Hacked: Hacking Finance

Breaches

Linux Mint Website Hacked: Motive Unknown

Posted on .

Linux Mint Website Hacked: Motive Unknown

Introduction

Hackers breached the Linux Mint website, Linux noted in a blog posting today. The Linux Mint 17.3 Cinnamon is the only compromised edition to the best of the company’s knowledge. Users who downloaded another edition or release are not affected. Users who downloaded via a direct HTTP link or via torrents are not affected either.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Since the breach occurred today, it should not affect users who downloaded the edition on Feb. 20.

Linux Gives Corrective Action

Users who still have the ISO file are instructed to check the MD5 signature posted on the blog with the “md5sum yourfile.iso” command where “yourfile.iso” is the ISO name. The blog page lists the valid signatures.

Those with the burnt DVD or USB stick should boot a virtual machine or a computer offline with it and let it load the live session. Users are encouraged to turn off their router if they are in doubt.

After the live session starts and there is a file in “/var/lib/man.cy,” the ISO is infected.

If the ISO is infected, the user should delete it. If they burnt it to a DVD, they should trash the disc. If burnt to the USB, the user should format the stick.

For those who installed the ISO on a computer, they should take the computer offline, back up personal data, reinstall the OS or format the partition, then change passwords for sensitive websites.

Linux took the server down while fixing the issue.

Entry Via WordPress

In response to a question, the blog’s editor said the hackers made the breach via WordPress.

The posting noted the hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com. Both lead to Sofia, Bulgaria, and there are three persons’ names. The motivation for the attack is unknown.

The posting said Linux will contact authorities if attacks continue.

People are still debating the hackers’ point of entry, according to Softpedia. While Clement Lefebvre, leader of the Linux Mint project, said the initial entry point was their WordPress blog, Softpedia noted that Yonathan Klijnsma, senior threat intelligence analyst at Dutch security firm Fox-IT noticed a few hours prior to Linux’s announcement that someone placed an ad on TheRealDeal Dark Web marketplace. Someone using the username “peace_of_mind” was selling “Linuxmint.com shell, php mailer and full forum dump” for 0.1910 bitcoin.

TheRealDeal Dark Web marketplace website was not accessible at 1:15 p.m. Eastern Standard Time.

Also read: New ransomware targets Linux powered websites

MD5 Signatures Must Be Checked

The incident reminds users of the importance of checking MD5 signatures for critical downloads, according to Tim Anderson, writing in The Register. He said it is also important to be sure the MD5 signatures are from a trusted source instead of one hackers could have modified. These signatures are posted in more than one place in the case of a popular Linux distribution. Hence, signature consistency signals that something could be wrong.

Image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

DON'T MISS OUT

Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.

Comments
  • user

    AUTHOR Real Anti-Racist Action

    Posted on 11:42 pm February 22, 2016.

    So just how safe is WordPress? I mean if you have a very strong password, that would take 200 years to force-break a password. Just how safe is WordPress? Can anyone or Hacked.com answer this?
    This may be a security issue that more website owners may be interested to learn about.

  • user

    AUTHOR Scott Harrington

    Posted on 12:29 pm March 6, 2016.

    Inbox [email protected] or text +15087349866 to change college grades,clear criminal record etc…

  • View Comments (2) ...
    Navigation
    An Apple executive yesterday pointed out a piece of information…