View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 22, 2016updated 31 Aug 2016 5:03pm

Popular Linux Mint website hacked, backdoor inserted into ISO

News: ISO infected with back door, then hacker reveals all.

By Charlotte Henry

The Linux Mint website was hacked this weekend, 20th February 2016, resulting in the ISO of the latest distribution being replaced with one that contains a backdoor.

Users who downloaded the operating system on Saturday have been warned not to use it, and those who use the Linux Mint forums have been told to replace their passwords.

In a blog post, Clement Lefebvre, the head of the Linux Mint project, said: "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it."

He added that "As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition."

When outlining the issue, Lefebvre said that it does not affect those who downloaded the operating systems via torrents or HTTP link. Linux Mint developers said that by yesterday, Sunday 21st February 2016, they had managed to correct the issue.

Linux Mint claim to know who was behind the attack, but appear to have so far declined to inform the security services.

Lefebvre said that the domains involved lead to three named people in Sofia, Bulgaria. "If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this," he said.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

A hacker named Peace said they were responsible for the hack. In an encrypted conversation with ZDnet, Peace said that "a few hundred" installs of the operating systems were under their control, which is a significant section of the 1000+ downloads that took place on the day.

Peace also said that they had stolen entire copies of the forum on two occasions, on January 28th 2016, and then a few weeks later on February 18th.

The hacker also said that some passwords had been cracked, with the data being sold on the darkweb for 0.197 bitcoin ($85) a download.

The incident follows up one on February 16th 2016, when Google and Red Hat engineers revealed and patched a security vulnerability affecting the Glibc open source code library. As the vulnerability concerned DNS, there was significant fallout for Linux.

A variety of key command-line Linux utilities could have been used to exploit devices as a result of that vulnerability.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.