Linux Mint’s Clement Lefebvre confirmed in a blog on Saturday, 20 February, that criminal hackers had made a modified version of the Linux Mint ISO with a backdoor in it, and got the Linux Mint website to point to it. Unsuspecting users who downloaded Linux Mint 17.3 Cinnamon on Saturday were the only ones to download the malicious version; users who downloaded earlier versions or downloaded version 17.3 before Saturday were unaffected by the intrusion. The site was taken offline in response.
Today, ZDNet reports that a “lone hacker” using the pseudonym ‘Peace’ was responsible – and that there’s rather more to the story than the Linux Mint blog suggested.
Peace told ZDNet’s Zack Whittaker that they’d “stolen an entire copy of the site’s forum” on two recent occasions, and put it up for sale on a dark web marketplace. The data dump contained “personally identifiable information, such as email addresses, birthdates, profile pictures, as well as scrambled passwords.” Many of those passwords have already been cracked. Lefebvre confirmed on Sunday that this was true.
Peace explained that “there was no specific goal to their attack, but said that their prime motivation for the backdoor was to build a botnet.” According to ZDNet, the botnet is still up and running, but the number of infected machines has dropped since the story broke.
If you think you have been affected, Linux Mint advises that you check the ISO file’s MD5 signature, then, if necessary, put the computer offline, back up your data, reinstall the operating system or format the partition, and change your passwords. Details can be found here: http://blog.linuxmint.com/?p=2994.
Penetration testing – as advocated by information security best practice and data security standards – enables you to determine your system’s vulnerabilities by simulating an attack, and use that information to undertake remedial measures. As new vulnerabilities and means of compromise are constantly discovered and used by criminals, it’s essential to ensure that you remain on top of your security practices.
Click here for more information >>