Intrusion prevention

Harry_Sahlberg · December 30, 2024, 2:50pm

Which Linux distro are you using? Mint

Which release version?
(if rolling release without a release version, skip this question)

(If rolling release, last date updated?)

Which kernel are you using?

Which BIOS version are you using? 1.42

Which Framework Laptop 13 model are you using? (AMD Ryzen™ 7040 Series, Intel® Core™ Ultra Series 1, 13th Gen Intel® Core™ , 12th Gen Intel® Core™, 11th Gen Intel® Core™)

Hi !

i ve been hacked several times while using an Acer aspire switch and a Lenovo x 240 laptops, while the bluetooth and NIC were disabled in the bios.

So, i removed the above mentioned cards , but that did not helped.

I have also removed all drivers related with networking, bluetooth,

WAN, and LAN, … even the loopbak

The hacker is still able to access the laptops and delete files…

while in standalone mode. (OS= windows 10 and Linux Mint 21 )

No modems are installed .

Will the Framework computer be able to solve this issue,

if the NIC / bluetooth /modem is not connected to it ?

i ll appreciate an answer.

John_D_Oganoth · December 30, 2024, 3:21pm

if your windows version or mint version is not infected, yes it’ll prevent a hacker to use them

Juan_Shihfu · December 30, 2024, 3:34pm

You may need to improve the common sense for the cyber security.

If you can’t, your way is Mac + Lockdown Mode

Morgwai · December 31, 2024, 12:02am

Hardware-wise Framework is generally a normal PC computer: in terms of security not significantly better nor significantly worse than other brands as it is bound by the same x86_64 specs (for now at least: RISC-V may change things).

If you indeed physically removed all communication devices from your previous laptops and strange things (files disappearing) were still happening it most probably means 1 of 3 things:

You were hacked “physically”, ie someone with physical access to your laptop deleted your files.
A bug in some software that you are using unintentionally caused your files to be deleted.
Some malware was installed before you removed/disabled communication devices and it now periodically deletes random files (for example most recently accessed ones).

Neither Framework nor any other hardware will be able to help much in either of these cases: it’s a software or physical security matter.

Hope this helps

James3 · December 31, 2024, 2:29am

Is the OP a spam question?

Morgwai · December 31, 2024, 2:57am

what makes you think so? seems to me like an honest question from a non-technical person who experiences files disappearing under strange circumstances. Additionally basic technical info was provided and nothing is being advertised.

suliblian · January 2, 2025, 12:58pm

One more: failing hardware could make files vanish.

A FW would not help here, it only has a switch to detect whether the body was opened.

In any case: Backups!
If you really suspect a hacker, use a strategy where it’s not your laptop that does write the backups. A hacker could mess with them, too, then.

Eg., another PC reads your SSD and writes the backups, it has no write access on the laptop, and it cannot be actively written to from it. For good measure it has no internet access.

Or regulary boot from a live CD (cannot be changed by a hacker) to write the backups. rsync comes with probably every Linux distro. Tedious, but better than data loss.

Be aware that compromised content can linger in the backups!

Still I wonder how, after all physical access was removed, a remote hacker would be the culprit. More likely someone around you knows your passphrase or the encryption has been faulty or very weak.