hacked by the (alleged) `amazon-security' scammers

Liam Proven lproven at gmail.com
Sat Nov 13 12:37:04 UTC 2021 

On Sat, 13 Nov 2021 at 02:08, Joel Rees <joel.rees at gmail.com> wrote:

Healthy caution is good. Over-abundant paranoia is not good for you.
Joel, you are way over toward the latter.

> Drop files named similarly on your desktop?
>
> Insert such a notification in your message queue?
>
> Actually succeed in destroying user documents?

Would these matter? Backup stuff that's wanted, reformat disk,
reinstall. Carefully open suspect docs in a non-MS app, such as
LibreOffice, to avoid infectious macros. Resave in a safe format.

> Actually succeed in locking/encrypting user documents or stealing credit card numbers or such?

If data is lost, it's lost. Learn from this; keep better backups.

> Leave threatening messages on your admin user's desktop?
>
> Leave such blackmail in your OS file system?
>
> Insert drivers or other bits of junk that block access to the machine except to display the blackmail message?

Not really important. Wipe, reinstall, gone.

> Modify your BIOS?

[[citation needed]]

Look, as a real example: Lenovo modified the firmware of some of their
boxes to reinstall Lenovo tools if you reloaded a clean copy of
Windows. That was stupid and unwelcome, but if you're running Linux,
who cares? It won't work, it can't work, and the tools wouldn't run
anyway. There is nothing to worry about.

> The second through fifth, you need to dig around to see how much damage was done. If your work login is non-admin, you may we'll be safe in just removing write and execute permissions for all on all of that user's directories and subdirectories.

Why? Backup, wipe, reload.

> ... but scorched-earth is only going to be useful if you are able to restore the BIOS to a known-good BIOS, and maybe not even then.

I disagree. This is not a credible threat.

> But if you can restore the BIOS, you really don't need to erase the whole disk, and, in fact, you shouldn't.

Why not?

> Just write- and execute-lock the disk and only attach through a USB adapter. Buy a new disk for your system re-install.

Why? Windows spyware or whatever won't even trigger on Linux.

> If the intruders have written into your OS or BIOS, they may well have written into the disk controller itself.

Paranoid nonsense.

> Scrubbing is time consuming and is not guaranteed to work on modern media.

Back to front. Yes it is time consuming; but the point is not that it
doesn't work, the point is that it is unnecessary. The scrubbing works
fine, but the purpose of scrubbing is to defeat data-recovery
techniques that haven't worked in 25+ years.

> dd from /dev/zero or equivalent will do good enough unless you have military secrets or such, and it takes a while to complete, too. And if there are military secrets on the drive, physical destruction is best.

Dangerous, tricky, and I already posted links to a free tool that will do this.

-- 
Liam Proven ~ Profile: https://about.me/liamproven
Email: lproven at cix.co.uk ~ gMail/gTalk/FB: lproven at gmail.com
Twitter/LinkedIn: lproven ~ Skype: liamproven
UK: (+44) 7939-087884 ~ Czech [+ WhatsApp/Telegram/Signal]: (+420) 702-829-053

More information about the ubuntu-users mailing list