Timeline Of Events: Linux Mint Website Hack That Distributed Malicious ISOs

An anonymous reader writes: The Linux Mint website was hacked last night and was pointing to malicious ISOs that contained an IRC bot known as TSUNAMI, used as part of an IRC DDoSing botnet. While the Linux Mint team says they were hacked via their WordPress site, security experts have discovered that their phpBB forum database was put up for sale on the Dark Web at around the same time of the hack. Also, it seems that after the Linux Mint team cleaned their website, the hackers reinfected it, which caused the developers to take it down altogether.

Re:forum

[KGIII]

They were selling the database. The PMs aren't encrypted in most forums, I'm not sure about phpBB. The passwords are salted and hashed so they're not gonna be digging out rainbow tables and getting passwords. They'll have email addresses that tie in with usernames. They'll know a little about the person so spear phishing is a possibility as is just plain phishing.

I've got some data involved in this one. Nothing major, nothing important. I am not the least bit concerned. I did not download any of the torrents. I do have the legit versions of the .ISOs seeding - all current versions and some older versions - going back to at least v. 14. So, it sucks but it's not the end of the world - unless this damages their reputation so much that people bail on them.

I like Linux Mint. I call it Linux for Retards - which means that I can use it without even looking at the manual. They're well supported, give access to the Ubuntu ecosystem, a cautious and safe build, and not a horrible community. I have a laptop with me that has Cinnamon on it. They'll be okay.

But, there's a few things that make the database valuable. The emails and username combinations are a good start. They can then do some work and figure out more personal traits and then attempt some social engineering, phishing, and even targeted malware - if they want to invest enough energy.