Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Ubuntu 12.04 - Hacker Typing on My Screen

  1. #1
    Join Date
    Jan 2012
    Beans
    32

    Ubuntu 12.04 - Hacker Typing on My Screen

    I am 100% certain my machine was hacked. I am running Ubuntu 12.04 and had skype open (no connection with anyone) and Firefox, gmail and gchat in the firefox window and someone started type commands in my window and in my chat with a friend on my gchat account. They even typed an obscenity in my chat window!

    I opened a command window pressing Alt CTRL T to try and reboot real fast because when i tried to move the mouse to restart he or she kept moving it away. In the terminal window the person kept trying to type this in: punapmep p-a

    I just rebooted my machine. Is there anything I should do right now? Reformatting is not an option at this moment because I am traveling right now and I need a computer to check email consistently. How can I find out where the security breach is and how can I stop it right now?


    Eventually I just pressed the power button to turn it off and rebooted.

    Any advice on what I can or should do?
    Thanks
    Last edited by oldos2er; November 22nd, 2013 at 03:19 AM. Reason: Please keep your language family friendly.

  2. #2
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    Are you using an unsecured WiFi hotspot?

  3. #3
    Join Date
    Jan 2012
    Beans
    32

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    No, not at the moment this happened. I am using a Wifi connection at a university.

  4. #4
    Join Date
    Jul 2007
    Location
    Auckland, NZ
    Beans
    4,145
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    Also, is remote desktop enabled?
    Please, people, remember to BACKUP before you install that new system. Same if you're upgrading.

  5. #5
    Join Date
    Jan 2012
    Beans
    32

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    Thanks! I believe remote desktop is enabled. How can I check?

    A few weeks or longer ago I had used remote desktop to log in to an embedded system I was testing for a robotics project.
    Is this likely how this hacker got control of my machine?

  6. #6
    Join Date
    Jul 2007
    Location
    Auckland, NZ
    Beans
    4,145
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    Type "vino" in a terminal (without the quotes) and it should open the remote desktop control panel. If you're using unity, "remote desktop" or "desktop sharing" should do the same thing. Alternatively, choose desktop sharing preferences (or similar wording) in preferences. I'm a little vague about this because it's one of the first things I remove after doing an install.

    This link, although for 11.04, will show you what to look for. http://www.unixmen.com/how-to-use-re...top-in-ubuntu/ In your case, you don't want sharing enabled.

    From what you've described, I wouldn't be at all surprised to find that you've somehow enabled it.
    Last edited by Irihapeti; November 22nd, 2013 at 02:13 AM.
    Please, people, remember to BACKUP before you install that new system. Same if you're upgrading.

  7. #7
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    You should consider your machine well and truly compromised. Who knows how long you were sidejacked and what session info someone got. You need to immediately change all passwords all over the web -- AFTER you have a secure, preferably wired, connection on a different machine.
    Last edited by QIII; November 22nd, 2013 at 02:20 AM.

  8. #8
    Join Date
    Jan 2012
    Beans
    32

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    Thanks!

    When I run vino I see:

    D-ubuntu:~$ vino
    No command 'vino' found, did you mean:
    Command 'pino' from package 'pino' (universe)
    Command 'dino' from package 'dino' (universe)
    Command 'bino' from package 'bino' (universe)
    Command 'kino' from package 'kino' (universe)
    Command 'vina' from package 'autodock-vina' (universe)
    Command 'vinfo' from package 'radiance' (universe)
    vino: command not found

    When I go into desktop sharing, i did see that enable others to control and see my desktop were selected. I disabled this right now.

    I definitely need desktop sharing to interface with my robotics prototypes that are running ubuntu on embedded processors. I was using Remmina to do this. I am assuming I can still do this succesfully, even after disabling the desktop sharing on this laptop?

    Thanks.

  9. #9
    Join Date
    Mar 2009
    Beans
    1,333

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    About the security at the time of this incident:
    1. Were you in a public space? Meaning, did somebody have a chance to see your screen as this happened, and/or could they have seen you type the password to your computer?
    2. Is your password easily guessable by somebody who knows who you are?
      1. Some part of your name, or the name of someone important to you?
      2. Otherwise based on personal information or favorite themes?
      3. A simple word?

    3. Could there have been a witness from a previous session who could see the screen, or who knows the password to your RDP?



    What is the output of netstat -tunlp

    By needing desktop sharing, you mean you use this machine to access others using remote desktop, or that other machines access your machine? In any of this, do you have an unprotected password or saved password?

  10. #10
    Join Date
    Jan 2012
    Beans
    32

    Re: Ubuntu 12.04 - Hacker Typing on My Screen

    Thanks 1clue.

    Basically I have some ebedded processors running on some robotic hardware. I want to see the camera feed that is on the robot so I use desktop sharing and remmina to login from my laptop and see the screen on the robot's ubuntu setup and to see the video feed in the desktop. I do not need for the embedded processors to access my laptop's desktop. Therefore I am guessing that disabling the desktop sharing as I just did , will still allow me to control the embedded processor's desktop.


    Nobody would have seen my password in person or guessed it easily. Over the last week and a half I was in a hotel using the wifi, and then at starbucks briefly. Since then I have used wifi in a university office room.

    I will look for a wired connection here at the university and change all my web passwords just to be careful. I'm not sure what else I can or should do? I was hoping to avoid a reformat. Is this necessary?

    I think this happened today as far as someone accesing my machine. They were fooling around and typing messages in my gchat session with my friend like "suck my ****" and other immature things. I wonder if they were not really trying to do anything harmful other than fool around but I don't know. I am not sure if this person likely is on the wifi network here at the university and is just fooling around? This happened while I was on the university's wifi network this afternoon.

    I am running skype right now.

    Here is what netstat -tunlp shows:

    @D-ubuntu:~$ netstat -tunlp
    (Not all processes could be identified, non-owned process info
    will not be shown, you would have to be root to see it all.)
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:44052 0.0.0.0:* LISTEN 3793/skype
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN -
    tcp 0 0 127.0.0.1:3350 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
    tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN -
    tcp6 0 0 :::22 :::* LISTEN -
    tcp6 0 0 ::1:631 :::* LISTEN -
    udp 0 0 0.0.0.0:44471 0.0.0.0:* -
    udp 0 0 0.0.0.0:44052 0.0.0.0:* 3793/skype
    udp 0 0 127.0.0.1:53 0.0.0.0:* -
    udp 0 0 0.0.0.0:68 0.0.0.0:* -
    udp 0 0 127.0.0.1:52400 0.0.0.0:* 3793/skype
    udp 0 0 0.0.0.0:5353 0.0.0.0:* -
    udp6 0 0 :::55253 :::* -
    udp6 0 0 :::5353 :::* -
    Last edited by dsurfer21; November 22nd, 2013 at 02:58 AM.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •