A post was merged into an existing topic: What’s Needed to Report Your System Getting Hacked?
My disposable Whonix-ws got hacked as well. The version of Qubes OS is 4.0 running on a HP laptop. I have tried to post a thread in discussion category about it, but always gets marked as spam and removed by spam filter. I recorded the video of my Qubes OS getting hacked. You can find it by typing down its tittle on Youtube search as “Qubes OS 4.0 got hacked by Russia and Vietnam (disposable: Whonix-ws)”.
Did you report the incident as detailed by @unman above? Unfortunately talk is cheap, and so is the creation of youtube and discourse accounts. As both of your accounts are brand new, I’m surprised this post made it past the same spam filter… Assuming your account of the hack is true, please follow the advice above and report it directly to the Qubes team in as much, costly to you, detail as possible.
As far as it looks to me, Qubes didn’t get hacked. Tor Browser did and maybe the Whonix VM. Qubes can do nothing to prevent that. The point of Qubes is compartmentalization. So if one of your VMs gets compromised, the rest is still safe.
Also it will be hard to know whats going on from a vague video with no technical details. Also make sure you’re always using the latest Tor Browser version. Security issues in Firefox get patched frequently, recently also those known to be already actively exploited.
2 Likes
here’s the link Qubes OS 4.0 got hacked by Russia and Vietnam (disposable: Whonix-ws) on March 22 2022 - YouTube
I don’t use audio, what i can tell from the video, there’s only 3 tabs there, but when closing the browser, there’s a pop up telling more than 3 tab to close.
Please do not report this to the team - there’s nothing actionable
here.
You might consider reporting it to the folks at Whonix, but I don’t see
anything in that video to interest Qubes.
First, because it isn’t clear that it’s a hack on Qubes - there’s nothing
to suggest a compromise on the qube, and absolutely nothing to suggest
a compromise on Qubes itself.
Second, because there’s no effort to identify what’s going on. Just
clicking about within a single window is of no use in the context of
Qubes. At a minimum I would have liked to see what was happening at
process level in that qube, in sys-usb (if there was one), (in other
qubes), and in dom0.
Third, because there’s no context - what does the complete recording
show?
Finally, because there’s no evidence of anything malicious - literally
none. I have seen missing and hidden tabs in browsers in Qubes and
outwith Qubes. The effect is more common in Qubes, but I put this down
to resource allocation.
If you seriously want to investigate this, I’d be happy to work with you
to do so. PM me. i
If there’s anything here worth following up, we could then take it
further, and report back in the Forum. But it will take effort on your
part - far more than posting a youtube clip.
To make it clear. I have looked at numerous reports of hacked machines
and hacked Qubes. In almost every case there is an explanation (sometimes
simple) for what has been observed, and NO evidence of malicious
activity.
In some cases there is evidence of malicious activity, but it takes some
effort to identify this. The level of effort depends on the ability of
the attackers.
When I comment in the Forum or in the mailing lists I speak for myself.
4 Likes
@unman Thank you. I have switched to Kali Linux as Qubes doesn’t seem to provide the security level that I expect and relatively difficult to use. After switching to Kali, the OS still gets hacked. I’m a bit tired of this.
It should be added that when still using Qubes, my left mouse-click often got the functionality of right mouse click and vice versa, plus one left mouse-click became double mouse-click.
Looks like a bug. You could create a separate topic and the Community would help you to debug it.
1 Like
4 posts were merged into an existing topic: My Qubes OS got hacked on March 22 purportedly by Russia and Vietnam