Time Attacks (Timing Attacks; sdwdate and/or ntpd downgrade attacks)
Symptoms?
What are the sine qua non indicia of attacks in this form?
Are sudden, time desynchronisations in the Whonix Gateway and Workstation > 30 m, but suspiciously within 1 h of atomic time, but also different vs. one another, even considering the boot clock randomization settings for vbox, that don’t cause a “broken” sdwdate “lock” in the sdwdate-gui tray icon necessarily, prima facie evidence of such an attack’s success? Of adversarial sophistication?
Obviously, to the victim, such an attack would only raise to a level of suspicion that he has been at best correlated if not owned more outright upon a background of other physical indicia and a heightened vulnerability due, e.g., to physical location, etc.
Ramifications?
If the above are strong evidence of such an attack’s success, assuming a (probably quasi-) state actor threat model, what is the practical upshot? Consequences? Mitigations?