Linux Mint - Free and powerful

Saturday, 27 February 2016

Hacker explains how he put backdoor on Linux Mint downloads » TechWorm



Hundreds of Linux machines backdoored, as the hacker’s botnet is still operational

In our previous article, we had reported how the Linux Mint website was hacked that tricked users into downloading a fake Linux Mint ISO with a backdoor.
Well now, in an encrypted chat on Sunday, the person responsible for the hack, who goes by the name “Peace,” told ZDNet that a “few hundred” Linux Mint installs were under their control, which turns out to be a substantial portion of the thousand-plus downloads during the day.
Peace also went on to state that a complete copy of the site’s forum was stolen by him twice: the first one on January 28, and the second one which was the most recent on February 18, just two days before the hack was established.
The hack affected not only the forum usernames, but also passwords (encrypted), email addresses, birthdates, profile pictures, any information in the signature and any information posted on forums, including private messages and private topics. The hacker claims to have cracked some of the passwords already with many more to be cracked in the pipeline. (It’s assumed that the site used PHPass to hash the passwords, which can be cracked.)
Clement Lefebvre, leader of the Linux Mint project confirmed on Sunday that the forum had been breached. He said “It was confirmed that the forums database was compromised during the attack led against us yesterday and that the attackers acquired a copy of it. If you have an account on forums.linuxmint.com, please change your password on all sensitive websites as soon as possible.”
In fact, the hacker had put the forum database (Linuxmint.com shell, php mailer, and full forum dump) on a dark web marketplace for sale for a meagre amount of $85 (about 0.197 bitcoin).
Confirming that the listing was theirs, Peace said jokingly, “Well, I need $85.”
On Sunday, it was announced that about 71,000 accounts (which is less than half of all accounts included in the database) were loaded into breach notification site HaveIBeenPwned. If you think you may have been affected by the breach, you can search its database for your email address.
While Peace said that they lived in Europe and had no association to hacking groups, he refused to provide information such as their name, age, or gender.
In January, Peace was “just poking around” the site when they discovered a vulnerability that allowed them to access it without any authorization. (The hacker also mentioned that they had credentials to log in to the site’s admin panel as Lefebvre, however, was hesitant to describe how it turned out to be useful again.) The hacker then on Saturday swapped one of the 64-bit Linux distribution images (ISO) with one that was modified by adding a backdoor, and afterwards made a decision to “replace all mirrors” for every downloadable version of Linux on the site with a modified version of their own.
The hacker said that as the code is open-source, the backdoored version is not that hard as one would think. It just took them just a few hours to repack a Linux version that contained the backdoor.
The files were then uploaded to a file server situated in Bulgaria by the hacker, which took the longest “because of slow bandwidth.”
The best way to get users to download the backdoored version on the website is by changing the checksum (used to authenticate the reliability of a file) on the website with the checksum of the backdoored version.
The hacker said, “Who the f**k checks those anyway?”
Known to work alone, the hacker in the past has provided private exploit services for known susceptibilities services on private marketplace sites that they are connected to.
The first hacking episode began in late January, but increased when they “started spreading the backdoored images early morning [Saturday],” the hacker said.
Hacker explains how he put backdoor on Linux Mint downloads » TechWorm: "HaveIBeenPwned"



'via Blog this'

5 comments :

  1. It's interesting that many of the bloggers to helped clarify a few things for me as well as giving.Most of ideas can be nice content.The people to give them a good shake to get your point and across the command .

    ccna training in chennai velachery

    ReplyDelete
  2. Linux is most popular OS for hackers. There are many reasons behind this, 1st one is that "Linux’s source code is freely available" and the 2nd one is that there are countless Linux security distros available that can double as Linux hacking software.

    Linux hacking can be prevented to a great extent if proper security measures are taken at the right time. Try to follow different hacking forums where you be able to get know the different methods about how to avoid hacking in Linux, In the end I must appreciate your efforts, and your knowledge skills, It is the best guide about Linux hacking I've ever read.
    Stand out with a truly custom dentist website (no templates). Optimized360 stunning dental sites are developed for doctors like you. View Example Now!

    ReplyDelete
  3. Great post! I am actually getting ready to across this information, It's very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.

    seo company in chennai

    ReplyDelete
  4. Superb. I really enjoyed very much with this article here. Really it is an amazing article I had ever read. I hope it will help a lot for all. Thank you so much for this amazing posts and please keep update like this excellent article.thank you for sharing such a great blog with us. expecting for your.
    Digital Marketing Company in India

    ReplyDelete
  5. Great site for these post and i am seeing the most of contents have useful for my Carrier.Thanks to such a useful information.Any information are commands like to share him.

    Hadoop Training in Chennai
    Dotnet Training in Chennai

    ReplyDelete

Thank you for taking the time to comment. Your opinion is important and of value and we appreciate the positive feedback! If you are "Negative Nancy" then please do us, and humanity, a favor, and piss off.

Total Pageviews

Google+ Followers

Pages

Blog Archive

Popular Posts

Recent Comments

Rays Twitter feed

Ads

Web sites come and go and information is lost and therefore some pages are archived. @rayd123. Powered by Blogger.