I think that I have been hacked

User Support Help, I think I've been hacked
1

Hi.
I have open this topic because i need help. I think that i have been hacked. And the reason is that there is a password in Sys-net ( in my system is called sys-ethernet) and It has been changed. I tried to conect to internet and I could not do it because the system did not accept the usual password. I installed it several months ago and i have been using this password several times without problems until yesterday, when suddenly it did not work.
Before my questions, I would like to explain where the o.s. is installed

System.
I installed qubes 4.2.1 in an usb pendrive of 256gb.
It works trough an Acer aspire 5 with 32gb of ram.
I use a netgear nighthawk m1100 router and I conect it to the computer with a usb hub with an ethernet connection. The wifi in this router is disconnected. But it worked before when i used it in a different configuration with different devices.

I do not know how the attack was done. But i consider different options:
1.someone had access to my computer / usb, and through a brute force attack they hacked the decryption phrase and the password system. To after that change the sys-ethernet password. I do not have neither an easy password nor an easy decryption phrase. But everything is possible.

  1. I downloaded some malware program by mistake. I do not think so because besides balena etcher and a couple of tools, i have not download anything weird and when i download anything i use a fully volatile qube and the tools are installed on a qube without connection to sys-firewall.But as i said everything is possible.
  2. I infected the system, uploading a file from a pendrive. When i transfer files from / to a qube. I always do it from a fully volatile qube to a qube without ethernet connection. So technically none of them have acces to sys-ethernet.
  3. The attack came from the netgear router.as i said the router wifi is not connected but it was connected when i used it in a different configuration with different devices.

Questions:

  1. How bad can the damage be? My sys-ethernet has a vpn in it.so i do not know if the hacker had access to what i did online.
  2. If the attack was from the router how far could the attacker go? He/she could go beyond the firewall?
  3. Could the hacker had access to the whole system if it was uploaded from an usb to a qube without connection to sys-ethernet
  4. As i use a pendrive connected to a computer based on windows. Could a malware jump from windows to qubes? This question sounds quite silly but i would like to ask it. I am not an expert.

Regards

2

What password do you mean? Where do you enter it?

3

Hi.
I have a vpn installed in Sys-ethernet ( the clone i made of sys-net)And when the sys-ethernet gets connected for the first time when you start qubes. It asks for a password to activate the vpn. I use surfshark vpn and i had to config it in the sys-ethernet.

4

So it’s a password to your VPN service? Then it could be just changed by your VPN service provider, check it there.

5

20240819_213308
20240819_2133081920×1440 493 KB

Hi.
I have added a picture of the password required. It is not the vpn provider password. It is the keyring password. I had to set it up when i cloned the sys-net and i added the vpn. For that reason i talk about a hacking attack. Because it is something that i set it up, and it has been working without problems for weeks,but suddenly the usual password was not accepted. And i do not think i changed by accident, basically because i do not know the way to change it.

6

No idea why your GNOME keyring password changed.
Maybe you just have wrong Caps Lock/Num Lock/keyboard layout state when you type the password?

7

No.I tried it several times. And i checked it with the password without being hidden by dots. I was attacked, and for that reason i asked those questions.