Anyone using any kind of computing device should fully expect this. No computer, no matter whether it is Window$, a Mac or a Linux operating system is "invulnerable". Of course there are endless discussion threads about "Linux can't be hacked". I call total bullshit on this: Any operating system can be hacked even if it an old Honeywell 6600 mainframe using a KSR-33 teletype for input and a deck of 88-column punch cards deposited at the In-Out Window in the basement.
As systems become more sophisticated and complex -- Linux included -- the less likely that an effective and 100% capable defense system can block, redirect, spoof or otherwise reject an intrusion attack. Remember that the Feebs and the other scum who infest "government agencies" have unlimited resources. They will put millions of dollars into an attack capability even if the return on their investment is catching only one hapless pervert lurking in the basement. Unlimited Resources and thousands of man-hours is available to Them.
I am not suggesting that we go back to the abacus and slide rule, but even an air-gapped system is better than nothing. Air-gapped systems are also vulnerable to insider attack and the usual Feeb Black Bag illegal entry methods for which the Feebs have been famous for over the past 80 years.
Tread very lightly, always be paranoid, never be over-confident that you are "safe". You are not and never will be.
Linux user since 1997. Linux is way more secure by design against many threat vectors. But none of those design points matter in the least when it comes to securing your modern computer against unwanted surveillance by agencies with three letters.
https://en.wikipedia.org/wiki/Intel_Management_Engine
If the mobo has power then the IME (or similar) executing at the firmware level has direct access to the contents of memory and devices at a level below whatever OS is running. That's game over for any device that goes online.
Anyone concerned about device security should have, at minimum, an active and secure firewall router on their home network. I'm not even sure that, however, could stop all leakage paths if lower-level protocols such as ICMP or BGP are employed as surveillance conduits.
Your best bet for real security at this time is to deviate from the common path. A Raspberry Pi makes a great general-purpose machine for most uses and so far is off the radar of hardware compromises.
Or build your own. :). It's not hard to get a CP/M machine going these days and there's a wealth of software and languages for it. Half joke, but the point is trust nothing you do not completely control all the way down to bedrock.
eh it's not that linux can't be hacked, it's that microsoft has backdoors that are 100x easier to exploit.
Yes, that's true, especially when the scripts are open and available for scrutiny. However, and I tread lightly here, some people who use the "user-friendly" versions of Linux are barely above Window$ users in familiarity with the OS. I still caution against trusting any operating system.
Back in the day I was the lead analyst-programmer for a military Tiger Team that went through a whole bunch of military systems ranging from that old Honeywell to a variety of "microcomputers such as the PDP-8 series. Certainly times and technology have both changed, but the philosophy is the same -- spoof the users, obfuscate then do damage.
Safety is the trap they want you to seek, so you won't be bold.
(post is archived)