Fujitsu
Not logged in » Login
X

Please login

Please log in with your Fujitsu Partner Account.

Login


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now

Recent Discussion:

NickBown | 22.12.2018, 14:18
We have come across this issue as well, and don't seem to have found a way around it (the server is ...
NickBown | 20.12.2018, 18:40
Hi everyoneWe've got an RX2540 M1 which won't boot past the Fujitsu splash screen (which shows the i...
MarkM | 15.10.2018, 11:33
Hi there.I do not believe the Fujitsu policy on this subject has changed.So NO you can not order dri...
Feb 24 2016

Linux Mint: ISOs and Forum Hacked

As open source software continues to gain popularity, the operating systems, applications and tools published under that licensing scheme turn into valuable targets for miscreants trying to obtain confidential information or wreak havoc on IT infrastructures. Over the past weekend, some of these folks hacked their way into the official Linux Mint site in order to upload fake ISOs and compromise the user forum's database.

Over the past couple of years, open source projects had to take a lot of flak from adversaries as well as supporters of the general approach to software development. That's not really a big surprise, because starting with 2014's Heartbleed bug, a number of critical vulnerabilities came to light that either illuminated flawed coding and review processes, botched standardization, or insufficient security measures for central resources and project websites such as Kernel.org and the Linux Foundation. As it turns out, open source programs are not necessarily more secure and the sites are no less susceptible to attacks than their closed source counterparts. Until the weekend, the latest known weakness was found in glibc, a library that (among other things) tells Linux systems how to perform DNS lookups. On Sunday, we learned that linuxmint.com, home of one of the most popular Linux distributions with approx. 6 million users, had been broken into.

Nature of the Attack
Thankfully, the site's team detected the breach early on and wasted no time fussing about when to go public. Mint chief developer Clement Lefebvre himself spread the bad news via the project blog:

  • "We were exposed to an intrusion today. It was brief and it shouldn't impact many people, but if it impacts you, it's very important you read the information below. [...] Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it. [...] As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn't affect you either. Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th." Along with this announcement, the blog entry gives a detailed account of how users can check whether they downloaded infected ISO files or not and explains how to get rid of them and repair the affected system(s).
  • In a follow-up post from Sunday, Lefebvre warned that the attackers had also broken into and obtained a copy of Mint's forum database, i.e. a list of 'registered' users, complete with user names, email addresses, encrypted password copies, and further "personal information" they may have revealed in their profiles or contributions to forum debates. According to Lefebvre, the main problem here is that weak passwords could potentially be brute-forced. This was followed by the standard security advice that affected users should change their email and forum passwords as well as credential at other sites. On Monday (February 22), ZDNet's Zack Whittaker reported about an "encrypted chat" he had with one of the attackers, during which that person claimed that the entire forum database had been dumped on a "dark web marketplace" where it could be downloaded for 0.197 bitcoins – read: 85 dollars.

Linux Mint users who think they might be affected should visit haveibeenpwned.com, a webpage dedicated to helping people find out whether or not their accounts have been compromised. According to a tweet from Sunday, this affected some 71,000 accounts. However, 45% of these (roughly 32,000) were already stored in haveibeenpwned's database before the weekend breach. Further according to the ZDNet report, the hackers' goal was to create a botnet using a special piece of malware called Tsunami, which opens up a backdoor into affected Linux systems. Along with that, they also claim to have had access to the Linux Mint site and the forum database since the end of January and having controlled "a few hundred" installations at the peak of the attack. However, they conceded that the number of infected machines had "dropped significantly" since the Sunday alert.

Conclusion
First things first: even though the hack was bad enough in Linux terms – especially since it targeted a very popular desktop distro – and happened at the most unfavorable moment, it will likely cause much less disturbance than other recent attacks against open source projects or flaws found in their software offerings. Much of that is owed to the awareness and vigilance of the Linux Mint team who spotted the attack relatively early and thus managed to contain it before a bigger breakout occurred. Still, Saturday's security breach reveals there's a lot of truth in the old adage that 'success breeds enemies' – an insight many open source projects struggle with as of yet. The problem here is that this struggle can't go on forever, because open source software (whether in the form of Linux, Apache, Firefox, Drupal, or whatever) plays a central, hard-to-overestimate role in today's information architecture. In other words, it needs much better funding and a lot more attention than it currently gets. One way for IT vendors and users to assist with that would be to join the Core Infrastructure Initiative that was started by the Linux Foundation right after Heartbleed struck.

 
SHARE

Comments on this article

No comments yet.

Please Login to leave a comment.