Anonymous operating system causes security concerns

Linux is available in many different distributions, and this is why the operating system appeals to a particular sub-set of computer users, who are typically well qualified to go through the more advanced options and tweak their settings for themselves. Linux distros are plentiful, and there are many more than just the well known variety. Ubuntu, Red Hat and Arch Linux are some names that most of us have heard of, though another option now exists.

As BBC News reported, a group of SourceForge users released what they call "Anonymous-OS". The 1.5GB download is based upon the Ubuntu distribution, with @AnonOps reporting it to be full of trojans and advising people to stay away from it, and anything it offered. The authors of the distro baked in tools for examining website security and other things which could be used for nefarious purposes, requesting people did not use it to destroy web pages.

Trend Micro's European security research director, Rik Ferguson, chose to install the operating system when it was available. He noted it to be a functional OS, with options simply added. Among these was the Tor client, for anonymous browsing. It shares some similarities with another existing Linux distribution called Back Track, so it is possible the creators were trying to follow in the footsteps of another client.

SourceForge have since taken down the Anonymous-OS project, with a lengthy explanation as to why. In typical Internet "TL:DR" fashion the final few paragraphs sum everything up. Different security experts examined the operating system, determined it to be a threat, and then acted upon it. Open-source software can only succeed with trust in the developer, and there isn't much to trust in an operating system which might not have been developed by members of Anonymous at all.

Report a problem with article
Previous Story

TechSpot: AMD Radeon HD 7770 & 7750 Crossfire Performance Tested

Next Story

Rumor: Next Elder Scrolls game to be an MMO title

32 Comments

Commenting is disabled on this article.

I don't know who this is meant to be targetting since anyone who cares about network security testing already knows about the "Samurai WTF" distro.

This is what CHUNK is for or other hosting services... There are many ways to distribute these Operating Systems.

If Source Forge feel that this is trash then there is a saying which goes 'One man's trash is another mans treasure'.

Similar to how Tor operates with Silk Roads... there can be a Onion for AnonForge!

Crap graphics , garish theme and a *nix distro ....seems legit and the same as normal haha

kavazovangel said,
Facepalm, read the damn thing. It is not 'authorized' by them.

lol cos why, a bunch of spotty kids who cannot be trusted claim it wasnt them? pfft either way i wouldnt give it steam off my "waste"

Silly me id forgotten that a bunch of script kiddies had become a trustworthy source of information and are the new messiahs of the modern world. /sarcasm (again)

Edited by Mando, Mar 16 2012, 4:47pm :

sorry but anonymous did not "create" this OS, theyve customised a standard build of Ubuntu and added a few hacking tools and god knows what else in their custom build, id have downloaded it, but only if they asked for my credit card details (/sarcasm)

"and there isn't much to trust in an operating system which might not have been developed by members of Anonymous at all."

How can this possibly be when Anonymous is everyone and they claim themselves they are not a group of people, but yes - everyone.

Not saying that is actually the case, just trying to show how Anonymous cannot make "official statements" that separate from "those false claims" that don't come from them, albeit anyone can declare to be a part of Anonymous and write and act in their name.

Either way...

That's not to say I don't get the point, just investigating use of language here

GS:mac

A guy I work with installed it on a sandboxed machine and checked it out. He said that it has several points baked in for someone to be able to use your box as part of a bot attack without your knowledge.

joshua.barker said,
A guy I work with installed it on a sandboxed machine and checked it out. He said that it has several points baked in for someone to be able to use your box as part of a bot attack without your knowledge.

That would just get an email or call sent to you from you're ISP...They know if you have that type of traffic running thru their networks.

The issue with this one is that it was to be another set of tools similar to Backtrack. The issue is that is was a wolf is sheep's clothing. I downloaded and set it up in a VM lab, and watched the network traffic, it was interesting to see all the traffic that was occurring that should not have been occurring.

It was not a security tool, but an insecurity OS design to be compromised at the will of the creator.

thejohnnyq said,
It was not a security tool, but an insecurity OS design to be compromised at the will of the creator.

That's a bit harsh. Nowhere in the article does it say that(a "threat" does not mean insecure), ars says SourceForge took it down for reasons that had "more to do with the shady way in which it was posted" than the content. I wouldn't trust the OS either, but to say it DEFINITELY had back doors is a bit overzealous...

Why would anyone want to use an OS created by a Hacktivist group? It's like walking down West side Chicago with a t-shirt that says "I have 3,000 dollars in my right pocket".....

I don't see the big deal out of this. There is already BackTrack that helps security professional to detect vulnerabilities. So the Anonymous-OS gets the scarlet letter for being Anonymous? That's rather hypocritical to me.

It's being pointed out because it's been put together by Anonymous. Some people will use it with no understanding of what it consists of, just because they want to feel like "cool hackers". What is uncertain is what Anonymous (or whoever put it together) have added to the OS that they won't tell people about.
As the article points out, something like BackTrack has a level of trust between the end user and the developer. That level of trust isn't here with Anonymous's OS.

ThunderRiver said,
I don't see the big deal out of this. There is already BackTrack that helps security professional to detect vulnerabilities. So the Anonymous-OS gets the scarlet letter for being Anonymous? That's rather hypocritical to me.

It's being pointed out because it's not made by Anonymous. It poses as a work by them, but is fake and full of trojans. It's a security risk to the USER of this OS.

Back Track, unlike Anonymous-OS, is a legit distro which doesn't contain malware and is perfectly safe to use.

Lamp Post said,

It's being pointed out because it's not made by Anonymous. It poses as a work by them, but is fake and full of trojans. It's a security risk to the USER of this OS.

Back Track, unlike Anonymous-OS, is a legit distro which doesn't contain malware and is perfectly safe to use.


The main thing Anonymous uses when its in their advantage 'Everyone can be anonymous' etc. But when some random dude calls himself anonymous and does stuff that gives anonymous a bad image, they are magically NOT anonymous?

Anyone that downloaded that, and installed it on a computer connected to the web, deserves what they got!
The only way I would install it, to play with it, would be on a clean hard drive, NOT connected to the net. Then, after screwing around with it, f-disk & format the hard drive.
I wouldn't even trust this in a sandbox environment.

As I said on the forum, I wouldn't trust my computer with an operating system made by Anonymous. God knows what they've put in there for their own use.

Intrinsica said,
As I said on the forum, I wouldn't trust my computer with an operating system made by Anonymous. God knows what they've put in there for their own use.
Well it wasn't exactly developed by Anonymous (as in the group as a whole), it was developed by a few people who tried to push out viruses and crap by using the name Anonymous......so even if you installed this OS, you wouldn't exactly be trust Anonymous as they didn't create it (or on the flip side, if you did trust an OS made by Anonymous, you still wouldn't be using/trusting this OS).

Intrinsica said,
As I said on the forum, I wouldn't trust my computer with an operating system made by Anonymous. God knows what they've put in there for their own use.

Even if the was an Anon OS ( and its not by the way) , What fool would trust them after namefags like Sabu gets everyone a visit from the party van.

Nagisan said,
Well it wasn't exactly developed by Anonymous (as in the group as a whole), it was developed by a few people who tried to push out viruses and crap by using the name Anonymous......so even if you installed this OS, you wouldn't exactly be trust Anonymous as they didn't create it (or on the flip side, if you did trust an OS made by Anonymous, you still wouldn't be using/trusting this OS).

Heracy! Anonymous can be anyone, yet you claim they are not anonymous?

Intrinsica said,
As I said on the forum, I wouldn't trust my computer with an operating system made by Anonymous. God knows what they've put in there for their own use.

Oh please... the people that call them selfs Anonymous are ****ing script kiddies who think they are hackers, some even call them selfs Anonymous and they can't even upload a ****ing shell.... haha, also-> using kiddie tools does not make you a "hacker"