So, as far as the attack I would be hit with, the Windows install on this harddrive had at times connected using a Cisco VPN software to my work VPN for my job, and we had a problem for years that was beyond my skill to diagnose but could be reasonably explained by a state level actor doing surveillance on us using something like the “jellyfish rootkit” research paper I found online a few years ago, where essentially they construct a virus that lives in VRAM or whatever. As I said it was beyond my skill to diagnose, and the IT people said it was caused by sunspots and did not take my complaints seriously.
But in my case, after I connected a home machine to this work VPN and then started having the same “hardware issues” on the home machine that we had in the office, despite the office machines being linux and my home machine running Windows at the time, I was left with this sense that we’re being hacked by somebody more sophisticated than us and nobody takes it seriously and I can’t even prove it’s there, so as a result everything sucks and I just became increasingly paranoid throughout time.
That malware, whatever it was and if it existed and if I wasn’t just imagining it, might have also been on this Windows hard drive that I used on the Librem 14. I like to forget… because the people from work who say hardware issues are caused by sunspots and I imagined it all… offer a very convenient explanation.
So, the upside is that I am most likely not the primary target of that pseudo imaginary threat. They may be extremely sophisticated and may be blanket hacking everything I own because I’m still working at this financial company, or they may not. I suppose when I boot Windows from that USB drive on the Librem 14, and then remove the drive and boot PureOS again and enter my LUKS credentials as though nothing changed, it’s like taking the blue pill to live in the Matrix and believing “they” don’t exist at all.
I had covid19 for the first time and I wanted to play a video game with my friend who gave me the covid19, so I was sick and trying to play a game and the Windows laptop was sucking so I ripped out its hard drive and put it in a USB. I knew this would work because my silly open source OpenGL game that I’ve been making which runs on both Windows and Linux was seeing ludicruous better high performance rendering spewing out from the integrated graphics of the Librem 14 than from my other older windows device. So I thought if I could just boot the Windows but on the hardware of the Librem 14, I could join my friend in the game but with the perfect framerate.
However when I actually had it going, Windows 10 was unable to automatically load the Intel integrated graphics drivers on the Librem 14. For some reason that did not work, even though that other older windows laptop was also an Intel x86_64 machine that also has nothing but integrated graphics.
So I downloaded some drivers from intel.com with some very concerning tool that seemingly embedded itself into the default web browser in what seemed to me to be an extremely insecure way (it created a driver install button in the browser instead of downloading an installer, suggesting maybe other sites or web clicks could triggers installs… instead of using the standard browser file download process).
Then after this sketchy process from intel.com did whatever it wanted to do, and identified the hardware as Purism Librem 14, it installed Intel drivers that actually worked and I was indeed able to get a perfect framerate and play the video game with my friend.
Does needing to go to the official intel website for drivers, or the pseudo imaginary jellyfish rootkit, change any of your guys’ suggestions in this case? Obviously the pseudo imaginary malware was capable of hopping from linux to windows just from getting on the same VPN, so if it really exists it was probably already on my Librem 14 since when I got it anyway, but I like to simply believe it doesn’t exist and our tech today is so stupidly complicated that proving the negative – that magic spyware doesn’t exist – is effectively impossible. So I just want to do the best I can do. I haven’t been back on the Librem 14 since thinking about this stuff more and creating this topic (atm posting from my Librem 5).
And I think it sounds like I have a solid plan. I can probably scp out some files from the “assumed tainted” configuration, then look up online how to reflash coreboot, do that, and probably also reinstall PureOS.
And hopefully that is enough? On the upside, the threat actor described above would not want to reveal themselves to a tangential non-target like me, so whether they are present or not I assume they would remain in hiding and I would never know for certain if they even existed at all.
If we want a name for the malware, other than the hardware monitor issues it caused, maybe we could name it “WarPewMuch.” About one year into being affected by it, when I wanted to convince myself the freaking thing existed and wasn’t sunspots or whatever, I wrote a recursive search script on the hard drive of my most obviously affected computer to look for any file whose “last modified” date matched the time when it first jumped from the work VPN to my home PC. Coincident with the time I was looking for, there was a Microsoft OneDrive automatic update log indicating that it downloaded a file called “WarPewMuch” automatically. This was not a file in my personal OneDrive storage, but rather the name of new executable stuff supposedly from Microsoft that it downloaded to update itself.
Some page online links to a twitter post that claims “WarPewMuch” is a legitimate Microsoft name used for their legitimate upgrade, if you want to take the blue pill. But I don’t have a twitter account, so I can’t read that thread anyway. If I were the WarPewMuch virus, I would post on twitter saying I was legit, too.
Anyway all of that happened years ago. Would “WarPewMuch” remain operational in secret on a drive for like five years?