My system was hacked (Fedora Linux 21) and there was very intersting, writtem especially for me rootkit with full access to the system and different features. I had 2 encrypted with Veracrypt containers with different text files, fotos etc...
I've copied them to another computer on flash drive.
1st container opened normally and I've copied all data from it.
But while opening second container, I started to see ioctl error. After Googling about that error for Truecrypt, I've disabled Kernel cryptographic services in options. And successfully opened it. And it was empty :(
Looks, like hacker opened it with my keys and deleted my files.
I've found old copy of container and succesfully opened with enabled cryptographic services on the same machine.
And now I have a question. Is there any THEREOTICALLY possibility, that I disabled Kernel crpt. srv. in options, opened container (from Superuser) and orbitrary hidden code executed?