Ubuntu 20.04 being hacked

Question

please give me some advice on how to handle the illegal invasion into my pc (UBuntu20.04) ? I went back home and saw someone remotely accessing my pc browsing my documents, closing my browsers and viewing my conversation with other people in an app. I can't believe that this could happen so easily. But it did happen. I did not stop the hacker immediately when I saw that, instead I used my cellphone record that.

I don't know how the hacker got access to my pc remotely, could someone explain the typical way and talk about anti-hacking methods that I could use as an ordinary Ubuntu user.

Thank you very much.

Have you considered an encrypted installation? It is simple with 20.04. — C.S.Cameron, Jul 24 '20 at 06:59
Encrypted installations are useless if the attacker gets access to a running system. — Sebastian, Jul 24 '20 at 16:48
How is VNC setup? Is it set to connect directly from anywhere in the Internet? Someone could guess your password (or use a dictionary attack) and remotely break in. See this answer for one solution also see this answer. — user68186, Nov 19 '20 at 21:14

Mike · Answer 1 · 2021-11-28T19:21:42.130

I agree with previous answers you should sanitize you PC and other devices, i mean a full factory reset of routers and other devices to avoid present configuration checking and also check the other computer devices attached to the same network, remember that a professional hacker doesn´t just compromise the prey but also the complete environment it means that maybe even the USB devices connected to the compromised machine could be infected.

One good way to start is to securize your computer formatting all and installing all from zero using a firewall and even an antimalware solution available for Linux, and the same with the other computers of your network.

And as a programmer you can design a good firewall script to avoid future issues, the IP tables/nf tables sintax is not so difficult and wont be complex for a developer machine (Servers and NAT is at another level trust me).

Take a look of CIS controls v8 they will give you a clear picture of cybernetic security measures for the enterprise but many of them are useful for the home use too in fact the version 8 is focused in telework.

And be careful with websites previously visited from the compromised machine, the hacker could be sniffing and capturing your passwords weeks ago, and so for browser password manager.

This is my humble advice, good luck.

P.D-Zero trust....that´s the answer today.

score 1 · Answer 2 · answered Jul 24 '20 at 06:01

1

There's no simple answer to this. It's most likely you've installed a virus / malicious software that's used to hack your computer .

Your best best it to wipe the system, scan for viruses & check what programs you've installed before to avoid repeating the same mistake .

I'd also check all attached devices & router settings to make sure the hacker didn't leave a backdoor into your network .

answered Jul 24 '20 at 06:01

MichaelHabib

31

Thanks for the your answe. the pc is primarily used for research and programming. Thus most softwares I have installed are from sudo apt install. The only thing I think problematic is dash to panel which prevent the system from being locked. Other softwares are VNC , teamviewer. – Albert G Lieu Jul 24 '20 at 06:22
1

VNC might be an issue if done incorrectly with easy passwords & open ports. Im no expert with VNC, but once the system is compromised, assume everything is compromised with backdoors everywhere, so act accordingly. GL – MichaelHabib Jul 24 '20 at 07:04
1

VNC and TeamViewer, when improperly secured, are both attack vectors. YOu should never leave these running, or you should program your system firewall to prevent direct access to VNC except from trusted devices. – Thomas Ward Nov 28 '21 at 19:20

Ubuntu 20.04 being hacked

2 Answers2