Q&A is linux machine eavesdropped

mikey779

New Member
Apr 28, 2021
1
5
Hi,
I'm new to the community. While I love forums like these exists and I myself used to be a security/CTF hobbyist, but I have to post this first as it is bugging my mind.
I have some sensitive information that I do not want anyone to know. (I have to say it's not government secrets that's worthy of a wikileaks page, or government/newsworthy secrets in any kind, more in the line of corporate secrets, patents and such) The files currently reside on two of my linux machines, both running ubuntu 18.04 with encrypted hard drives and a secure password. I trust ubuntu much more than windows, but here are the loopholes:
1. these two linux machines are installed via a usb drive that's burned using a compromised windows 10 machine. though the adversary, if any, might not specifically go out and contaminate my iso image or the rufus.exe application. i suspect that the chance is low.
2. same password for both computers, the hard drive password and the login password are also the same.
3. hardware (BIOS) are made in China and might not be trustworthy. the wishful thinking, if it is that, is security by obscurity. but ubuntu is not really that obscure in China, especially among programmers.
4. I use cn.ubuntu.com for apt-get install as it is much faster for me.
5. I use a Chinese vpn vendor (not linked to the government as they don't like that. but who knows who's behind that.) I also have a professional plan by lantern (see github), but it's not working as well as my current one.
Given all that, my main question is: how risky are my ubuntu machines? what are the chances that they're eavesdropped?
Still, I trust ubuntu (linux in general) more than MacOS. is that right from a security perspective?
Thanks for answering in advance.
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,053
47,744
more in the line of corporate secrets, patents and such) The files currently reside on two of my linux machines, both running ubuntu 18.04 with encrypted hard drives and a secure password.
Option 1 - Store the data offline on an external storage medium with encryption, and optionally in a secure location like a safe.
+
Option 2 - Consider Airgapping one of your Linux machines that houses the sensitive data.
An "air-gapped" computer or network is one that has no network interfaces, either wired or wireless, connected to outside networks. Many computers, even when they are not plugged into a wired network, have a wireless network interface controller (WiFi) and are connected to nearby wireless networks to access the Internet and update software. This represents a security vulnerability, so air-gapped computers either have their wireless interface controller permanently disabled or physically removed.

Source: Air gap (networking) - Wikipedia
More: What Is an Air Gap, and Should You Do it? - A Handy Guide

same password for both computers, the hard drive password and the login password are also the same.
Most basic security advice: Never use the same password.

these two linux machines are installed via a usb drive that's burned using a compromised windows 10 machine. though the adversary, if any, might not specifically go out and contaminate my iso image or the rufus.exe application. i suspect that the chance is low.
If your compromised Windows 10 PC is connected to the same network, it's a risk. Period. Wipe it, clean install the OS. You can download and burn a new Windows 10 ISO on Linux.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,099
31,049
We can't control where our hardware is made, but we do have better control over our software sources. You say you are using a chinese VPN and a chinese source for software updates. China has a poor reputation for respecting privacy. On the other hand, I severely doubt that they are interested in your minor corporate secrets, as they do not impinge on national security. The Chinese factor here is less than optimal, but not a reason for serious concern.

The most important thing on any operating system is to pay careful attention to the software you install and the sites to which you might inadvertently divulge sensitive information. This forum is a good place to learn how to pay careful attention to those things. Read threads on this forum.

My personal opinion is that it is hard for a linux user to get infected unless he is running a server. Most linux malware targets servers. Yes, there is linux malware that can infect endpoints, but that is not typically the target.

Don't worry about the USB stick used to install your linux distro. It is not a known attack technique.
 

Vitali Ortzi

Level 22
Verified
Dec 12, 2016
1,093
4,022
Don't use a VPN you don't trust it's literally mitm that's how consumer work
Change to Alpine Linux or fedora
Or any decent security one
It Bois and or other low level firmwares and controllers are untrustworthy get a different machine immediately !
 
Top