Hackers Breach Linux Mint Distribution, Forums

The Linux Mint operating system community is reeling today after the public disclosure on Feb. 21 that hackers managed to infiltrate the popular Linux distribution and plant a backdoor in the system.

Adding further insult to injury, hackers were also able to compromise the Linux Mint user forum, stealing username and password information. As a result of the attack, the LinuxMint.com Website is now offline as the distribution scrambles to restore confidence and security.

Linux Mint has emerged in recent years to become one of the most popular desktop Linux distributions in the world.

Linux Mint Hack

A key part of Linux Mint’s popularity is its Cinnamon desktop, which provides users with a different user interface from the more standard GNOME desktop. Linux Mint does, however, offer other desktop choices to users as well.

It appears that on Feb. 20 the attackers were only able to impact the most recent Linux Mint 17.3 Cinnamon edition, according to Clement Lefebvre, founder of Linux Mint.

Lefebvre noted the intrusion was brief and quickly discovered. “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it,” he  wrote.

In addition to the hacked Linux Mint 17.3 Cinnamon Edition download, the attackers also compromised the user forums site (forums.linuxmint.com), stealing a copy of the entire database. Hackers now have usernames and passwords used on the Linux Mint forum Websites, and so it is imperative that users make sure they aren’t using the same username/password combination on other sites.

In terms of root cause for the breach of Linux Mint’s security, the finger is being pointed at a security issue with a poorly configured WordPress content management system (CMS) component.

“We found an uploaded php backdoor in the theme directory of a wordpress installation, which was one day old and had no plugins running,” Lefebvre commented.

Lefebvre explained that the WordPress theme was new and was set up with incomplete file permissions. the vulnerability was not an exploit of the WordPress core application and that Linux Mint is running the latest version of WordPress, he said. The WordPress 4.4.2 update  debuted at the beginning of February, patching a pair of security flaws.

After gaining access to the Linux Mint Website by way of the vulnerable WordPress theme component, the attackers were able to point the Linux Mint 17.3 Cinnamon edition download link to a malicious version of the operating system that embeds the Tsunami Trojan.

Tsunami is not a new form of malware, and it’s not unique to Linux either. Back in 2011, Tsunami was able to hijack Apple Mac OS X systems in order to launch distributed denial-of-service (DDoS) attacks.

In regard to who is responsible for the attack, Linux Mint has identified that the hacked versions of its operating system were pointed to servers located in Sofia, Bulgaria.

“What we don’t know is the motivation behind this attack,” Lefebvre wrote. “If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this.”

Are you an open source expert? Take our quiz to find out!

Originally published on eWeek

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

US Approves SpaceX Starlink For Planes, Trains And … Ships

US FCC regulator gives its official approval for SpaceX to use its Starlink satellite internet…

5 hours ago

Bitcoin Falls Below $19,000, But Recovers Slightly Friday

Ominous sign for crypto markets? The value of Bitcoin dropped over 6 percent to below…

7 hours ago

Meta Slashes Hiring As It Braces For Downturn – Report

CEO Mark Zuckerberg tells staff to brace for a deep economic downturn, as Meta cuts…

8 hours ago

Silicon In Focus Podcast: Connected Business

Is the definition of a ‘connected business’ very different today than it was just two…

10 hours ago

BT Disappointed As CWU Votes To Strike, Despite 5 To 8 Percent Pay Rise

First strike in 35 years after BT staff with the e Communications Workers Union vote…

1 day ago