Hackers compromise Linux Mint Cinnamon ISO and forums

— 9:07 PM on February 23, 2016

The leader of the Linux Mint project, one of the more popular Linux distributions for the desktop, has revealed the project's website was attacked. In two separate posts to the project's blog, ISO for Linux Mint 17.3 Cinnamon edition and a stolen forums database.

The linuxmint.com domain remained down until earlier today, and now the blog.linuxmint.com subdomain isn't responding. The previously linked blog posts were viewed via Google's site cache.

To compromise the Cinnamon edition ISO, the attackers inserted a bogus link on the site's download page pointing to a custom ISO containing a backdoor. Both the link and the backdoor point to a source in Sofia, Bulgaria. It isn't clear whether the MD5 checksum listed on the download page for the ISO was also altered, but the blog post says the valid checksums are as follows:

6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso

The stolen forums database includes potentially sensitive information such as private topics and messages. Lefebvre says forum passwords were encrypted, but he advises all forum members to change their password. Anyone using the same or similar passwords in other domains should change those, too.

It isn't immediately clear how the server was compromised, but The Hacker News suggests it may have been through the site's Wordpress blog.


Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.