Frozen/hidden tabs in tor browser -- hacked?

User Support
1

Continuing the discussion from "They managed to hack the AppVM Whonix-gw-15 on one of my secure Qubes install":

The purpose of posting this thread is not to provide any technical security breach evidence, but simply to warn that nation-state actors can hack Qubes OS easily. As Qubes OS is famed as the most secure OS in the market, this is a bit worrisome.

On March 22, after posting 2 Tweet replies, saying that Russia will lose the war in Ukraine, my Qubes OS (4.0) got hacked (recorded video) when browsing Twitter with Disposable: Whonix-ws. The culprits are purportedly Russia and Vietnam state-backed hackers as I discovered a dirty cooperative disinformation campaign between Russia & Vietnam against some countries back in 2019 and reporting their wrongdoings to relevant countries, which caused a certain damage to these 2 countries. Therefore, they’ve followed me ever since.

Tabs on disposable Whonix-ws Tor were suddenly broken. Clicking on Opening new tab button, there was no tab shown up. When closing disposable Whonix-ws Tor window, the notification wrote that there were many tabs being about to close. Please watch the video to understand it. This happened to me not just once, but many times within a month after switching from Windows to Qubes OS. Besides this, mouse click also got problem, i.e. one click became double-click and left mouse sometimes got the functionality of right mouse and vice versa. Furthermore, Wifi connection was often off when posting something negative about Russia.

This is not surprising as I have been cyber-spied on by Russia & Vietnam almost 24/7 for several years. Even going to internet shops in hope of evading their cyber-espionage, I still get cyber-spied on. I’m not sure how they can detect me in various internet shops, but I suspect it might have something to do with machine learning.

Other examples before I was using Qubes OS

Some recorded video:

www[dot]youtube[dot]com/watch?v=a9hmzaayxoY&list=PLF89Idwk0YuwwrFkZO6WGt7b26MxpITBx&index=4&ab_channel=onlcenjik

www[dot]youtube[dot]com/watch?v=-clAsTvbPIU&ab_channel=onlcenjik

www[dot]youtube[dot]com/watch?v=5m6gID5W63g&ab_channel=onlcenjik

In January, when being about to post a comment with a particular content on my old blog, which describes Russian and Vietnamese cooperative disinformation campaign against some countries in 2019, disk usage of my PC suddenly jumped to 100% and got frozen temporarily. After posting the comment and pressing F5 to refresh page, it disappeared unexplainably, whereas after altering its content and posting, the altered comment still appeared normally. The blog isn’t hacked and controlled by other people. I simply forget its password. It appears vivid that someone/some people were watching what I was doing on my PC and trying to stop it.Some recorded videos:

www[dot]youtube[dot]com/watch?v=vQ2e7emEUt0&ab_channel=onlcenjik

www[dot]youtube[dot]com/watch?v=IWNCvrwKq04&list=PLF89Idwk0YuyQ988sITmfGlV4GoNGDqub&index=2&ab_channel=onlcenjik

www[dot]youtube[dot]com/watch?v=PuVH3Ukb3no&list=PLF89Idwk0YuyQ988sITmfGlV4GoNGDqub&index=3&ab_channel=onlcenjik

Since Qubes OS is quite complicated to use but doesn’t provide the security as expected, I have switched to a more user-friendly OS, Kali Linux. Of course, it still gets hacked. It seems to be impossible to escape Russian and Vietnamese cyber-espionage, if they are determined to follow their targets. I suspect that Edward Snowden might have his laptop hacked and cyber-spied on for a long time by nation-state actors without realizing it, since he uses Qubes OS.

PS: I’m a new user, so I’m not allowed to post more than 2 links.

2

On March 22, while using disposable: Whonix-ws-15-dvm tor to browse Twitter, my Qubes OS got hacked. This happened right after I had posted 2 Tweets replies, writing that Russia will lose Ukraine war. The perpetrators are purportedly Russia’s and Vietnam’s state-backed hackers because, back in 2019, I discovered a Russian & Vietnamese cooperative disinformation campaign against some countries, two of which are Turkey and Japan, and then reported to relevant countries. That caused a certain damage to Russia and Vietnam and they have cyber-spied on me ever since. Even going to internet cafe shops in hope of evading their cyber-espionage, computers that I sit at still get cyber-spied on. How they can detect me in various internet shops is unknown, but it might be related to machine learning.

As Qubes OS is relatively difficult to use and doesn’t provide the security as expected, I have switched to Kali Linux. Of course, Kali Linux has still got hacked. Therefore, I suspect that Edward Snowden might have his Qubes OS hacked and cyber-spied on without realizing it.

3

You should not create several topics with the same story. I merged your two topics into one.

2 Likes
4

Pardon me if this sounds insensitive, but there is a massive jump in logic with no supporting information to reach your conclusions of A) that your system has been hacked, B) who did it, and C) why they did it.

That said, I looked at one of your videos.

I see three startling issues to begin with:

  1. Systems Updates Available
  2. Fedora 32 template is being used. Fedora 34 is the supported version for R4.0.
  3. Whonix 15 template is being used. Whonix 16 is supported for R4.0 (but only through 2022-04-20). R4.1 must be used afterwards with Whonix 16.

If anyone is going to claim something has been hacked, they need to first be using currently-supported software. The presence of system updates available and the templates in use shows the system has not been kept up-to-date.

In addition to that, Tor Browser also shows the indicator that an update is available.

The lack of maintenance on your part precludes spending any effort to evaluate any of the claims you’ve made.

See:

2 Likes
5

Sorry, creating 2 threads of the same topic is because my 1st thread was removed by spam filter with notification that I am allowed to add only 2 links. So I created the 2nd thread with only 1 link, but it’s still marked as spam and removed. I don’t know why

6

I use version R4.0 is b/c my laptop (HP Elitebook 840 G2) is only compatible to this version according to Qubes os Hardware compatibility list. So, I don’t update it to R4.1.

Whonix 15 template is being used, but it’s still supported on the day that I recorded the video (March 22 2022).

7

Hi. I’ve watched the video. I’ll only comment about the parts relating to Qubes, but here are my two cents. Two cents:

  1. it was probably a bug and not a hack
  2. even if whonix-ws-dvm gets hacked it’s OK! Qubes does not claim protection within individual VMs
  3. No system can protect you if you don’t update it

#1 it was probably a bug and not a hack

I’ve seen this one before. It’s unfortunate that the system isn’t 100% free of bugs. If that were the case, any deviation from expected behavior would obviously be an attempted hack.

I can’t find the issue page, but this is a known bug. Basically you must have clicked some video or something that made the browser become fullscreen but Qubes did not make it full screen. To fix this you should click F11.

#2 Qubes is still protecting you

Even if it were to be hack, it Qubes would still be doing it’s job by protecting your other qubes. Qubes makes no claims of in-vm protections.

They actually assume an OS like Linux and Browsers is guaranteed have a large number of security vulnerabilities due to large attack surface and complexity.

For example, from the Qubes FAQ:

For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk

And you’re using a disposable qube. All you have to do is to close it and open a new one (assuming that was an anonymous session and you had not logged in to any service – if you had, you would need to assume those accounts having been possibly compromised)

3. Keep the system up to date

With pending updates, there is no system that can secure. Once a security update is out, it’s a race for attackers to use those known flaws to exploit your system…

To fix this, always keep the system up to date:

  • Fixing Pending System Updates 1. - When the system has updates available, run them at the very least once a day in your situation. This is done via the Qubes Update tool

  • Fixing Outdate Templates (2. and 3.) - this may not be entirely your fault. Qubes sometimes ship with outdated templates. This is because it’s has its own release schedule. See this for more info. The solution is to keep an eye out on the Qubes news section for posts like this or this or better yet, subscribe with your email to the qubes-announce newsletter, where you’ll be directly informed of these end-of-life notices

  • Tor Browser updates (4.) - You have to use the Tor Browser Downloader application when you see an update and not update via the internal “update available” notification within Tor browser.

    The fact that it needs an external application (in whonix) or updates via itself is is a really really sad usability issue. A long issue the Tor Browser developers have failed to address.

Final comments

The “being complicated” is an issue everyone here is aware of and is something being worked on, for example via the upcoming application menu and an intergrated onboarding-tutorial, I’m working on as well as other community initiatives. It’s understandable if the burden of Qubes is too big for your workflow or consumes too much time.

However, the issue you’ve demonstrated is not a breach of Qubes

9 Likes
8

@steve123 I have edited your post to move the details and video references from your alleged previous hacks into an expandable section. This is to keep the discussion focused on Qubes OS only. Users can still expand it to see it.

9

@deeplow Thanks for your detailed response above. I’ll keep it in mind.

Could you change the first link marked as 1 in this screenshot to this link www[dot]youtube[dot]com/watch?v=a9hmzaayxoY&list=PLF89Idwk0YuwwrFkZO6WGt7b26MxpITBx&index=4&ab_channel=onlcenjik ? it’s because the links marked as 1 and 2 in the screenshot are the same video.

1 Like
10

By “hacked” do you mean that your speaker is malfunctioning? Please clarify why you believe someone has hacked you

11

@user128 how do you explain when a speaker working normally on one site (Youtube) and malfunctioning on a different site (Wall Street Journal), and tabs on PulseAudio Volume Control doesn’t change when clicking on them ?

12

That seems like a pretty huge leap in logic to assume that has anything to do with your computer getting hacked. There are any number of way more likely reasons for why this might be happening, malfunctioning drivers, hardware issues, pulse audio glitches. Even if your device was actually hacked there is a million more productive things they would be doing on your device rather than break the audio on the wall street journal website. Even as a non-technical user if I had hacked into your computer it would be trivial to cause much more severe issues than an audio bug. In fact I’d do my very best to prevent causing you issues and alerting you in any way that I had gained access. Audio commons are pretty common on linux I had a bunch of audio issues on my first ubuntu install that was fixed by installing proprietary drivers. All software will have bugs and glitches If you take a look through PulseAudio / pulseaudio · GitLab you will see they currently have 854 open issues.

I should also note that Kali is NOT a defensive security oriented distro, it’s an offensive pentesting oriented distro. It’s primary use is for offense, not defense. Even if you want a pentest distro you would be better off going with parrotOS which also comes with some useful defensive tools and various other useful day to day programs like onionshare and libre office

I’ve had mouse glitches many times in the past, it’s usually either a symptom of dust getting inside it or the mouse being worn out physically. in most cases taking the mouse apart and cleaning any dust or dirt fixes it.

2 Likes
13

@user128

One day earlier, the speaker on my laptop still worked normally on Wall Street Journal.

But I already know that I’ve been cyber-spied on for several years (since 2016) starting in the early 2019, therefore hackers who have cyber-spied on me no longer try to conceal their cyber-espionage against me. Here is video I made back in 2019 recording various occasions that took place on my PC unexplainably. Its title is is a bit misleading as Vietnamese Google staffs only aid hackers to cyber-spy on me and aid state-sponsored troll brigade’s activities on Youtube, rather than directly involving in hacking me. Even after learning that I have gotten cyber-spied on, I can’t do anything to evade it. The hackers who have cyber-spied on me just want to make sure that I won’t do anything dangerous to Vietnam and Russia, and won’t popularize my knowledge about Russia’s and Vietnam’s activities on a certain area, which I won’t write down here, and make my life filled with annoyances, rather than trying to steal personal data from me. Their Intelligence Agencies already know everything about me after several years cyber-watching me. Back in April 2019, they even sent people to stay in the same hostel dorm room with me for over a month before I ran away. They know that I know that they cyber-spy on me, but cannot escape it. So there’s no need for them to hide it from me.

14

Have you made any changes to your laptops software or hardware between when it was working and when it stopped working?

From skimming the video all the issues I read were all minor things that are not exactly uncommon. Navigation apps have to calibrate
At 2:46 You can even see the icon at the very right of the url bar indicating that the page has been zoomed in by 10%, probably from you hitting CTRL- on accident

off-topic

Most Big Tech services are inherently hostile towards privacy I’ve had a good 10-20 various google accounts blocked or banned because I don’t provide any personal details and connect over vpn or Tor. They likely assume it’s bot activity and its easier for them to just ban anyone they deem suspicious since they can’t milk any of your personal information from you anyway and thus have no incentive to keep you around.

Big Tech censoring comments is not anything new and completely unrelated to hacking. Even swear words will make your comments not show up on certain channels and I’m guessing it’s the same for any number of reasons why you might get caught in some filter. Especially if you are telling people to go watch your channel they will get caught by anti-spam filters

Syntax errors like in the JSON file is not exactly uncommon. A refresh would obviously never fix that since the issue is the contents of the file itself

Youtube has long had terrible/inconsistent GUI and ghost comments. No reason to suspect hackers

All of these things are WAY more likely to be caused by hardware/software issues than any hacking. I dont know enough about it to comment intelligently on it, perhaps someone else can help, but back when I used windows it’s not at all uncommon to have minor bugs and glitches with various types of software. Considering how much you use computers you are almost guaranteed to run into some bugs and glitches at some point, to immediately assume that the cause is hacking is unjustified. Even though I hate these companies not everything that happens is a product of them being malicious. Many of these things you mention happens to all of us all the time, especially those of us with security settings on max stuff is bound to break.

1 Like
15

The proper way to go about this would be to first provide the evidence, understand what happened and then have a conversation about what it means. What you do is making an assertion “nation-state actors can hack Qubes OS easily” without anything backing it up.

That’s why I struggle to take any of this seriously. Maybe you are a nation-state target, maybe you are just intensely paranoid and/or have little understanding of technology, …

… maybe you just want attention. I strongly recommend you to dial down the assertions and start backing up with data if you want to be taken seriously.

5 Likes
16

@Sven Ok, thanks for the response. I’m an anonymous user. There’s no benefit to get attention. You’re right, I should provide data to be taken seriously.

3 Likes
17

@user128

I installed mvt android forensic toolkit.

off-topic

Youtube is known to cooperate with Vietnam to censor contents in industrial scale. I don’t live in the country, but still get affected. Problem is my youtube comments as shown in the video aren’t politics-related, however they still get removed.

Software and hardware issues can make the URL to switch constantly as in the end of the video ?

18

Moderator notice: edited some posts to hide by default discussions on big-tech and their morals. Let’s keep the discussion focused on Qubes OS and the issue at hand.

2 Likes
19

You should also consider that maybe you are not communicating with Youtube at all. Maybe you were directed by DNS cache poisoning to a different server simulating Youtube, and this server could be set up such that it simulates Youtube as well as create the effects you observe - and in the background manipulate your browser in order to attack you. In Qubes, these manipulations should evaporate as soon as you shut down the AppVM running the browser (as long as you don’t connect the TemplateVM to any network).

2 Likes
20

@GWeck Thanks. I also think that there’s external influence, but just don’t know what it is. I contacted a couple of cyber forensic and investigation companies in the country that I’m staying in. However, they said they only help corporations and government agencies, rather than individuals.