I just came across the biggest Linux network exploit in recent history in the most painful way. This is most probably is a backdoor put in place by corrupt software developers to serve the interests of globalist mafia and I assume this is also probably known to intelligence agencies.
The adversary had access to my private LAN for about 30 minutes. During this time I was physically disconnected from the internet so this was obviously a LAN exploit.
My router was running OpenWrt 23.05. All my LAN devices were Linux devices, with Ubuntu 22.04 running on my laptop and on a Raspberry Pi, Home Assistant running on another Raspberry Pi.
After the attack the entire network was down.
This couldn’t have been my fault or negligence because:
- all my devices were protected with very strong passwords and SSH authentication rate limiting. My router password was 44 characters long (totally random mix of small case and upper case letters, numbers and special characters);
- I had DNS over TLS set up on my router for the entire network, using Cloudflare DNS servers with outgoing transparent DNS blocked;
- I stay away from all promiscuous software and websites;
- I keep automatic updates disabled for all my devices (even Snap udates disabled on Ubuntu) and I did not install any software or updates in the last 2 or 3 months;
- I had apt-transport-https package installed on all Ubuntu devices as an extra security measure;
- I do not use WiFi, I keep it disabled;
- I have checked the network and all devices just before the hit and everything was working perfectly.
While I kept the network offline after the hit, the problem was persistent even after replacing the router, indicating that the security of the other Linux devices was possibly compromised as well.
Just to know what to expect if you decide to investigate this: my ISP is also targeting me now, either directly or they are cooperating with the adversary.
I am totally devastated.
If anyone is willing to investigate I will send encrypted system images from OpenWrt and Ubuntu. However, I will not make these files publicly available as I prefer not to share them with the adversary.
As for the question regarding who the adversary might be, unfortunately it appears to have been my employer. I am an Architect and this is not the first unfair company I have worked for, although they all have a good reputation and I don’t want to face charges for ruining it.
Thank you!