Anonymous Linux OS Authors Still A Mystery

SourceForge pulled the Linux OS last week after security experts outlined risks, and regular Anonymous channels denounced it as a Trojan-laden fake. So who's behind it?

Mathew J. Schwartz, Contributor

March 19, 2012

4 Min Read

Anonymous: 10 Facts About The Hacktivist Group

Anonymous: 10 Facts About The Hacktivist Group

Anonymous: 10 Facts About The Hacktivist Group (click image for larger view and for slideshow)

If you like the hacktivist collective Anonymous, you'll love a new Linux operating system that promises out-of-the box attack capabilities.

That was the pitch for Anonymous-OS, which appeared last week on the popular open-source file distribution site SourceForge. The 1.5-GB distribution file was quickly downloaded more than 26,000 times. According to its anonymous creators, Anonymous-OS was "created for educational purposes, to (sic) checking the security of web pages," They also added: "Please don't use any tool to destroy any Web page."

The operating system was built using version 11.10 of Ubuntu, a free open-source operating system based on the Debian Linux distribution. But it also includes a number of attack-oriented tools, including the Anonymous High Orbit Ion Cannon--an update to the group's Low Orbit Ion Cannon distributed denial of service tool--as well as automated SQL injection tool Havij, and network protocol analyzer Wireshark.

Rik Ferguson, solutions architect for Trend Micro, told the BBC that after running the operating system, he'd found that it was "a functional OS with a bunch of pre-installed tools that can be used for things like looking for [database] vulnerabilities or password cracking," but that he hadn't yet ascertained whether it included malware meant to harm the user. On the whole, however, he said it paled in comparison to Back Track, a well-known version of Linux designed for penetration testing.

Reliable channels of Anonymous-related information, meanwhile, warned people that despite the Anonymous-OS name, it didn't appear to be from the hacktivist group of the same name. "Don't use Anonymous OS, we don't know anything about it and can't vouch for it," read a tweet from YourAnonNews. "The Anon OS is fake it is wrapped in Trojans," read an AnonOps tweet.

[ Hacktivist attacks will continue as long as security weaknesses persist. Are your security practices sufficient? Anonymous Hackers' Helper: IT Security Neglect. ]

In a rare move, the administrators of SourceForge last week suspended the project, meaning that the distribution--which they'd been hosting--can no longer be downloaded, at least from there. "SourceForge, and the Open Source community as a whole, values transparency, particularly where issues of security are involved. This project isn't transparent with regard to what's in it. It is critical that security-related software be completely open to peer review (i.e., by providing source code), so that risks may be assessed along with benefits. That is not available in this case, and the result is that people are taking a substantial risk in downloading and installing this distribution," said the site's administrators via blog post. "Furthermore, by taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old."

Rather than canceling the project outright, SourceForge's administrators said they'd contact the project's administrator, seeking answers as to why malicious code--aimed at the operating system's users--had apparently been hidden in the distribution.

In response, the anonymous creators of Anonymous-OS posted to Pastebin what they said was a clean bill of health issued by a Rootkit Hunter (rkhunter) scan of the operating system distribution, "for users where (sic) scared about trojans and dangerous files."

Is Anonymous-OS for real? Timing-wise, the appearance of an Anonymous-themed version of Linux seems like an odd coincidence, especially in the wake of the recent arrests and sentencing of alleged leaders of LulzSec and Anonymous, including Hector Xavier Monsegur (a.k.a. Sabu).

"If I were writing a cybercrime thriller, I might dream up a plot where the computer cops--desperate to know the identities of the hacktivists--concocted a plot where they made available software that promised to hide hackers' identities, but in fact secretly passed information back to the cops," said Graham Cluley, senior technology consultant at Sophos, in a blog post. "Of course, I'm not suggesting that has happened in this case. But stranger things have happened (like the prominent leader of LulzSec turning out to have been secretly working for the FBI since the middle of last year)."

This also isn't the first time that an individual or organization with no evident Anonymous affiliation has attempted to use the name for their own purposes. In the wake of the Megaupload takedown, for example, a new file-sharing service, Anonyupload, promised to provide an anonymous file-sharing platform, just as soon as it had received enough donations to start business. As with Anonymous-OS, regular sources of Anonymous information quickly moved to distance themselves from the upstart venture.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights