View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 22, 2016updated 31 Aug 2016 5:03pm

Popular Linux Mint website hacked, backdoor inserted into ISO

News: ISO infected with back door, then hacker reveals all.

By

The Linux Mint website was hacked this weekend, 20th February 2016, resulting in the ISO of the latest distribution being replaced with one that contains a backdoor.

Users who downloaded the operating system on Saturday have been warned not to use it, and those who use the Linux Mint forums have been told to replace their passwords.

In a blog post, Clement Lefebvre, the head of the Linux Mint project, said: "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it."

He added that "As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition."

When outlining the issue, Lefebvre said that it does not affect those who downloaded the operating systems via torrents or HTTP link. Linux Mint developers said that by yesterday, Sunday 21st February 2016, they had managed to correct the issue.

Linux Mint claim to know who was behind the attack, but appear to have so far declined to inform the security services.

Lefebvre said that the domains involved lead to three named people in Sofia, Bulgaria. "If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this," he said.

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

A hacker named Peace said they were responsible for the hack. In an encrypted conversation with ZDnet, Peace said that "a few hundred" installs of the operating systems were under their control, which is a significant section of the 1000+ downloads that took place on the day.

Peace also said that they had stolen entire copies of the forum on two occasions, on January 28th 2016, and then a few weeks later on February 18th.

The hacker also said that some passwords had been cracked, with the data being sold on the darkweb for 0.197 bitcoin ($85) a download.

The incident follows up one on February 16th 2016, when Google and Red Hat engineers revealed and patched a security vulnerability affecting the Glibc open source code library. As the vulnerability concerned DNS, there was significant fallout for Linux.

A variety of key command-line Linux utilities could have been used to exploit devices as a result of that vulnerability.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU