely one of them. It's the most effective use of a VPN, these days, in fact.

In the past, VPN's were indeed tools of information security. No longer so but having access to one used to be absolutely essential to protect savvy users on public WiFi. In the early 90's, corporate entities' found they had a profound need for secure, 3rd party access to remote employees. This was the very genesis of VPN's as we know them today. But they have finally begun to migrate over to Software Defined Perimiter....zero-trust. "Black Cloud".

VPN's actually provide a massive attack surface. From domain controllers and infrastructure DHCP to DNS, switches and routers themselves. Again, they have a place. But their usefulness is waning on all fronts. In many more ways than I have already mentioned.

I, too, currently have an airVPN acct, as it were. It wouldn't have made a bit of difference today. These were direct DL's. Well, not actually "direct", per se. But I wasn't torrenting. Unless I care(d) to transfer access to my activities from one party (my ISP) over to several others (airVPN in Italy and the myriad, 3rd party data centers they employ al9ng the way in their so-called, private tunnel), there would not have been any benefit.
 

lg4l

New Member
...as for the security of my browser, it's usually right where I need it to be in the tug-of-war, trade-offs between privacy and security (eg, OCSP stapling, CSP reports and the like).

Today, not so much...and I'm glad you said that, actually. It had been lost on me these past hours, that I had been so wanton. I'm meticulous in my typical browser prep and upkeep. Firefox, hardened replete with user.js, sanitized search engine data from the browser field (oft-overlooked by most), the bare-essential extensions such as uMatrix, cssexfilprotect, httpz, POOP, Temporary Containers, Decentraleyes, Request Control, Site Bleacher...little, if anything more.

I eschew more towars the privacy side. Iften forgo the CA certs and always avoid anyrhing Google and anything from Cloudflare. No EvilCorp safe browsing, no DoH or site access via Crimeflare, etc. But this morning, having just re-installed, I just completely forgot. LoL And certain measures would have likely protected me from myself had I employed them as I usualy do.

Stock Firefox, as is...it's no better than Google Chrome. I'm glad you mentioned this. Therein lies the biggest exploitable of them all: human error.
 
Last edited:



Members online


Latest posts


Top