Advice Request is linux machine eavesdropped

Please provide comments and solutions that are helpful to the author of this topic.

mikey779

New Member
Thread author
Apr 28, 2021
1
Hi,
I'm new to the community. While I love forums like these exists and I myself used to be a security/CTF hobbyist, but I have to post this first as it is bugging my mind.
I have some sensitive information that I do not want anyone to know. (I have to say it's not government secrets that's worthy of a wikileaks page, or government/newsworthy secrets in any kind, more in the line of corporate secrets, patents and such) The files currently reside on two of my linux machines, both running ubuntu 18.04 with encrypted hard drives and a secure password. I trust ubuntu much more than windows, but here are the loopholes:
1. these two linux machines are installed via a usb drive that's burned using a compromised windows 10 machine. though the adversary, if any, might not specifically go out and contaminate my iso image or the rufus.exe application. i suspect that the chance is low.
2. same password for both computers, the hard drive password and the login password are also the same.
3. hardware (BIOS) are made in China and might not be trustworthy. the wishful thinking, if it is that, is security by obscurity. but ubuntu is not really that obscure in China, especially among programmers.
4. I use cn.ubuntu.com for apt-get install as it is much faster for me.
5. I use a Chinese vpn vendor (not linked to the government as they don't like that. but who knows who's behind that.) I also have a professional plan by lantern (see github), but it's not working as well as my current one.
Given all that, my main question is: how risky are my ubuntu machines? what are the chances that they're eavesdropped?
Still, I trust ubuntu (linux in general) more than MacOS. is that right from a security perspective?
Thanks for answering in advance.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
We can't control where our hardware is made, but we do have better control over our software sources. You say you are using a chinese VPN and a chinese source for software updates. China has a poor reputation for respecting privacy. On the other hand, I severely doubt that they are interested in your minor corporate secrets, as they do not impinge on national security. The Chinese factor here is less than optimal, but not a reason for serious concern.

The most important thing on any operating system is to pay careful attention to the software you install and the sites to which you might inadvertently divulge sensitive information. This forum is a good place to learn how to pay careful attention to those things. Read threads on this forum.

My personal opinion is that it is hard for a linux user to get infected unless he is running a server. Most linux malware targets servers. Yes, there is linux malware that can infect endpoints, but that is not typically the target.

Don't worry about the USB stick used to install your linux distro. It is not a known attack technique.
 
Upvote 0

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
Don't use a VPN you don't trust it's literally mitm that's how consumer work
Change to Alpine Linux or fedora
Or any decent security one
It Bois and or other low level firmwares and controllers are untrustworthy get a different machine immediately !
 
  • Like
Reactions: CodaPG and Nevi
Upvote 0

Daljeet

Level 6
Verified
Well-known
Jun 14, 2017
264
I want to cover a few things, like software. Linux was designed to protect the software from the user, but now things have changed. I recommend you use app-armor and firejail. Using these, you can restrict applications to accessing only particular resources like directories, the internet, video, and audio, etc. Also, run software inside the sandbox.


Follow best practices like offical Ubuntu repo for softwares, disabling the root account, system updates, disable unwanted services and regular backups.
 
  • Like
Reactions: Zartarra
Upvote 0

Malleable

Level 1
Mar 2, 2021
45
Hi,
I'm new to the community. While I love forums like these exists and I myself used to be a security/CTF hobbyist, but I have to post this first as it is bugging my mind.
I have some sensitive information that I do not want anyone to know. (I have to say it's not government secrets that's worthy of a wikileaks page, or government/newsworthy secrets in any kind, more in the line of corporate secrets, patents and such) The files currently reside on two of my linux machines, both running ubuntu 18.04 with encrypted hard drives and a secure password. I trust ubuntu much more than windows, but here are the loopholes:
1. these two linux machines are installed via a usb drive that's burned using a compromised windows 10 machine. though the adversary, if any, might not specifically go out and contaminate my iso image or the rufus.exe application. i suspect that the chance is low.
2. same password for both computers, the hard drive password and the login password are also the same.
3. hardware (BIOS) are made in China and might not be trustworthy. the wishful thinking, if it is that, is security by obscurity. but ubuntu is not really that obscure in China, especially among programmers.
4. I use cn.ubuntu.com for apt-get install as it is much faster for me.
5. I use a Chinese vpn vendor (not linked to the government as they don't like that. but who knows who's behind that.) I also have a professional plan by lantern (see github), but it's not working as well as my current one.
Given all that, my main question is: how risky are my ubuntu machines? what are the chances that they're eavesdropped?
Still, I trust ubuntu (linux in general) more than MacOS. is that right from a security perspective?
Thanks for answering in advance.
If your network traffic is being sniffed you'll probably never know. If it's being done by a nation state you'll definitely never know. If you believe there may be an internal compromise one of the things you can do is monitor your inbound/outbound traffic with a tcp dump or netstat, log the results, and examine the ttraffic afterwards for suspicious activity. I would occasionally monitor 24 hour blocks on a regular basis. Man pages are your friend.
 
Upvote 0

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
more in the line of corporate secrets, patents and such) The files currently reside on two of my linux machines, both running ubuntu 18.04 with encrypted hard drives and a secure password.
Option 1 - Store the data offline on an external storage medium with encryption, and optionally in a secure location like a safe.
+
Option 2 - Consider Airgapping one of your Linux machines that houses the sensitive data.
An "air-gapped" computer or network is one that has no network interfaces, either wired or wireless, connected to outside networks. Many computers, even when they are not plugged into a wired network, have a wireless network interface controller (WiFi) and are connected to nearby wireless networks to access the Internet and update software. This represents a security vulnerability, so air-gapped computers either have their wireless interface controller permanently disabled or physically removed.

Source: Air gap (networking) - Wikipedia
More: What Is an Air Gap, and Should You Do it? - A Handy Guide

same password for both computers, the hard drive password and the login password are also the same.
Most basic security advice: Never use the same password.

these two linux machines are installed via a usb drive that's burned using a compromised windows 10 machine. though the adversary, if any, might not specifically go out and contaminate my iso image or the rufus.exe application. i suspect that the chance is low.
If your compromised Windows 10 PC is connected to the same network, it's a risk. Period. Wipe it, clean install the OS. You can download and burn a new Windows 10 ISO on Linux.
 
Upvote -1

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top