Deemed to be a “modern, elegant and comfortable operating system which is both powerful and easy to use”, Linux Mint is a community-driven distribution system that uses Ubuntu as its codebase. It has garnered a lot of attention as an alternative Operating System and it has been downloaded, installed, and used by many. But those who have done so over this weekend are in for a rude shock – downloading it from the distribution’s website may have compromised the security of their systems.
Recently, in a blog post on 21st February, Clem Lefebvre, creator of the Linux Mint distribution system announced that hackers have developed a modified Linux Mint ISO “with a backdoor in it”. These infected and modified versions of the operating system came with the Internet Relay Chat or the IRC backdoor Tsunami, which gave hackers access to such unhealthy systems; and according to Clem, this modified system affects those who have downloaded the Linux Mint 17.3 Cinnamon edition during the weekend.
The hackers by compromising the security details of the website replaced the official download links for the Linux Mint 17.3 Cinnamon Edition with infected links that could be traced to Bulgaria. Since then the official website has become unavailable so that the mess created can be investigated thoroughly and repaired so that users don’t face any similar problems.
Those interested can check for an infected download by comparing the MD5 signature with the signatures of the official version. The MD5 signature has been put up by Clem in his blog post and is also available on the official server for users to verify so that their downloads don’t hamper their system’s security.
Thus, checking the MD5 signatures is an extremely crucial step that one should make before initiating critical downloads. It is also imperative that these signatures come from trusted sources and not from the hackers themselves. Users will find these MD5 signatures for popular downloads in many places associated with the Linux Operating System.
According to Clem, the backdoor is named ‘absentvodka.com’ which is quite an intelligent way to name it because it doesn’t appear online at the time of writing. He added in his blog post that Linux is unaware of the “motivation behind these attacks” and if such notorious efforts are made to derail the progress of the project, then they would “get in touch with authorities and security firms to confront the people behind this.”