Linux

9303 readers

307 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

Hacked PC - random sounds playing (sh.itjust.works)

submitted 3 days ago by LOLseas@sh.itjust.works to c/linux@programming.dev

68 comments fedilink hide all child comments

My fellow penguins,

I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory's "Where Is My Mind" has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike's Dad saying, "Ike, we are sick of you talking about ghosts!"

It's getting old now.

I feel like these sounds should be grepable in some log somewhere, but I'm a neophyte to this. I've done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.

Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.

Thank you in advance. LOLseas

you are viewing a single comment's thread
view the rest of the comments

[–] friend_of_satan@lemmy.world 9 points 2 days ago* (last edited 2 days ago)

Run strace (or falco) and log every file open. When you hear the sound, reference the log of what files were accessed at that time.

Run tcpdump and capture all traffic. Analyze it in wireshark, searching for a time window around when the sounds happened.

FWIW putting pranks like this in cron or systemd is a common way to haze people who have bad security practices. We also used to set the default run level to 3 or 6, but of course that doesn't make sense in the era of systemd.