Linux Mint’s Website Hacked, ISOs Compromised

Security / Tech
Linux Mint

The founder of the Linux Mint project, Clement Lefebvre announced on the official blog that the Linux Mint website was hacked and that the download links to the ISOs were changed to point to compromised ones. He said that these hackers added backdoors to the ISOs, though he didn’t reveal much information on the nature of these backdoors. He also added that the Linux Mint has the names of three people that they think are involved with this attack.

The blog post also clarified that this will affect only those who downloaded the ISO on February 20th, 2016 and those who opted for the Cinnamon version. Clement went on to give several tips to those users who downloaded the ISO or actually used it to install the operating system on their devices.

What to do if you are affected?

Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.

If you installed this ISO on a computer:

  • Put the computer offline.
  • Backup your personal data, if any.
  • Reinstall the OS or format the partition.
  • Change your passwords for sensitive websites (for your email in particular).

If you downloaded an ISO from the Linux Mint website on the 20th of February, you can verify if it compromised by checking its md5sum.

How to check if your ISO is compromised?

If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO).

The valid signatures are below:

6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso

If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session.

Once in the live session, if there is a file in /var/lib/, then this is an infected ISO.

The developers have taken the server of the site offline. You can, however, still get your Linux Mint fix via torrents.

  Source: Linux Mint Blog
To Top