How to unequivocally restrict all remote access on all devices for all users using kali linux.

[Keymaster88]

I'm newish to linux. I have recently and am still going through hacking issues. It seems that any linux distro I download and try to use has changes made to the GRUB bootloader or ISOLINUX which allows for another party to be able to log into my session, directly interact, as well as monitor and take all my data to do with whatever they like. On my MAC and windows PC this is done a bit differently but the same basic problem. I got an install of Kali Linux burned to a DVD and this dual boot feature is still there. This tells me the problem is in MY machines. The one thing I can do is make changes to the OS as the root before putting the device online. Is there anyway to no questions ask lock down my device. The hackers tend to be fond of tty, Pam manipulation and local host takeover where they like to set up a proxy.

 

[sphen]

Welcome back!

Based on your descriptions (and your previous posts), there is not much you can do. All of your computers are infected with persistent malware, and your network (e.g., router) may also be infected. Based on what you wrote, it appears that the attackers have infected the firmware on your computers. This is how they reconnect even after you wipe a drive and reinstall the operating system from scratch.

Until you replace or fix those devices and learn how to prevent them from becoming reinfected, you are doomed to repeat the same problems over and over, which is what is happening now.

Disconnect from the internet. Disconnect and isolate every device on your network. Fix or replace your home network (router) first. Fix your computers next, and then any other devices (e.g., phones, tablets, etc.) - do them last. Do not connect anything to the new network unless you are sure that it is malware-free. No exceptions!

To fix the computers and most devices, you should back them up first. Treat the backups like infected drives! Next, wipe the drives and replace the firmware with known good firmware from the manufacturer. Download the firmware using a known good network and internet connection. Have your friend write it to a CD ROM or other read-only device. Do not connect any of your devices to your friend's network. Reinstall the operating system from a known good source. Do not connect anything to the new network unless you are sure that it is malware-free. No exceptions!

-> I think you need a technically skilled friend to help you solve these issues.
-> In my opinion, your malware problems are too extensive and complex for someone to help you fix them through an internet forum.

Good luck!

 

[Keymaster88]

Welcome back!

Based on your descriptions (and your previous posts), there is not much you can do. All of your computers are infected with persistent malware, and your network (e.g., router) may also be infected. Based on what you wrote, it appears that the attackers have infected the firmware on your computers. This is how they reconnect even after you wipe a drive and reinstall the operating system from scratch.

Until you replace or fix those devices and learn how to prevent them from becoming reinfected, you are doomed to repeat the same problems over and over, which is what is happening now.

Disconnect from the internet. Disconnect and isolate every device on your network. Fix or replace your home network (router) first. Fix your computers next, and then any other devices (e.g., phones, tablets, etc.) - do them last. Do not connect anything to the new network unless you are sure that it is malware-free. No exceptions!

To fix the computers and most devices, you should back them up first. Treat the backups like infected drives! Next, wipe the drives and replace the firmware with known good firmware from the manufacturer. Download the firmware using a known good network and internet connection. Have your friend write it to a CD ROM or other read-only device. Do not connect any of your devices to your friend's network. Reinstall the operating system from a known good source. Do not connect anything to the new network unless you are sure that it is malware-free. No exceptions!

-> I think you need a technically skilled friend to help you solve these issues.
-> In my opinion, your malware problems are too extensive and complex for someone to help you fix them through an internet forum.

Good luck!

You are correct in your methodology, however, the issue is, I cannot setup my new firewall without a computer and the internet as well as Bluetooth (thumbs down on thar one ubiquity). I have limited means and this has cost me already 30k in equipment. The computers are not salvageable u less there is some way to refresh the cpu and the motherboards hidden memory. I have gotten a new phone on a new carrier and a new network with a new provider all in the same day. I will be on my third replacement for my galaxy note and already the second replacement for my new network. The rogue access points which are not on my network but are within range have been my demise. I've list my job over this and cannot even get my resume together. Whenever I try to log into Dropbox or Google drive I somehow cannot remember the password (I keep all my passwords hand-written in a notebook which goes literally everywhere I do and am carefully to shield it from cameras or the like) when trying to reset my password the two factor authentication is strangely set to a phone number or email I don't have access too. It is then a three day recovery for that account only to find another account taken over. I cannot get a job as I am a liability a d all of my skills are in technology which I now absolutely despise. I'm soon too lose my home and my car. I found physical devices which were wired up to the old satellite dish on my roof. Upon removing this device I saw chatter on my macbooks console which stated fall back device missing. I took this to the police who would not even write a report due to there not being forced entry. I guess I'm just out of luck. I'm definitely out of money and ideas and I am oh so very tired. I haven't slept in my bed in almost three months. Every night and day it is the same futile game in which I always end up losing.

 

[Keymaster88]

Sorry for the misspellings I am on a phone. I have at times found small joys in either the passwords I come up with, which most are incredibly derogatory to hackers specifically, just hoping that maybe their john password cracking buddy cracks it just so they know how I really feel, or in stalemate which lasts for just a short while. The stalemate is possible if acted quickly in MaC OS as well as windows. For MaC os I go straight to Directory Utility and delete all their aliases which assume the root role, and then all their individual users one by one. The next thing I do is delete the Keychain completely then encrypt the disk without using Keychain and immediately restart. Upon restarting I find most of the files they had taken ownership of to be unseated so I can then take ownership back for a short while. However I am not a computer science talent and they find the ways to get their permissions back. In MaC os they ha e me I. A rootless sandbox. Once they get superuser privileges I am once again at the .ercy of the apache server running the reverse proxy which conviently for them, allows they to run their Span Assassin alter egos all delightfully coming from my network where I cannot get to google.

 

[sphen]

I am sorry to hear that you are facing many personal issues right now. I can sense your worries and stress. It is a tough place to be.

You seem to believe that if you fix your technical issues with help from Linux.org, the problems will lessen.
-> In my opinion, your problems are too complex to be solved in a forum thread with help from the people at Linux.org. That's based on your own descriptions of what is happening.

My final suggestion to you is to find someone with whom you can open up and trust. Find someone local - a brother, your mother, a childhood friend that you've known all your life, someone like that. Share with them your personal situation - not just the technical hacking problems but also the job issues and your other concerns around home, car, etc. Center the discussion around your life balance. Ask for their help and advice. Figure out what is really important and what needs urgent attention. Work on a plan together. Set some realistic goals. Let go of the things that are too much or simply beyond your ability to manage. Focus on the things you CAN change.

That is easy for me to write, hard for you to do. I understand.

-> SUMMARY:
Find someone local that you can confide in and trust.

Linux.org is not the place to get the help you really need most. I responded today, but I am not that person either. Your technical issues are unlikely to be solved here.

 

[Keymaster88]

That was kind of you however I am confused, did I just get kicked out of this forum? Why wouldn't questions I have directly relating to linux be answered or solved? I get this feeling that a majority of people seem to know who I am or think they do and I don't know anyone or what is going on. I don't think my problems will lessen I think I will be able to live the life I had been. If I cannot get a computer to work that allows me to do a resume, my current situation, how am I supposed to do a anything? I'll delete my account sorry I bothered at all. What I gather is the people who oppose me are in this forum and don't want me here.

 

[f33dm3bits]

I'm newish to linux. I have recently and am still going through hacking issues. It seems that any linux distro I download and try to use has changes made to the GRUB bootloader or ISOLINUX which allows for another party to be able to log into my session, directly interact, as well as monitor and take all my data to do with whatever they like. On my MAC and windows PC this is done a bit differently but the same basic problem. I got an install of Kali Linux burned to a DVD and this dual boot feature is still there. This tells me the problem is in MY machines.

How did you come to the conclusion that you are hacked, can you share some evidence which makes you think that? From my understanding of how you describe it you install Linux distribution from an iso, then reboot and as soon as it connects to the internet your system gets taken over and this is is also happening to your Windows and Mac?

If what you say is true then it sounds more like the hacker either planted a backdoor the hardware of all your computers which gets activated as soon as your systems connect to the internet or they are in your router somehow. I'm not sure what to believe until I see some actual evidence since hackers normally don't spend their time annoying normal computer users unless they ransomeware your computer but companies better targets when it comes to ransomeware attacks since some companies will pay out big, but hack with the goal to use a hacked system to make money off of.

One off-topic question this topic sounds a lot like a few of the posts a user named Mikez77 made, is this your new/second account by any chance?

 

[sphen]

True, I assumed he was Mike77 back for another try. That assumption was based on the commonality of their two threads: multiple systems hacked, the persistence of the attackers after wiping drives and installing new OSs, the non-technical personal issues, and the fact that they both came to Linux.org.

Regardless, I stand by my belief that both of them need a local family member or friend; someone physically local to them. Not only for the technical issues.

 

[KGIII]

Let's just say that it's very unlikely to be the user you seem to think they are.

 

[sphen]

Okay, @Keymaster88 and Mike77 are different people with similar issues. Please accept my apologies for assuming otherwise.

My response in post #2 summarizes what @Keymaster88 must do to regain control of their network and systems. It must be done systematically, very cautiously, and absolutely correctly to prevent the attackers from regaining their foothold in Keymaster88's systems.

To do that work, Keymaster88 must have a clear understanding of how to verify that the network and hardware are free of malware and safe to reconnect. They must also have a clear understanding of how to configure and maintain the new network and hardware to prevent a recurrence of the intrusions and malware infections.

• First, make a plan. Be sure you understand how you will proceed and also how you will prevent a recurrence.
• Disconnect everything.
• Fix the network first. Be sure your firewall / router / and other network hardware are malware free.
• Clean each computer next, one by one. Based on your description, it appears that the computers are infected at the firmware level. This is very challenging to fix and verify.
• Do not attach anything to the new network, ever, unless you are 100% sure that it is malware free.
• Continue scanning for signs of reinfection.

I do not know how to accomplish this task without access to trusted, well-secured equipment, whether borrowed or not.

Based on your posts above, you need local, onsite, personal help. The people at Linux.org will do their best to welcome you and offer their advice, but they are not in the best position to help you to solve your problems - either personal and technical.

 

[rwkhaus]

I am having the some exact life destroying issues.
Please tell me SOMEONE here answered this mans question? Or is it just not an option to set Linux Kali and or tails that secure?

 

[Condobloke]

@rwkhaus, please open your own topic in the kali subforum.