Maybe a security problem involving Linux hosts

Hello,

with the following problem I feel helpless because I do not know where to look for the problem.
Sorry in advance for my poor English.

At some point the interaction with people on Freenode IRC has become mysterious and offending so that I checked my modem/router device. When I tried to make a change the modem gave me the error message that another admin is logged in. It alerted me because all other computers were disconnected. So I called my ISP and they agreed that my device is listed there at "being attacked". They sent me a replacement and they also sent me a new password.

With the new modem I booted a linux livecd that i got from a linux magazine. And from there I downloaded the ISOs and wiped all my machines using DBAN.

With all the people in my social environment telling me to relax, think positive and all that stuff like "its only your false perceiption on things" I stopped paying attention on mysterious errors, etc. Until I needed the Hexchat client to check a local ircd install. And it launched with 1 network added. I am absolutely sure I had 0 networks in that network list when I went on an IRC break. Several months before there was a similar thing where all 18 or 19 networks had their name changed to EF-Net.

Another thing is that I stored all my website passwords in Lastpass and when I went offline for 3 days to install and configure some things my passphrase was changed to the one I used several months ago and all my stored passwords were deleted.

I could provide several more of these stories.

I hope none of you guys reacts now how most people reacted: "this guy is crazy, give him more meds" or something. I know it sounds crazy and it is crazy. But lets say my observations are correct where could the entry point be for an attacker?

friendly Greetings,
SInt

Network intrusion happens often enough that they almost certainly weren't after you personally. It's like email spam -- attackers probe thousands of systems hoping to find one easy catch. Did you ask your ISP how many other modems were under attack? For an ISP to even admit that their modems are being attacked hints at a large problem.

When did you lose your LastPass passwords? LastPass has cleared and deactivated accounts by the million to deal with their own intrusion attempts. Once again, probably not personal.

Had HexChat needed to install any updates after not using it for months? Had you installed it from scratch after the big computer-bleach? Once again, probably not personal, just a default setting.

In short, I don't think you're crazy -- I think you have an unclear idea how computer software and computer networking works. These events have very little in common, unclear motivation (why would a hacker want to rename your IRC networks?), and very different methods(random issues in your local computer, vs malicious hacking of a well-known password service, vs intrusion on your ISP's WAN, etc...), too many for me to assume they're all from the same person or have you in particular in mind. Reformatting your computer because someone attacked your modem is akin to burning down your house because someone looked in your window, anyway.

1 Like

Risk is based on many factors, which include:

  1. Threat
  2. Vulnerability
  3. Criticality

If I read your post correctly, it sounds like you feel like there is a threat based on your interaction with some groups on the net and your systems are vulnerable. So, the main question which remains is how critical is the Linux computer system you are worried about?

If the system is really important and a breach would amount to serious loss, then you should really consider getting a professional to help you.

If the system has nothing important running on it; then you could just rebuild it from a scratch if you are worried.

If the system has backups, you could recover the system from a backup that was from a time prior to the hacking incident being discovered.

There are lots of options and the way you move forward depending on the risk profile of the system and that depends on the intersection of the three areas I mentioned above (1) threat, (2) vulnerability and (3) criticality.

1 Like