Linux Mint Backdoor Puts Users and Bitcoin Miners at Risk
February 21, 2016 – The website of the second most popular Linux distribution, Linux Mint, has been hacked to point users to an altered installation image with a backdoor and malicious software pre-loaded. Their primary site and Forums are down at the moment as well, due to repeated intrusions by these hackers. The distro is popular among the Cryptocurrency mining community as a platform for running GPU mining software packages, and this security breach could affect users trying to upgrade their operating systems on these computers, giving the hackers access to their personal information and possibly their Cryptocurrency Wallets.
Lax Security at Linux Mint Causes Breach
The hackers targeted the most downloaded system image of the Linux Mint operating system, Cinnamon Edition, and the logs indicating intrusion and the hacked .iso’s backdoor leads to IP addresses in Sofia, Bulgaria, that have been connected to 3 individuals there Yesterday. The backdoor, thought to be fixed previously, has been reintroduced several times over the course of the day, prompting the Linux Mint admins to take their entire site down while they attempt to fix the issue. The hacked ISO contains a TSUNAMI Trojan, a type of Unix malware that uses IRC, FTP, and HTTP backdoors to compromise system security and collect information of the affected user. This data can include passwords, personal files, private keys, etc.. This is of obvious concern to Miners as often the username and passwords of their mining pool accounts get stored in plaintext configuration files.
Luckily, not all new downloads are affected. Anyone using the torrent to download the ISO is safe, as the file is inherently checked for integrity and downloads from many different pre-verified and typically encrypted sources. Linux Mint is urging users to verify their downloaded images using md5 sums and to reinstall any recently set-up computers while they fix their security problems. With repeated successful attacks on the Linux Mint servers and the general uncertainty of the community, what could have been a small hiccup is quickly becoming a security fiasco. The argument for implementing blockchain technologies and decentralized security protocols is becoming stronger with this and other recent internet security breaches.
This intrusion was made possible by a centralized download system with weak security – the Linux Mint site doesn’t even use https fully at the moment. The fact an unaffected version of the ISO is still available is thanks to decentralized P2P download protocols that take 3rd party trust out of the equation. Linux boasts security as a reason to use it over commercial operating systems, but this security is only as good as the people behind the distribution you use. In the case of Linux Mint, that security was lackluster. As we see more malicious operators target cryptocurrency for theft, it is more vital than ever to secure our mining solutions. Though Linux mint’s ease of use makes a good case for new and dabbling miners, solutions like Arch Linux, or FreeBSD, that hand the reigns to the user in terms of security practices, and have better in-built downstream security support, may be better alternatives for mining setups for now, at least until Linux Mint proves they’ve taken steps to ensure their OS isn’t compromised again.
Know of other secure alternatives for mining platforms? Feel strongly about bad security practices at Linux Mint? Let us Know in the comments!
Images courtesy of Wikimedia, Linux Mint