Hackers compromise Linux Mint Cinnamon ISO and forums

The leader of the Linux Mint project, one of the more popular Linux distributions for the desktop, has revealed the project's website was attacked. In two separate posts to the project's blog, ISO for Linux Mint 17.3 Cinnamon edition and a stolen forums database.

The linuxmint.com domain remained down until earlier today, and now the blog.linuxmint.com subdomain isn't responding. The previously linked blog posts were viewed via Google's site cache.

To compromise the Cinnamon edition ISO, the attackers inserted a bogus link on the site's download page pointing to a custom ISO containing a backdoor. Both the link and the backdoor point to a source in Sofia, Bulgaria. It isn't clear whether the MD5 checksum listed on the download page for the ISO was also altered, but the blog post says the valid checksums are as follows:

6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso

The stolen forums database includes potentially sensitive information such as private topics and messages. Lefebvre says forum passwords were encrypted, but he advises all forum members to change their password. Anyone using the same or similar passwords in other domains should change those, too.

It isn't immediately clear how the server was compromised, but The Hacker News suggests it may have been through the site's WordPress blog.

 

Comments closed
    • DrCR
    • 3 years ago

    To be honest, from something odd I encountered a good week or more ago with two different mirrors of one of their non-cinnamon isos, I wonder of the scope is actually larger.

      • nerdrage
      • 3 years ago

      What happened?

      • FakeAlGore
      • 3 years ago

      What does “something odd” mean in this context?

      • DrCR
      • 3 years ago

      Sorry, to elaborate, for an intended Steam setup, I downloaded the 17.3 Mate 64bit iso from two different mirrors, and I was getting a SHA256 mismatch. Maybe that’s coincidental and not indicative of anything. This was a good week or so ago at this point. When I pick this back up again though, I may instead go with Ubuntu for that partition.

    • Peter.Parker
    • 3 years ago

    The only good Mint is the Chocolate Mint!

      • aceuk
      • 3 years ago

      After Eight mints are nice. 🙂

        • EndlessWaves
        • 3 years ago

        I vote for Mint Creams

      • MarkG509
      • 3 years ago

      Grow a few mint plants. Pick a few leaves and chew on them. Awesome. Even kids like them. Better than candy.

    • bfar
    • 3 years ago

    I played tennis today 🙂

      • Wirko
      • 3 years ago

      Can you produce at least three witnesses?

        • Shobai
        • 3 years ago

        What, was he playing doubles?

    • xeridea
    • 3 years ago

    WordPress, holding the web back since… whenever it was first written.

      • jihadjoe
      • 3 years ago

      Seems the site admins had a pretty retarded password too. Srlsy, “upMint”? lol!

        • DrCR
        • 3 years ago

        Aspects like that are more disconcerting to me than that they were hacked.

    • synthtel2
    • 3 years ago

    There’s some good discussion of Linux Mint’s security practices at [url=https://lwn.net/Articles/676613/<]LWN[/url<]. <rant> Apparently The Hacker News != [url=https://news.ycombinator.com<]Hacker News[/url<]. Hacker News has been around a long time and is generally pretty well respected. THN's [url=https://whois.domaintools.com/thehackernews.com<]whois[/url<] record says it's definitively younger than HN. Alexa rankings on them are THN = [url=http://www.alexa.com/siteinfo/thehackernews.com<]10079[/url<], HN = [url=http://www.alexa.com/siteinfo/ycombinator.com<]2308[/url<]. The other stats there (Alexa) make it look even more like they're picking up major traffic that was interested in HN, not THN. Note that HN doesn't actually have "hackernews" or variants in the domain, so someone doing a search for it may be inclined to click the one that has that string in the URL instead. They've also got a subscription pop-up with a decline option of "No Thanks, I Don't want to Learn anything New." Yes, I am offended (and I'm very very difficult to offend). THN is putting a lot more sensationalism than thought into their writing, too. They suggest checking suspect downloads against the MD5 posted on the compromised server, or at least one very very similar to the one that just got owned by as-yet unknown methods? Right, nothing at all wrong with this picture. The original Hacker News has some [url=https://news.ycombinator.com/item?id=11149839<]good discussion[/url<] and a whole lot less sensationalism, for the record. </rant> (Edits for broken links. They should be fixed now.) (Yet another edit for domain stuff) Yet another edit, just to be clear.... Morgan, you're doing great. There's no expectation that TR will research what happened in enough detail in this kind of specialized area to know where that kind of problem might lie (Mint did screw up well beyond expectations here). Even THN being bad at their jobs wouldn't cause a rant, it was the combo of their quasi-SEO stuff and offensive ego the size of the internet that did it. /me finally out and done ranting

      • spugm1r3
      • 3 years ago

      To your credit, I actually read your entire post.

      • jihadjoe
      • 3 years ago

      I generally recommend MINT to friends who want to dip their toes in Linux. After reading your link and the Ars comments on this news I probably wont anymore.

    • trackerben
    • 3 years ago

    I guess their ISOs are no longer in Mint condition.

      • chuckula
      • 3 years ago

      Needs sunglasses ASCII art and a YEAAHHHHHHH!

        • DrDominodog51
        • 3 years ago

        (•_•) / ( •_•)>⌐■-■ / (⌐■_■)

      • spugm1r3
      • 3 years ago

      I feel a little a terrible for laughing at this.

      • morphine
      • 3 years ago

      This warrants a “LOL” 😀

Pin It on Pinterest

Share This