Linux mint cinnamon 17.3 downloads was breached.

Talking about SolydXK, another distribution or totally off-topic but within the Rules ? It's the right place!
User avatar
disciple1964
Posts: 95
Joined: 03 Jan 2014 04:33
Location: Irving, Texas

Linux mint cinnamon 17.3 downloads was breached.

Postby disciple1964 » 21 Feb 2016 21:34

Hello,

Please Check the blog out at http://blog.linuxmint.com/?p=2994&_utm_source=1-2-2. It seems that shady people from russia have modified and created a backdoor in the Feb 20th downloads of Linux Mint Cinnamon 17.3 Here is some of the information from Clem:

I’m sorry I have to come with bad news.

We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Does this affect you?

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.

Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.

How to check if your ISO is compromised?

If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO).

The valid signatures are below:

6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso

If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session.

Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.

What to do if you are affected?

Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.

If you installed this ISO on a computer:

Put the computer offline.
Backup your personal data, if any.
Reinstall the OS or format the partition.
Change your passwords for sensitive websites (for your email in particular).

Is everything back to normal now?

Not yet. We took the server down while we’re fixing the issue.

Who did that?

The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com.

Both lead to Sofia, Bulgaria, and the name of 3 people over there. We don’t know their roles in this, but if we ask for an investigation, this is where it will start.

What we don’t know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this.

If you’ve been affected by this, please do let us know.


Please read the comments as it will give even more information on how it was done, and the damage it has created. To the admins of this site, Please if you can help Clem and team gather as much information as possible to help catch these people. Wordpress was used in this hack and maybe that software should not be part of anyone's website.

Lenovo T61P-6gigs-15.1Screen-250gig hard drive / Desktop: Quad core Intel Core i7-4790K CPU Kernel~3.19.0-49-generic x86_64 Mem~1621.5/15928.2MB HDD~1120.2GB
Registered Linux user 566308

User avatar
Zill
Posts: 1850
Joined: 13 Aug 2013 14:28
Location: Lincolnshire, UK

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby Zill » 21 Feb 2016 22:57

disciple1964 wrote:... It seems that shady people from russia have modified and created a backdoor in the Feb 20th downloads of Linux Mint Cinnamon 17.3 Here is some of the information from Clem:
...
The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com.
Both lead to Sofia, Bulgaria, and the name of 3 people over there.
There are three countries between Russia and Bulgaria (Ukraine, Moldova and Romania) so it seems rather unkind to blame shady people from Russia! ;-)

balloon
Posts: 164
Joined: 03 Apr 2014 03:53

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby balloon » 22 Feb 2016 01:24

If you have created an account with Linux Mint forums, you might change the password is required:
http://blog.linuxmint.com/?p=3001
It was confirmed that the forums database was compromised during the attack led against us yesterday and that the attackers acquired a copy of it. If you have an account on forums.linuxmint.com, please change your password on all sensitive websites as soon as possible.

The database contains the following sensitive information:
  • Your forums username
  • An encrypted copy of your forums password
  • Your email address
  • Any personal information you might have put in your signature/profile/etc…
  • Any personal information you might written on the forums (including private topics and private messages)
People primarily at risk are people whose forums password is the same as their email password or as the password they use on popular or sensitive websites. Although the passwords cannot be decrypted, they can be brute-forced (found by trial) if they are simple enough or guessed if they relate to personal information.

Out of precaution we recommend all forums users change their passwords.

While changing your passwords, please start with your email password and do not use the same password on different websites.

User avatar
Zero Angel
Posts: 115
Joined: 01 Aug 2014 22:50

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby Zero Angel » 22 Feb 2016 03:54

I was just going to post about this. Recieved this email in my inbox today.
Attachments
beenpwned.png

docke
Posts: 26
Joined: 12 Apr 2015 00:00

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby docke » 22 Feb 2016 05:23

Zill wrote:There are three countries between Russia and Bulgaria (Ukraine, Moldova and Romania) so it seems rather unkind to blame shady people from Russia! ;-)
I totally agree.
And by the same logic, it is worth to mention that Bulgaria is member of a gang called NATO. :lol:

balloon
Posts: 164
Joined: 03 Apr 2014 03:53

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby balloon » 22 Feb 2016 05:31

Zero Angel wrote:I was just going to post about this. Recieved this email in my inbox today.
Unfortunately, your e-mail address and account has been spreading.

This e-mail is not sent from the site to see if there is a spread account and e-mail address.
Some user information of Linux Mint forum has been spreading. (It seems not so far everyone)

User avatar
Ghstryder
Posts: 41
Joined: 01 Sep 2015 01:38
Location: Detroit, Michigan, USA

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby Ghstryder » 22 Feb 2016 06:08

The email Zero Angel received was from haveibeenpwned.com. One can opt-in for a notification email if they have an account on a compromised site.

User avatar
Zero Angel
Posts: 115
Joined: 01 Aug 2014 22:50

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby Zero Angel » 22 Feb 2016 06:36

Ghstryder wrote:The email Zero Angel received was from haveibeenpwned.com. One can opt-in for a notification email if they have an account on a compromised site.
This is correct. I opted into that service so I will recieve emails when a site i'm a member of for has been pwned.

kurotsugi
Posts: 2194
Joined: 09 Jan 2014 00:17

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby kurotsugi » 22 Feb 2016 14:12

I wonder how did they found the breach. They attacker hack both the iso download page and the forum database. Hacking the forum database sounds a common attack but hacking the download page? They need to create the fake iso, create the malware, then hack the site, which i believe will require quite of time. The attack might have been done long before they found it.

Let's hope that there's no additional damage and the issue got quickly resolved :3


User avatar
MAYBL8
Posts: 1487
Joined: 10 Mar 2013 18:41
Location: Maryland Heights, MO USA
Contact:

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby MAYBL8 » 23 Feb 2016 23:18

My email address on the forum was "breached".
It doesn't sound like I anything to worry about.
I haven't used their forum since I came here and my email password has been changed but my forum password was not changed.


kurotsugi
Posts: 2194
Joined: 09 Jan 2014 00:17

Re: Linux mint cinnamon 17.3 downloads was breached.

Postby kurotsugi » 24 Feb 2016 19:13

the more I read the more it sounds like the security system was neglected and left open for any attacker. there was a report on 16 jan but somehow got ignored. the attacker was able to get an admin credentials which means the attack have been done several times. somehow, up to this point no one seems notice it. no wonder why did the attacker got all the confidence he needs to do bolder moves. scary! :shock:


Return to “Open Chat / General Discussion”

Who is online

Users browsing this forum: No registered users and 3 guests