Initially I titled this «My laptop was hacked» but because the way they got in was by guessing a password, so it’s difficult to consider this a hack. Furthermore, what they did was pretty standard stuff, so although they technically broke into my laptop, I feel more like I invited them, they had a couple of beers and left. Either way, it was a back-to-basics experience for me and I want to share it with you.
When a process goes crazy to a point that I can no longer open a terminal for further analysis, I am really glad that I have permanent real-time resource monitors on my screen. This has been a valuable tool multiple times at least to understand what is happening just by peeking and take quicker and better action than if I hadn’t. This screenshot is from Xfce 4.14:
Today was one of those days. Not that the computer was slow, but worse: the CPU monitor was showing this:
Two out of four CPU virtual cores were being used to their maximum capacity but the other monitors were fine. I had not left anything running through the night so it was possible that my computer was hacked. But… how?! Follow the story step-by-step so you can follow my train of thought and learn from my mistakes.
I immediately ran top to find out more and I found process 311250, called kswapd0, using 200% CPU.