The Hacked Chromebook - Unable to Ask for Support Regarding an Unusual HID Device Log Entry
support.google.com/chromebook keeps preventing me from publishing a question about unusual HID device log entries with the message "You have exceeded the maximum posting rate. Please try again later."
I have experienced persistent targeted hacking for over four years. Although I tried a Chromebook back in 2019-2020, I believe it was hacked as well. but I decided to give it another try, so last month I purchased a new ASUS Chromebook. I am sad to say that I have experienced many problems from the get-go.
To be honest, I believe the machine was hacked soon after I powered it on, because, since the first day, the Diagnostics Memory test fails(this utility is included in the operating system). Also, I’ve had a myriad of connectivity problems, and just yesterday, I began to have problems with my USB-wired mouse.
This problem motivated me to dig into the logs I have been saving since I first got the machine, and after I discovered unusual log entries, I wanted to ask the support.google.com/chromebook community about these, but I was disabled from posting my questions. So I was inspired to share my investigation through this post.
Let me begin by sharing that the experience of being persistently hacked has made me more curious about how the technology I use works, and as soon as I get a new device, I begin to collect logs. And so I did with this ASUS Chromebook.
The log that I talk about can be accessed from any Chrome by entering the URL chrome://device-log/ in the browser’s address bar.
This is a sample of the unusual type of log entry I began to observe:
HID User 2023-05-22 10:53:53.670602 hid_service.cc 140 HID device detected: vendorId=7247, productId=52, name='SIGMACHIP Usb Mouse', serial='', deviceIds=['/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0001/hidraw/hidraw0'], reportDescriptor='BQEJAqEBCQGhAAUJGQEpAxUAJQGVA3UBgQKVAXUFgQEFAQkwCTEJOBWBJX91CJUDgQbAwA=='
But before I continue, I need to step back.
As I mentioned before, I use a wired USB Mouse with this machine, and up until two days ago, the Device Log showed the devices related entries as:
USB User 2023-05-05 18:54:54.946856 usb_service_linux.cc 294 USB device added: path=/dev/bus/usb/001/004 vendor=7247 "SIGMACHIP", product=52 "Usb Mouse", serial="", guid=19c4c68e-c64a-4648-a5da-bc1446e4089d
USB User 2023-05-07 12:30:51.848407 usb_service_linux.cc 294 USB device added: path=/dev/bus/usb/001/004 vendor=7247 "SIGMACHIP", product=52 "Usb Mouse", serial="", guid=a7465596-8c4b-44d5-ba5a-2f8d57c8c443
I looked at the logs when the mouse stopped working, and I found a new type of entry like the one below:
HID User 2023-05-22 10:53:53.670602 hid_service.cc 140 HID device detected: vendorId=7247, productId=52, name='SIGMACHIP Usb Mouse', serial='', deviceIds=['/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0001/hidraw/hidraw0'], reportDescriptor='BQEJAqEBCQGhAAUJGQEpAxUAJQGVA3UBgQKVAXUFgQEFAQkwCTEJOBWBJX91CJUDgQbAwA=='
I want to clarify that the last time I updated the Chromebook was on May 20th, and the first time a HID device1 detected entry was 48 hours later and after 3 power on/off cycles. There were no other updates or significant setting changes between the last update and these events.
Before the mouse stopped working, and hours after I had powered on the Chromebook, during an idle period and while it was disconnected from the Ethernet Cable Modem, the Device Log generated the following:
HID User 2023-05-23 14:23:44.065361 hid_service.cc 140 HID device detected: vendorId=7247, productId=52, name='SIGMACHIP Usb Mouse', serial='', deviceIds=['/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0001/hidraw/hidraw0'], reportDescriptor='BQEJAqEBCQGhAAUJGQEpAxUAJQGVA3UBgQKVAXUFgQEFAQkwCTEJOBWBJX91CJUDgQbAwA=='
USB User 2023-05-23 14:37:06.681656 usb_service_linux.cc 327 USB device removed: path=/dev/bus/usb/002/002 guid=5d08ce2f-4cb3-4e45-87a0-7dc2e6079f0b
HID User 2023-05-23 14:37:11.485154 hid_service.cc 161 HID device removed: deviceId='/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0001/hidraw/hidraw0'
USB User 2023-05-23 14:37:11.699193 usb_service_linux.cc 327 USB device removed: path=/dev/bus/usb/001/004 guid=81514030-b1df-4b15-85b9-b932055d8f6
When I came back to use the Chromebook, the USB-wired mouse was not working, so I selected the tab where I had the Device Log loaded (I have it set for a 30 seconds autorefresh). Then, I disconnected and reconnected the mouse, and a few seconds later, the following entries appeared:
USB User 2023-05-23 17:10:03.437617 usb_service_linux.cc 294 USB device added: path=/dev/bus/usb/001/067 vendor=7247 "SIGMACHIP", product=52 "Usb Mouse", serial="", guid=f9fa738e-1dc4-4745-bc20-580dd01e2816
HID User 2023-05-23 17:10:03.479215 hid_service.cc 140 HID device added: vendorId=7247, productId=52, name='SIGMACHIP Usb Mouse', serial='', deviceIds=['/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0002/hidraw/hidraw0'], reportDescriptor='BQEJAqEBCQGhAAUJGQEpAxUAJQGVA3UBgQKVAXUFgQEFAQkwCTEJOBWBJX91CJUDgQbAwA=='
Then, three minutes later, while I am still looking at this log, without me interacting with the machine, these other entries appeared:
HID User 2023-05-23 17:13:40.222436 hid_service.cc 161 HID device removed: deviceId='/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0002/hidraw/hidraw0'
USB User 2023-05-23 17:13:40.231755 usb_service_linux.cc 327 USB device removed: path=/dev/bus/usb/001/067 guid=f9fa738e-1dc4-4745-bc20-580dd01e2816
As you can imagine the mouse stopped working. So I unplugged and replugged the mouse’s USB cable. That was the last mouse malfunction.
These were the last related entries for the day:
USB User 2023-05-23 17:18:48.245810 usb_service_linux.cc 294 USB device added: path=/dev/bus/usb/001/017 vendor=7247 "SIGMACHIP", product=52 "Usb Mouse", serial="", guid=04807f89-b0d7-4c74-9e17-f0c31f86ce41
HID User 2023-05-23 17:18:48.293426 hid_service.cc 140 HID device added: vendorId=7247, productId=52, name='SIGMACHIP Usb Mouse', serial='', deviceIds=['/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0004/hidraw/hidraw0'], reportDescriptor='BQEJAqEBCQGhAAUJGQEpAxUAJQGVA3UBgQKVAXUFgQEFAQkwCTEJOBWBJX91CJUDgQbAwA=='
USB User 2023-05-23 19:19:27.049144 usb_service_linux.cc 327 USB device removed: path=/dev/bus/usb/001/017 guid=04807f89-b0d7-4c74-9e17-f0c31f86ce41
HID User 2023-05-23 19:19:26.830030 hid_service.cc 161 HID device removed: deviceId='/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0004/hidraw/hidraw0'
Yesterday I Tried to Publish a Message on support.google.com/chromebook
but the system disabled me from doing so (perhaps it was not the system, and instead the hackers gaslighted me).
After I clicked the “Post” button the first time, I got a pop-up telling me that the numbers from the HID device log entries 0034.0001, 0034.0002, and 0034.0004 violated the confidentiality terms of the site. It was phrased differently, but basically, the system was asking me to change these numbers. And so I did.
Then I clicked the post button again, and nothing happened. So I clicked it again and got the message “You have exceeded the maximum posting rate. Please try again later.“ The post was not published; or at least, I was not redirected to a page where I could see it with a static URL.
I researched the message and understood I just had to wait before I could post the message. I may have clicked the post button one too many times.
Today, I Again Was Unable to Publish My Question
By now I felt incredulous, and I began to research the meaning of the numbers I had been asked to remove. I asked Bard from Google, and the AI instructed me:
….the device path "/sys/devices/pci0000:00/0000:00:18.0/usb2/1-2/2-1:1.0/0003:1C4F:0034.0001" reveals a lot of information about the device.
The first part of the path, /sys/devices/pci0000:00, identifies the PCI bus that the device is connected to. The second part of the path, 0000:00:18.0, identifies the device on the PCI bus. The third part of the path, usb2, identifies the USB controller that the device is connected to. The fourth part of the path, 1-2, identifies the USB hub that the device is connected to. The fifth part of the path, 2-1:1.0, identifies the device on the USB hub. The sixth part of the path, 0003:1C4F:0034.0001, identifies the vendor ID, product ID, and revision of the device.
The vendor ID is a unique identifier assigned to the device manufacturer. The product ID is a unique identifier assigned to the specific device. The revision is a number that indicates the version of the device.
This information can be used to identify the device, to find drivers for the device, and to troubleshoot problems with the device.
In other words, the “confidential” information that violated the terms of support.google.com was very likely just a gaslighting technique from the perps that keep me hacked.
Can you imagine a vendor making and publishing a device’s driver revision two times within two days?
If Google takes weeks before it publishes a Chrome browser update after authoritative reports of a zero-day that appears to be exploited in the wild… where in the world would we find a vendor that is so concerned that it publishes revisions for a mouse’s driver galore…
Of course, these frackers were not expecting I would dig into the logs. And guess what…
Today, Device Log is no longer generating HID device-related entries
The only USB Mouse related entry I’ve seen in Device Log is:
USB device added: path=/dev/bus/usb/001/004 vendor=7247 "SIGMACHIP", product=52 "Usb Mouse", serial="", guid=846954aa-128b-475e-88c2-dca2bcbe52d8
Today, I have no record of a HID device on the Device Log.
These are questions I want to ask in support.google.com/chromebook
For over a month I have been monitoring Chrome’s device log, and the HID device log entry is a new type.
Why did these HID device entries begin to appear on Chrome’s Device Log without any previous update or change to the settings of the Chromebook?
I know that through Chrome I can connect USB, serial ports, and HID devices to websites https://support.google.com/chrome/answer/12576972
The day I became aware of the HID device entries while using a working USB-wired mouse, and after the Device Log had issued entries that related to both types of entries, USB device, and HID device, I checked the Chrome settings for USB and HID devices under the browser Privacy > Permissions > USB Devices and HID Devices permissions, and I saw “No USB devices found” and “No HID devices found” respectively.
Why did the browser not recognize the mouse that had been detected by the Chromebook’s operating system as per the Device Log?
The day after I was unable to publish these questions (along with the related log information), the HID device log entries stopped.
Why has the Device Log stopped issuing HID device detected/removed entries when I connect and disconnect the USB-wired mouse?
Still, given that I am not an IT professional, I think the Chromebook is more secure for me than the Window operating system. I may tell you about my last experience with a brand new Windows Machine some other time, but after this long post, I’ll just share that battling the progressive hacking of the machine within the first five hours of having powered it on was accelerating.
P.S. I parsed the logs to sort and manipulate entries through a spreadsheet. Also, I am a victim of persistent targeted hacking, and although I have experienced many anomalies with this Chromebook, cult followers keep saying it is an impossibility.
HID stands for Human Interface Device, and this term refers to electronic devices that are used to control a computer or other electronic devices that feature interaction with human users. Some examples are the mouse, the joystick, and the webcams.