My fellow penguins,
I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory’s “Where Is My Mind” has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike’s Dad saying, “Ike, we are sick of you talking about ghosts!”
It’s getting old now.
I feel like these sounds should be grepable in some log somewhere, but I’m a neophyte to this. I’ve done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.
Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.
Thank you in advance. LOLseas
Can you record the noise and share it? Consider outlook’s recent arbitrary webdav exploit that fetched a malicious payload from the internet to run if you said it was a custom notifocation sound. That directly attacked a sound producing function and is silent.
It’s not impossible this is an attack but it’s a very rube-goldberg scenario that leads to to suppose there is a literal noisy attacker who can persist through reimaging but can’t stop fucking up an existing sound channel.
I would love to catch the event, but it’s sporadic. I stumbled across the gnome-logs package and see concerning events such as “Warning: writing to insecure memory!” from a running service: tracker-extract-3.service. But that service, though named intimidatingly, just watches the file directory for updates/new files.
I’m dealing with Morse Code atm and it’s a welcomed relief from the South Park or Karma Factory bytes.
Also, I installed Ventoy on my USB drive and put a Gentoo Live iso as well as Debian, Slax, and QubesOS. I intend to reinstall (thinking of starting with Gentoo).
Then I tried unmounting it. It hung with “device busy” for a solid 6 minutes, and finally ejected. New fear is the attacker is altering the iso files I’m putting on the drive. So I ran sha256sum -c [Gentoo.iso filename] against the SHA256 hash from gentoo.org and it completed as OK but bitched about 12 lines improperly formatted. I’m spitballing again on what to do.
Also, how can I get Lemmy to show codecommands formatting? I use Jerboa but don’t see a code block option.
Don’t run
sha256sum -con your suspect file — it expects to be passed a file containing hashes and other filenames. sha256sum the iso itself instead and check by eye, or make such a hash file.Downloaded the Gentoo LiveUSB image again from a running Gentoo LiveUSB session, from gentoo.org and also the .iso.sha256 file. Ran ‘sha256sum’ on both files. They mismatch. Photo included.
For inline code
like this, wrap the text in backticks `like this`.For multi-line code, wrap the text in triple backticks ``` like this ```
Thanks so much!