<div dir="ltr"><a href="http://www.networkworld.com/article/3040247/linux/faq-what-the-heck-happened-to-linux-mint.html">http://www.networkworld.com/article/3040247/linux/faq-what-the-heck-happened-to-linux-mint.html</a><br><p>
Linux Mint is one of the most popular desktop distributions of Linux in the world, so when the organization <a href="http://www.csoonline.com/article/3035743/security/linux-mint-hacked-compromised-data-up-for-sale-iso-downloads-backdoored.html" target="new">suffered a serious security breach</a> late last month, it made waves in the open-source community.
</p><p>
<strong>Q: What, exactly, happened?</strong>
</p><p>
On Saturday, Feb. 20, somebody noticed that the download link for
certain versions of the operating system on Mint’s official website had
been changed. The fiddled-with link now pointed to a malicious website,
hosted in Bulgaria.
</p> <p>
<strong>Q. So what did this malicious website try to do?</strong>
</p><p>
It served up what appeared to be the file that people were trying to
download – a disk image for installing Mint. However, it was a hacked
copy, which included a backdoor into the installation. Simply put, if
you installed Linux Mint using one of these corrupted images, you gave
the hackers a direct line into your computer.
</p><p>
<strong>Q. Is that a complicated operation?</strong>
</p><p>
It sure was. In addition to creating the hacked version of Mint, the
attacker had to compromise the website to ensure that the compromised
copies could be distributed. So that’s a couple different moving parts
to worry about. And while the whole thing was going on, the attacker
grabbed complete copies of Mint’s forum data, including personally
identifiable information and crackable passwords, selling the
information online.
</p> <p>
<strong>Q. How many installs were affected?</strong>
</p><p>
Hard to say exactly, although Level 3 Communications estimates <a href="http://blog.level3.com/security/the-linux-mint-backdoor-how-bad-was-it/" target="new">in an analysis of the attack</a> that “hundreds of users” may have downloaded the corrupted disk image.
</p><p>
<strong>Q. Who did it?</strong>
</p><p>
Apparently, a hacker going by the handle “Peace.” Peace gave <a href="http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installing-linux-mint-backdoor/" target="new">an interview to ZDNet reporter Zach Whittaker</a>,
in which he or she explained that the idea was mainly just to get
access to as many computers as possible, possibly for a botnet. Peace
first gained access to the site in January, via a security vulnerability
in a WordPress plugin.
</p><p>
<strong>Q. What did Mint do about it?</strong>
</p><p>
To its credit, the Mint team was pretty open about the whole thing,
warning users as soon as they were aware of the hack and eventually
taking down the site in order to halt the spread of the corrupted disk
images.
</p><p>
<strong>Q. If I downloaded and installed Mint during the time the site was affected, how do I know if I’m vulnerable?</strong>
</p><p>
If you’ve got the .iso file still handy, you can compare the MD5 checksum to the one for legitimate copies <a href="http://blog.linuxmint.com/?p=2994" target="new">listed at the official Mint blog</a>.
If not, check to see whether there’s a file in the folder
/var/lib/<a href="http://man.cy">man.cy</a>. If the folder is empty, you should be OK. However, if
there is a file in there, you probably have the compromised version, and
should back up your personal data before wiping the hard drive and
reinstalling your operating system.
</p><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span style="font-family:arial,helvetica,sans-serif"><span style="font-size:8pt"><br></span></span><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
</div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>