The more one learns about Linux, the more I suspect one can comprise Linux via a combination of Trojan horse methods. The trick is initially penetrating one’s system, and then hacking further.
A couple weeks ago, someone was successful in hacking my 83-year old mother’s password on Facebook via a phishing attack. They did this by sending her an email with a note that there was a post for her on facebook, with a Link for her to sign in. Even though I hold told her to always ignore such emails, she clicked on the link, and was taken to a page that looked like the facebook log in page and asked for her username and password for facebook. She entered it, and they then had:
- her ip address
- her facebook user name
- her facebook password
Her friends started complaining about Facebook posts from her, and Facebook eventually discovered her account had been hacked, and suspended it, forcing her to reopen with some special questions.
But I was then immediately worried that her Linux PC could have been hacked because they had her “ip address”. Turns out she used the same password on facebook as she did on her PC (a mistake). Fortunately her user name was different, although not that different. It was possible a clever bot could have guessed her PC user name, based on her facebook user name.
Hence a bot could have hacked into her PC via ssh with that information.
I immediately got paranoid as soon as I heard of this, and I logged into her PC in Canada from here in Europe (via ssh/vnc) and checked her logs and such for suspicious activity. I also changed her passwords. I also had her change her HotMail password.
What concerned me was someone could put a clever batch file called “passwd” under /home/mothercpu/bin such that any command to change the “passwd” for root or for a regular user would be intercepted as soon as “passwd” was run. The batch file could then clean itself up and further launch a root kit, with root permissions. And her Linux PC would then be totally compromised, with a re-install being necessary to repair.
Now thats a rather obvious hack, but IMHO it could succeed in compromising the PC of an 83-year old grandmother, where with me in a different continent would mean it is very difficult for me to help.
Fortunately I found no nefarious activities, … but it did give me pause for thought.