sujith Posted February 21, 2016 Share Posted February 21, 2016 In a surprising announcement, Clement Lefebvre -- head of the Linux Mint project -- said that the Linux Mint website had been compromised and that the hackers were able to edit the site to point to a malicious ISO of Linux Mint 17.3 Cinnamon edition on Saturday 20th, February. If you downloaded the Cinnamon edition prior to Saturday or downloaded a different version/flavour (including Mint 17.3 Cinnamon via torrent or direct HTTP link) you aren't affected. It's worth mentioning that since the issue was caught, everything has since returned back to normal now so it's safe to download the Linux Mint ISOs again. The blog post by Lefebvre explains how users can check the MD5 signature of any ISOs that they think might be infected. Users who do have an infected ISO are advised to delete the ISO, trash discs where the ISO has been burnt, and format USB sticks where the ISO was burnt. For those who used the ISO to install the OS on their computer, the following steps are recommended: Take the computer offline, Backup personal data, Reinstall the OS (with a clean ISO) or format the partition, And change passwords to sites you used - especially email accounts. It's not clear yet whether the team plans to have the authorities go after the hackers. The ISOs and the website the backdoor contacts are both hosted from Sofia, Bulgaria. The Mint team claim to have the name of three people who could be involved with the attack, giving authorities a good place to start, should they investigate. For clarification, the ISOs on the Mint website are now clean - only those who downloaded an ISO on Saturday 20th, February need to be concerned. Linux is typically known to be quite resilient against malware, thanks to the architecture of the operating system as well as its relative obscurity when compared with Windows. Source-http://www.neowin.net/news/linux-mint-website-hacked-malicious-iso-offered-on-saturdayOfficial blog post - http://blog.linuxmint.com/?p=2994 Link to comment Share on other sites More sharing options...
software182 Posted February 21, 2016 Share Posted February 21, 2016 Well, that sucks Link to comment Share on other sites More sharing options...
Batu69 Posted February 21, 2016 Share Posted February 21, 2016 Thread edited: Font-size has been changed. Thread moved from Software News forum. Link to comment Share on other sites More sharing options...
vibranium Posted February 21, 2016 Share Posted February 21, 2016 This incident is going to shake some people's confidence in the distro, for sure, Link to comment Share on other sites More sharing options...
oliverjia Posted February 21, 2016 Share Posted February 21, 2016 I have never used Mint. They basically steals the Ubuntu OS, polish it up and added a bit flavor to it, and then call it a a new distro. It's a joke to me. They do not have the tech quality that Ubuntu has. Since I used Ubuntu since 2006, I stick to Ubuntu. Link to comment Share on other sites More sharing options...
pc71520 Posted February 21, 2016 Share Posted February 21, 2016 Too bad for the most popular distro... Link to comment Share on other sites More sharing options...
sujith Posted February 21, 2016 Author Share Posted February 21, 2016 Apparently there's more- http://blog.linuxmint.com/?p=3001 Link to comment Share on other sites More sharing options...
Pequi Posted February 21, 2016 Share Posted February 21, 2016 10 hours ago, vibranium said: This incident is going to shake some people's confidence in the distro, for sure, It's based on Ubuntu. The last "clean" Ubuntu was 10.04. Then, IMHO, it went rogue. Massive encrypted exchanges between my Desktop and Ubuntu servers, even with all services/updates/msg and email clients turned off. Put WireShark on a MITM machine and watch. Almost as bad as Windows has become after Win 7. That's when I realized that Ubuntu was all about making money from the free Debian distro team's work. So ... I went back to Debian. After Ian Murdock's murder , I'm lost. No idea who to trust. Ian's last important public statement was that he would not allow government backdoors in Debian. Who takes his place ? Poettering ???? Link to comment Share on other sites More sharing options...
steven36 Posted February 21, 2016 Share Posted February 21, 2016 2 hours ago, Pequi said: It's based on Ubuntu. The last "clean" Ubuntu was 10.04. Then, IMHO, it went rogue. Massive encrypted exchanges between my Desktop and Ubuntu servers, even with all services/updates/msg and email clients turned off. Put WireShark on a MITM machine and watch. Almost as bad as Windows has become after Win 7. That's when I realized that Ubuntu was all about making money from the free Debian distro team's work. So ... I went back to Debian. After Ian Murdock's murder , I'm lost. No idea who to trust. Ian's last important public statement was that he would not allow government backdoors in Debian. Who takes his place ? Poettering ???? Linux Mint Lecches Form Ubuntu and Debian and Ubuntu Lecches from Debian so meaning really they all leach from Debian. People download altered Windows O/S isos and stuff from File host , P2P with cracks , malware and everything else,, and people are worried because.Hackers got a hold of one of Mint's ISO ? witch they token down by now dont even effect me because I had my version installed since 17.3 was still beta. The worse thing that could happen is Debian will get the 1# distro spot witch they derisive anyways. If you're this worried about the Government compromising you're PC you better log off the internet because Windows have always been compromised. Come on most all of us know how to check MD5 . This could happen to you downloading windows even if you dont . Back in 2009 Pirated Windows 7 Builds Botnet with Trojan http://www.eweek.com/c/a/Security/Pirated-Windows-7-Builds-a-Botnet-With-Trojan-456054 I say there's more people who pirate windows than use Linux Mint . In China were they have the most people most everyone pirates windows. This is what happen to someone who got a hold of a infected ISO Quote James Says: I’ve just been trying to install a fresh version of Linux Mint on a new machine from this corrupted ISO for the last couple of hours. I thought something was weird when I was unable to connect to the internet after installing, yet I was able to reach my router. I’d stupidly not checked the MD5 checksum before using the ISO. Has anyone/is anyone going to be looking into the ‘functional’ difference between the genuine and hacked versions? I’d be interested to know what/if any of my data or keyboard input has been stolen from me. Thank you for letting us know about this. Edit by Clem: Yes, it’s Mint with tsunami running on it. Here’s some info on it http://blog.malwaremustdie.org/2013/05/story-of-unix-trojan-tsunami-ircbot-w.html Quote Linux may be a force in the server world, but it has never succeeded at winning over masses of desktop users. Its openness encourages many developers to create their own Linux distributions and then fight with the hundreds of other distros for a slice of a tiny user base. Unsurprisingly, there’s a healthy amount of churn among distributions, even the popular ones. Lesson learned: Like your Linux distro, but don’t fall in love. You may wind up leaving the party sooner than you think. http://www.pcworld.com/article/2998195/operating-systems/5-dead-operating-systems-and-what-their-ghosts-can-tell-us.html Link to comment Share on other sites More sharing options...
Sylence Posted February 22, 2016 Share Posted February 22, 2016 Hackers stepped up their game...most probably because people were boasting about Linux's security way too much... Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted February 22, 2016 Share Posted February 22, 2016 compromised is a easy thing to do nowdays Link to comment Share on other sites More sharing options...
pc71520 Posted February 22, 2016 Share Posted February 22, 2016 4 hours ago, saeed_dc said: ...People were boasting about Linux's security way too much... Way too much... Link to comment Share on other sites More sharing options...
SnakeMasteR Posted February 22, 2016 Share Posted February 22, 2016 Quote If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session. Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO. https://redd.it/46tdcj Said man.cy file source https://gist.github.com/Oweoqi/31239851e5b84dbba894 Link to comment Share on other sites More sharing options...
steven36 Posted February 22, 2016 Share Posted February 22, 2016 5 hours ago, saeed_dc said: Hackers stepped up their game...most probably because people were boasting about Linux's security way too much... They didn't hack Linux they only hacked one Distro out of 1000s . And the only people it effected were people who tried to install that infected ISO that was out on Feb 20th and people who joined Linux Mint Forums needs to change there passwords . What happened to them could happen installing windows or software for windows . Every day you come on any forums or install any software you take a chance .Even Kaspersky was hacked before . Link to comment Share on other sites More sharing options...
Sylence Posted February 22, 2016 Share Posted February 22, 2016 1 minute ago, steven36 said: They didn't hack Linux they only hacked one Distro out of 1000s . And the only people it effected were people who tried to install that infected ISO that was out on Feb 20th and people who joined Linux Mint Forums needs to change there passwords . What happened to them could happen installing windows or software for windows . Every day you come on any forums or install any software you take a chance .Even Kaspersky was hacked before . look at it this way, it was the most popular one or one of the most popular distro of Linux so can't say now that this was one out of 1000s. and you can't exactly say how many people were infected by it. people downloaded the infected ISO might have uploaded it to other sharing websites or hosting it in their own servers or blogs. their web server was a Linux so yeah we can say the Linux was hacked. it was to prove some people that Linux is not that unhackable Link to comment Share on other sites More sharing options...
steven36 Posted February 22, 2016 Share Posted February 22, 2016 27 minutes ago, saeed_dc said: look at it this way, it was the most popular one or one of the most popular distro of Linux so can't say now that this was one out of 1000s. and you can't exactly say how many people were infected by it. people downloaded the infected ISO might have uploaded it to other sharing websites or hosting it in their own servers or blogs. their web server was a Linux so yeah we can say the Linux was hacked. it was to prove some people that Linux is not that unhackable There web server was not Linux the Linux foundation and it are not the same thing its was Linux Mint Quote What happened? Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it. Does this affect you? As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. Only it pointed to linuxmint.com and they have like like 4 or 5 different editions and it was only the Cinnamon edition. Any they would had tired to installed and/or downloaded on Feb 20th and not checked the hash . The only way many people got infected would be if sites lies and more people use Linux than they claim . Only like 1% of users use Linux as a whole of desktop users out of 1000s of distros . More people pirate windows than use Linux FFS ... Every ISO at distro watch has the hash you should check before you install anything .. it goes to show you people could hack anything and people would install it and if it were real poplar windows software it could infect millions. Link to comment Share on other sites More sharing options...
steven36 Posted February 22, 2016 Share Posted February 22, 2016 7 hours ago, saeed_dc said: .most probably because people were boasting about Linux's security way too much... If this were so windows 10 would get hacked on the fact that Microsoft says its the safest O/S ever . Maybe back in the 1st decade of the 21st century people thought Linux's security was all that but every thing i ever read says you can get hacked using it just like windows , mac or any thing that connects to internet. Most Hackers dont need a reason only Hack Activist who dont do it for profit need a reason . Most Hackers Don't a real reason is to steal info to make a profit . It was done it to make a botnet like Back in 2009 Pirated Windows 7 Builds were done the same way. Quote A lone hacker who duped hundreds of users into downloading a version of Linux with a backdoor installed has revealed how it was done. News broke on Saturday that the website of Linux Mint, said to be the third most-popular Linux operating system distribution, had been hacked, and was tricking users all day by serving up downloads that contained a maliciously-placed "backdoor." The surprise announcement of the hack was made Saturday by project leader Clement Lefebvre, who confirmed the news. Lefebvre said in a blog post that only downloads from Saturday were compromised, and subsequently pulled the site offline to prevent further downloads. The hacker responsible, who goes by the name "Peace," told me in an encrypted chat on Sunday that a "few hundred" Linux Mint installs were under their control -- a significant portion of the thousand-plus downloads during the day. But that's only half of the story. Peace also claimed to have stolen an entire copy of the site's forum twice -- one from January 28, and most recently February 18, two days before the hack was confirmed. The hacker shared a portion of the forum dump, which we verified contains some personally identifiable information, such as email addresses, birthdates, profile pictures, as well as scrambled passwords. Those passwords might not stay that way for much longer. The hacker said that some passwords have already been cracked, with more on the way. (It's understood that the site used PHPass to hash the passwords, which can be cracked.) Lefebvre confirmed on Sunday that the forum had been breached. It later emerged that the hacker had placed the "full forum dump" on a dark web marketplace, a listing we were also able to verify that exists. The listing was going for about 0.197 bitcoin at the time of writing, or about $85 per download. Peace confirmed the listing was theirs. "Well, I need $85," the hacker said jokingly. About 71,000 accounts have been loaded into breach notification site HaveIBeenPwned, it announced on Sunday. Just less than half of all accounts were already in the database. (If you think you might be affected by the breach, you can search its database for your email address.) Peace declined to give their name, age, or gender, but did say they lived in Europe and had no affiliations to hacking groups. The hacker, known to work alone, has previously offered private exploit services for known vulnerabilities services on private marketplace sites they're associated with. After a detailed conversation, the hacker explained how the multilayered attack was carried out. Peace was "just poking around" the site in January when they found a vulnerability granting unauthorized access. (The hacker also said they had the credentials to log in to the site's admin panel as Lefebvre, but was reluctant to explain how in case it proved useful again.) On Saturday, the hacker replaced one of the 64-bit Linux distribution images (ISO) with one that was modified by adding a backdoor, and later decided to "replace all mirrors" for every downloadable version of Linux on the site with a modified version of their own. The backdoored version isn't as difficult as you'd think. Because the code is open-source, the hacker said it took them just a few hours to repack a Linux version that contained the backdoor. The hacker then uploaded the files to a file server located in Bulgaria, which took the longest "because of slow bandwidth." The hacker then used their access to the site to change the legitimate checksum -- used to verify the integrity of a file -- on the download page with the checksum of the backdoored version. "Who the f**k checks those anyway?" the hacker said. It was about an hour later when Lefebvre began to take down the project's website. The website has been down for most of Sunday, potentially losing thousands of downloads. The operating system distro has a big following for the Linux crowd. There are at least six million Linux Mint users at the last unofficial count, thanks to in part its friendly user interface. Peace said the first hacking episode started late January, but peaked when they "started spreading the backdoored images early morning [Saturday]," the hacker said. The hacker said there was no specific goal to their attack, but said that their prime motivation for the backdoor was to build a botnet. The hacker used malware dubbed Tsunami, an easy-to-implement backdoor, which when activated quietly connects to an IRC server where it waits for commands. Yonathan Klijnsma, senior threat intelligence analyst working at Dutch security firm Fox-IT, said Tsunami is often used to take down websites and servers -- by sending a "tsunami" of traffic to knock its target offline. "[Tsunami] is a simple manually configurable bot which talks to an IRC server and joins a predefined channel, with a password if set by the creator," said Klijnsma. But it isn't just used to launch web-based attacks, it can also allow its creator to "execute commands and download files to the infected system to later execute, for example," he added. Not just that, the malware can uninstall itself on affected machines to limit traces of evidence it leaves behind, said Klijnsma, who helped me to review and verify some of the hacker's claims. For now, the hacker's motive was "just having access in general," but they did not rule out using the botnet to carry out data mining or any other nefarious means. In the meanwhile, the hacker's botnet is still up and running, but the number of infected machines "dropped significantly since the news broke obviously," Peace confirmed. Lefebvre did not return an email for comment on Sunday. The project's website is down, with no timeline on when the project will be back. http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installing-linux-mint-backdoor/ Were all livening on borrowed time people downloading tainted windows isos that have no official md5 . Cracks from people they dont know etc and not checking hash of everything you install ..Sooner or latter everyone's day is coming . Just like back in the 1st decade when i got a hold of a tainted keygen that hardly no antivirus could detect from p2p . People want make a big deal out of this when most of you play Russian Roulette with you're PC everyday ? Link to comment Share on other sites More sharing options...
oliverjia Posted February 22, 2016 Share Posted February 22, 2016 Normally, behind such kind of hacking, the reason to blame is the people/web admin, who is too incompetent to do their job maintaining a server. It's the stupid people who are to be blamed rather than a OS or hardware, in most cases. Linux Mint, on the other hand, sacrificed security in favor of usability to an extreme, which lead to the low security quality. I have never used Mint before. Ubuntu all the way. Link to comment Share on other sites More sharing options...
steven36 Posted February 22, 2016 Share Posted February 22, 2016 7 minutes ago, oliverjia said: Normally, behind such kind of hacking, the reason to blame is the people/web admin, who is too incompetent to do their job maintaining a server. It's the stupid people who are to be blamed rather than a OS or hardware, in most cases. Linux Mint, on the other hand, sacrificed security in favor of usability to an extreme, which lead to the low security quality. I have never used Mint before. Ubuntu all the way. Yep iIm fixing to switch to some kind of buntu that's just maintained by Ubuntu . Not because they were hacked though its because they dont have the manpower to to handle a breach like this when it happens anything can be hacked . I think Clement is there only security Quote > I know this is voluntary work, pitch in or shut up and all that, but that right there is just bad Internet citizenship beyond imagination. Both Fedora and Debian has had breaches. As soon as they were known all systems were immediately taken offline until all details had been worked out, to avoid repeat compromise, then completely re-imaged from scratch before they were put back online. The post mortem were then shared with the world to learn from. Nothing unusual, but best practice. Well, Linux Mint is generally very bad when it comes to security and quality. First of all, they don't issue any Security Advisories, so their users cannot - unlike users of most other mainstream distributions [1] - quickly lookup whether they are affected by a certain CVE. Secondly, they are mixing their own binary packages with binary packages from Debian and Ubuntu without rebuilding the latter. This creates something that we in Debian call a "FrankenDebian" which results in system updates becoming unpredictable [2]. With the result, that the Mint developers simply decided to blacklist certain packages from upgrades by default thus putting their users at risk because important security updates may not be installed. Thirdly, while they import packages from Ubuntu or Debian, they hi-jack package and binary names by re-using existing names. For example, they called their fork of gdm2 "mdm" which supposedly means "Mint Display Manager". However, the problem is that there already is a package "mdm" in Debian which are "Utilities for single-host parallel shell scripting". Thus, on Mint, the original "mdm" package cannot be installed. Another example of such a hi-jack are their new "X apps" which are supposed to deliver common apps for all desktops which are available on Linux Mint. Their first app of this collection is an editor which they forked off the Mate editor "pluma". And they called it "xedit", ignoring the fact that there already is an "xedit" making the old "xedit" unusable by hi-jacking its namespace. Add to that, that they do not care about copyright and license issues and just ship their ISOs with pre-installed Oracle Java and Adobe Flash packages and several multimedia codec packages which infringe patents and may therefore not be distributed freely at all in countries like the US. To conclude, I do not think that the Mint developers deliver professional work. Their distribution is more a crude hack of existing Debian-based distributions. They make fundamental mistakes and put their users at risk, both in the sense of data security as well as licensing issues. I would therefore highly discourage anyone using Linux Mint until Mint developers have changed their fundamental philosophy and resolved these issues. https://lwn.net/Articles/676664/ Link to comment Share on other sites More sharing options...
Sylence Posted February 23, 2016 Share Posted February 23, 2016 19 hours ago, steven36 said: There web server was not Linux proof? 17 hours ago, steven36 said: If this were so windows 10 would get hacked on the fact that Microsoft says its the safest O/S ever . but it hasn't got hacked yet Link to comment Share on other sites More sharing options...
steven36 Posted February 23, 2016 Share Posted February 23, 2016 8 hours ago, saeed_dc said: proof? but it hasn't got hacked yet 1.The site that was hacked is offline since Saturday No other sites too do with Linux is offline . Security updates for Linux Mint are provided by Ubuntu and Linux Mint its self hardly updates anything just mostly when a new O/S comes out next one said to be out by summer so it dont effect Security updates. The Distro and the way the Security updates are done are totally from different sites . 2.What Linux is its just Kernels they use in different distros to make O/S . 3. Its not the Linux Foundation's responsibility over distros that decide to make o/s security that's the distros responsibility . 4. What happened here was due to the person who runs Linux Mint site and makes the O/S failed to update there forum and word press that's how they pointed the infected iso too www.linuxmint.com and hacked the admin at Linux Mint 5. No one owns Linux like Microsoft do Windows its just a core of many O/S even Android is Linux. Its free for anyone who wants make there own O/S 6. Back in 1991 when it 1st started it was a O/S but for many moons its just a Kernel for many O/S Quote Linux was originally developed as a free operating system for personal computers based on the Intel x86 architecture, but has since been ported to more computer hardware platforms than any other operating system https://en.wikipedia.org/wiki/Linux 7. Windows every version gets hacked all the time . most people who were ever hacked it happen why they were on Windows. No O/S is Hack Proof . All they have to do is find a back door in or get you to install some malware . 8. Stop trolling because you dont really like Linux.. all you're arguments are invalid. 9. The Admin of Linux Mint has handed it over to security experts and police officers dedicated to cybercrime. 10. There's rumors were one person says there investigating the hack that Cannonical witch runs Ubuntu may have paid these hackers off to mess up Linux Mint repetition and it could happen to more distros that Cannonical dont like . Link to comment Share on other sites More sharing options...
Sylence Posted February 23, 2016 Share Posted February 23, 2016 5 hours ago, steven36 said: 1.The site that was hacked is offline since Saturday No other sites too do with Linux is offline . Security updates for Linux Mint are provided by Ubuntu and Linux Mint its self hardly updates anything just mostly when a new O/S comes out next one said to be out by summer so it dont effect Security updates. The Distro and the way the Security updates are done are totally from different sites . 2.What Linux is its just Kernels they use in different distros to make O/S . 3. Its not the Linux Foundation's responsibility over distros that decide to make o/s security that's the distros responsibility . 4. What happened here was due to the person who runs Linux Mint site and makes the O/S failed to update there forum and word press that's how they pointed the infected iso too www.linuxmint.com and hacked the admin at Linux Mint 5. No one owns Linux like Microsoft do Windows its just a core of many O/S even Android is Linux. Its free for anyone who wants make there own O/S 6. Back in 1991 when it 1st started it was a O/S but for many moons its just a Kernel for many O/S 7. Windows every version gets hacked all the time . most people who were ever hacked it happen why they were on Windows. No O/S is Hack Proof . All they have to do is find a back door in or get you to install some malware . 8. Stop trolling because you dont really like Linux.. all you're arguments are invalid. 9. The Admin of Linux Mint has handed it over to security experts and police officers dedicated to cybercrime. 10. There's rumors were one person says there investigating the hack that Cannonical witch runs Ubuntu may have paid these hackers off to mess up Linux Mint repetition and it could happen to more distros that Cannonical dont like . +1 for the number 8 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.