Top 5 Questions about Linux Mint Getting Hacked
Over the weekend, while we were eagerly awaiting for Samsung to unveil the new Galaxy S7 and S7 Edge, the Linux Mint website was hacked. Shocking, I know!
The questions and answers listed below should address everything you need to know about the incident – what happened, if it affects you, and so on.
1. What happened, precisely?
Hackers managed to break into the Linux Mint website over the weekend. By hacking the website, they were able to take visitors to a modified Linux Mint ISO which contained a back door.
Lead Linux Mint Developer Clem Lefebvre says that Linux Mint 17.3 Cinnamon Edition is the only compromised edition. If you downloaded this edition on February 20, you should check to see if it’s compromised or not.
“If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either,” said Lefebvre.
2. How can I check the Linux Mint ISO I downloaded?
By checking its MD5 signature with the “md5sum yourfile.iso” command (replace yourfile with the ISO’s name). This is the list of valid MD5 signatures that Clem Lefebvre provided:
Linux Mint 17.3 Cinnamon 32-bit ISO
6e7f7e03500747c6c3bfece2c9c8394f
Linux Mint 17.3 Cinnamon 64-bit ISO
e71a2aad8b58605e906dbea444dc4983
Linux Mint 17.3 Cinnamon 32-bit ISO no codecs
30fef1aa1134c5f3778c77c4417f7238
Linux Mint 17.3 Cinnamon 64-bit ISO no codecs
3406350a87c201cdca0927b1bc7c2ccd
Linux Mint 17.3 Cinnamon 64-bit ISO OEM
df38af96e99726bb0a1ef3e5cd47563d
If you burned the ISO image onto a disc or if you put it onto an USB stick, here’s what you have to do to:
3. What should I do if my Linux Mint ISO is compromised?
If you still have the ISO image, delete it.
If you burned the ISO image onto a disc, trash the disc. If you put the ISO onto an USB stick, format the stick.
If you installed the compromised edition, follow these steps (as recommended by Clem Lefebvre):
4. Should I change my forum password?
Yes, yes you should. If you have an account on forums.linuxmint.com, you should change your password ASAP.
Lefebvre confirmed that the hackers managed to compromise the forum database as well. Said database contained the following info: usernames, an encrypted copy of forum passwords, email addresses, personal information stored in your signature or profile, and personal information you might have written on the forum.
“People primarily at risk are people whose forums password is the same as their email password or as the password they use on popular or sensitive websites. Although the passwords cannot be decrypted, they can be brute-forced (found by trial) if they are simple enough or guessed if they relate to personal information,” said Clem Lefebvre. “Out of precaution we recommend all forums users change their passwords.
5. Why is LinuxMint.com offline?
Things aren’t back to normal, not yet anyway. The Linux Mint server has been taken down while this whole issue is being dealt with.
The questions and answers listed below should address everything you need to know about the incident – what happened, if it affects you, and so on.
1. What happened, precisely?
Hackers managed to break into the Linux Mint website over the weekend. By hacking the website, they were able to take visitors to a modified Linux Mint ISO which contained a back door.
Lead Linux Mint Developer Clem Lefebvre says that Linux Mint 17.3 Cinnamon Edition is the only compromised edition. If you downloaded this edition on February 20, you should check to see if it’s compromised or not.
“If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either,” said Lefebvre.
2. How can I check the Linux Mint ISO I downloaded?
By checking its MD5 signature with the “md5sum yourfile.iso” command (replace yourfile with the ISO’s name). This is the list of valid MD5 signatures that Clem Lefebvre provided:
Linux Mint 17.3 Cinnamon 32-bit ISO
6e7f7e03500747c6c3bfece2c9c8394f
Linux Mint 17.3 Cinnamon 64-bit ISO
e71a2aad8b58605e906dbea444dc4983
Linux Mint 17.3 Cinnamon 32-bit ISO no codecs
30fef1aa1134c5f3778c77c4417f7238
Linux Mint 17.3 Cinnamon 64-bit ISO no codecs
3406350a87c201cdca0927b1bc7c2ccd
Linux Mint 17.3 Cinnamon 64-bit ISO OEM
df38af96e99726bb0a1ef3e5cd47563d
If you burned the ISO image onto a disc or if you put it onto an USB stick, here’s what you have to do to:
- Use the disc or USB to boot a computer or a virtual machine offline.
- Let it load the live session.
- If there is a file in /var/lib/man.cy, it means the ISO has been compromised.
3. What should I do if my Linux Mint ISO is compromised?
If you still have the ISO image, delete it.
If you burned the ISO image onto a disc, trash the disc. If you put the ISO onto an USB stick, format the stick.
If you installed the compromised edition, follow these steps (as recommended by Clem Lefebvre):
- Put the computer offline.
- Backup your personal data, if any.
- Reinstall the OS or format the partition.
- Change your passwords for sensitive websites (for your email in particular).
4. Should I change my forum password?
Yes, yes you should. If you have an account on forums.linuxmint.com, you should change your password ASAP.
Lefebvre confirmed that the hackers managed to compromise the forum database as well. Said database contained the following info: usernames, an encrypted copy of forum passwords, email addresses, personal information stored in your signature or profile, and personal information you might have written on the forum.
“People primarily at risk are people whose forums password is the same as their email password or as the password they use on popular or sensitive websites. Although the passwords cannot be decrypted, they can be brute-forced (found by trial) if they are simple enough or guessed if they relate to personal information,” said Clem Lefebvre. “Out of precaution we recommend all forums users change their passwords.
5. Why is LinuxMint.com offline?
Things aren’t back to normal, not yet anyway. The Linux Mint server has been taken down while this whole issue is being dealt with.
