Ubuntu – I think the PC is being hacked. How to do?

firewallSecurity

I'm afraid I'm being hacked: My Ubuntu is receiving inbound traffic while my PC is disconnected from Ethernet and WIFI, so my question is, how am I receiving inbound traffic? I even have a firewall that is turned on.

I'm studying to be a developer, so obviously I can't completely disconnect from the web.

How should I proceed?

Best Answer

If you think you're being hacked personally, below you can find a few very stringent rules to make hacker's lives extremely difficult.

  • Remain calm
  • Turn off all hardware you don't need to be a developer in the BIOS (this includes: microphones & speakers as they have been shown in the past to be used as communication channels once the PC was hacked, printer ports, USB ports, WiFi, etc)
  • Black-list all hardware that cannot be disabled in the BIOS
  • Connect through cable connection only and as little as possible (1/day to download mail, updates, upload your work
  • Install as little software as possible
  • Don't install software known to track you (flash, silverlight)
  • Use Firefox with the noscript and modify headers plugins
  • Disable all cookies. Only allow cookies per site and only for the session.
  • Make system back-ups so you can roll back to previous versions and make the hacker's life a hell.
  • Use these backups to create Live DVDs on DVD-Rs that cannot be hacked in case you need longer online exposure.
  • You are already using a firewall, keep doing that.
  • Only connect to the Internet through a NAT router and protect it with an admin password and use another DND then the one provided by your ISP.
  • Don't give anyone physical access to your computer

That should get rid on 99.999% of hackers.

On the analysis of the problem:

Do the following:

  • Boot from an Ubuntu LiveCD
  • Do not connect to any network

  • go to a terminal by pressing Ctrl+Alt+T and type: netstat --all

    You will receive something like this and that will be your baseline. Ubuntu is not only a client OS but also a server so some applications connect to their server part on your own machine using TCP/IP sockets and this is absolutely normal. Sockets are a very benign and essential part of processes communicating with one-another!

Then connect to the network (still booted from the liveCD) and do the netstat -- all again. This will be your baseline for a connected computer

Then install Ubuntu again following the above directives and especially: keep a cool head and read some more documentation on how Ubuntu works and if you have more specific questions, ask a new question.

Related Question