Linux Mint Website Hacked, ISO compromised!

On the 20th February 2016, the Linux Mint website was hacked and some ISO images were swapped. If you think this affects you continue reading!

Update 5 – 24/02/2016

In a Linux Mint Update Manager commit, a code detecting the malware has been added. This functionality will warn the user in the case the malware is present on their system.

Update 4 – 23/02/2016

LinuxMint.com is now up again.

Update 3 – 21/02/2016

LinuxMint.com has been shut down temporarily to investigate the issue and fix eventual leftovers.

Update 2 – 21/02/2016

All LinuxMint.com forum users should change their password. This post from Clement Lefebvre clearly says the database was compromised and all users are invited to change their passwords.

Update 1 – 21/02/2016

According to this Twitter post, someone is trying to sell LinuxMint.com dumped information on an unspecified dark web site.

Script kiddies are selling @LinuxMint‘s full website’s database online for 85.000$. #InfoSec #Linux #LinuxMint pic.twitter.com/EDmPW1ouAF

— A️Nℹ️S ⚜ (@0xUID) 21 Febbraio 2016

Website hacked

During the 20th February 2016 the Linux Mint website was hacked, says head of the Linux Mint project Clement Lefebvre. According to the founder of one of the most known Linux distributions, the website was compromised so that it redirected users to fake ISOs with backdoors inside it. Furthermore the situation hasn’t settled down (according to Clement) but they’re investigating about the issue. All of this can be found in a blog post on the Linux Mint blog.

What to do if you’re worried

According to the blog post, only the Linux Mint 17.3 with Cinnamon ISO has been compromised, if you think you’ve download that ISO during the 20th or just want to be safe here are the md5 checksums to ensure your image hasn’t been compromised.

6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso

What to do if you got the compromised ISO

Directly from the blog post from Clement Lefebvre, head of the Linux Mint project:

Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.

If you installed this ISO on a computer:

• Put the computer offline.
• Backup your personal data, if any.
• Reinstall the OS or format the partition.
• Change your passwords for sensitive websites (for your email in particular).

I highlighted the concrete actions you can take in order to avoid unpleasant things. For those who are thinking they are safe even with the compromised ISO: be not! Those ISO are potentially deadly for everything you do with the operating system installed from those.

• Author
• Recent Posts

mark

The IT guy with a slight look of boredom in his eyes. Freelancer. Current interests: Kubernetes, Tensorflow, shiny new things.

Latest posts by mark (see all)

• 2020 A year in review for Marksei.com - 30 December 2020
• Red Hat pulls the kill switch on CentOS - 16 December 2020
• OpenZFS 2.0 released: unified ZFS for Linux and BSD - 9 December 2020