Linux Mint Website Hack: A Timeline of Events

[Thomas the Tank Engine]

  Quote

Last night, the Linux Mint team announced that someone had hacked their servers and started pointing user downloads to malicious ISO images for the Linux Mint 17.3 Cinnamon edition. Our Linux editor already covered the initial details of the attack, which we recommend reading before going forward with this article.

 

Since then, in the last ten hours, the Linux and infosec communities have been working hard to investigate what happened and how the hackers operated. While most of the details have been uncovered, people are still debating about the hackers' point of entry.

 

Linux Mint Team: They hacked us via our WordPress site

 

The first to provide an answer was Clement Lefebvre, leader of the Linux Mint project, who acknowledged in a comment on the official announcement that the initial point of entry was their WordPress blog.

 

In this scenario, the hackers managed to escalate their access to the underlying server and finally get shell access to www-data. From here they modified the Linux Mint download page to point to a malicious FTP server hosted in Bulgaria (IP: 5.104.175.212).

 

The Linux Mint team discovered the issue, cleaned up the links from their site, announced the data breach on their blog, and then it appears that the hackers re-compromised the download page again.

 

 

Seeing that they've failed to eliminate the hackers' true point of entry, the Linux Mint team decided to take down the entire linuxmint.com domain to avoid the ISO images from spreading to users that had not seen its security alert.

 

 

 

 

 

 

 

http://news.softpedia.com/news/linux-mint-website-hack-a-timeline-of-events-500719.shtml