linuxmintbugs100648217orig

FAQ: What the heck happened to Linux Mint?

Linux Mint is one of the most popular desktop distributions of Linux in the world, so when the organization suffered a serious security breach late last month, it made waves in the open-source community.

Q: What, exactly, happened?

On Saturday, Feb. 20, somebody noticed that the download link for certain versions of the operating system on Mint’s official website had been changed. The fiddled-with link now pointed to a malicious website, hosted in Bulgaria.

+ALSO ON NETWORK WORLD: Google CSO peers out from the fishbowl to talk security + RSA president slams crypto backdoors as useful only against petty criminals

Q. So what did this malicious website try to do?

It served up what appeared to be the file that people were trying to download – a disk image for installing Mint. However, it was a hacked copy, which included a backdoor into the installation. Simply put, if you installed Linux Mint using one of these corrupted images, you gave the hackers a direct line into your computer.

Q. Is that a complicated operation?

It sure was. In addition to creating the hacked version of Mint, the attacker had to compromise the website to ensure that the compromised copies could be distributed. So that’s a couple different moving parts to worry about. And while the whole thing was going on, the attacker grabbed complete copies of Mint’s forum data, including personally identifiable information and crackable passwords, selling the information online.

Q. How many installs were affected?

Hard to say exactly, although Level 3 Communications estimates in an analysis of the attack that “hundreds of users” may have downloaded the corrupted disk image.

Q. Who did it?

Apparently, a hacker going by the handle “Peace.” Peace gave an interview to ZDNet reporter Zach Whittaker, in which he or she explained that the idea was mainly just to get access to as many computers as possible, possibly for a botnet. Peace first gained access to the site in January, via a security vulnerability in a WordPress plugin.

Q. What did Mint do about it?

To its credit, the Mint team was pretty open about the whole thing, warning users as soon as they were aware of the hack and eventually taking down the site in order to halt the spread of the corrupted disk images.

Q. If I downloaded and installed Mint during the time the site was affected, how do I know if I’m vulnerable?

If you’ve got the .iso file still handy, you can compare the MD5 checksum to the one for legitimate copies listed at the official Mint blog. If not, check to see whether there’s a file in the folder /var/lib/man.cy. If the folder is empty, you should be OK. However, if there is a file in there, you probably have the compromised version, and should back up your personal data before wiping the hard drive and reinstalling your operating system.

IDG Insider

PREVIOUS ARTICLE

« Intel eyes a path to get back in line with Moore's Law

NEXT ARTICLE

The irony in the FBI's request to unlock the iPhone »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?