The Mint 2016 hack?

Confused_nerd

Member
Joined
Jan 1, 2021
Messages
71
Reaction score
61
Credits
571
I was a reading a book, and it mentioned "the linux mint 2016 hack".
I looked it up and apparently some hackers put a backdoor to the system.
Does anyone know more about this?
I would also like to know how the sha256sums work(I verified mine before installing), cause like why couldn't the hackers just change that part too?
 


KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,480
Reaction score
5,739
Credits
52,137
You're making the assumption that the hackers had access to everything. They did not.

However, their forum was also hacked back in the day. I want to say that was 2015 or so.
 
D

Deleted member 101831

Guest
I was a reading a book, and it mentioned "the linux mint 2016 hack".
I looked it up and apparently some hackers put a backdoor to the system.
Does anyone know more about this?
]



I would also like to know how the sha256sums work(I verified mine before installing), cause like why couldn't the hackers just change that part too?
Hopefully someone will be by to explain that.

I never check sha256sums and never had a problem.

A hacker with the right know how will be able to get around that check which is already been proven by the Linux Mint iso hack.

Just because you check the iso download with the sha256sum that doesn't mean the iso downloaded is free from bad guy stuff etc.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,480
Reaction score
5,739
Credits
52,137
Oh, yeah... Checksums are an immutable computation that expresses a file's traits. So, they're consistent across all computations with the same algorithm and changing the file even by a single bit would result in a different hash. If you use a torrent client to download the iso then it automatically verifies it for you. It's a 256 bit calculation and is absolutely 'secure enough'. You can't do things like reverse engineer the file with the hash, it doesn't work that way.
 
D

Deleted member 101831

Guest
I was under the impression the hackers loaded their own iso with the backdoor and their own sha256sum and removed the original iso and changed the sha256sum to match their hacked iso.

I may be wrong about that and if I am let me know and then I'll remove my posts or you can.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,480
Reaction score
5,739
Credits
52,137
My understanding is that they hadn't been able to change the checksum and that's how they were caught? I was also under the impression that they didn't compromise all the mirrors.

At least that's my memory of the event. It could easily be wrong.

LOL We have search engines. We could probably look this stuff up! Alas, I am lazy and Google is so very far away. I think I may sip some whiskey and get a little more lazy.
 
D

Deleted member 101831

Guest
Anyhow if my posts turn out to be wrong please remove them or let me know and I'll remove them.

Don't want to be posting and misinformation.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,480
Reaction score
5,739
Credits
52,137

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,480
Reaction score
5,739
Credits
52,137
I think at this point it becomes obvious that I did not, in fact, click on the first link.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,480
Reaction score
5,739
Credits
52,137
Oops, I missed the first link totally.

It's amazing how few links I actually click.

It's like 99.99999% pointless to send me a video link. I will not click it.
 
D

Deleted member 101831

Guest
Oops, I missed the first link totally. Sorry Nelson!
@stan No apology is necessary. :)

We are here to answer questions when we can and offer help. :)

I could write a book on the things I've overlooked and just plain missed. :oops:

Hopefully the OP has gotten their question answered somewhat after all of our confusion.

@Confused_nerd Disregard what I said in my post #3 about the sha256sum go ahead and check it.

I don't because I'm impatient and have been fortunate and not have had any problems. My Apologies to you for making that statement.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,480
Reaction score
5,739
Credits
52,137
As I like to say, "I make more mistakes by breakfast than most folks will make all day!"
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
4,679
Reaction score
4,048
Credits
26,684
You do that too ???!!!!
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,480
Reaction score
5,739
Credits
52,137
You do that too ???!!!!

Do that too? Yes, and I pride myself on it!

Also, my wife is many, many years my junior and legitimately cute. She's indicating that it's time to put the whiskey away and go to bed. My foolish self is resisting this so that I can stay here and reply to this sorta stuff...

I need to get my priorities squared away!
 

stan

Well-Known Member
Joined
Mar 19, 2018
Messages
1,004
Reaction score
1,134
Credits
9,370
I would also like to know how the sha256sums work(I verified mine before installing), cause like why couldn't the hackers just change that part too?
If the hacker back then had been really good, he/she would have replaced the .iso file on the Mint server AND changed the md5sum and sha256sum values to match the hacked copy. So, they weren't that good, obviously. Not that time. Actually, the hacker did not even replace the .iso file on Mint's servers... they simply changed the link to a site they controlled where the hacked version was stored. The whole episode was pretty short lived because people are pretty attentive, usually.

Checking the md5sum or sha256sum verifies the integrity of the .iso file... that it wasn't corrupted during the download. It is only a partial validation of the authenticity of the file. After the hack, Linux Mint took an extra step to offer an encrypted key-based "signature" on the .iso file so you know that your download did indeed come from them, and not from a hacker. If you are paranoid about getting a hacked version of Mint, you should follow their instructions to verify the key signature (here).
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,330
Reaction score
6,216
Credits
25,126
After the hack,...

Afternoon, all.

Mint were also the first major player to introduce sha256 as their standard for distributing isos.

Currently, in a number of areas, sha512 is being used.

SHA is an acronym for Secure Hash Algorithm, and the SHA-2 "family" as it is known was developed by USA's NSA (National Security Agency) - be reassured, or not.

If you are paranoid about getting a hacked version...

I wouldn't say "paranoid" per se, my little green friend, as I have Mild Paranoia :) , perhaps "extremely security-conscious". That being said, I do not worry about checking the key signatures (and I have downloaded and installed probably 150 or so Linux Distros) unless I am suspicious by some evidence displayed that I need to follow up.

Instead, I use a 2-pronged approach with the shasums
  1. I verify the checksum during the download stage, using a browser addon called DownThemAll
  2. Following the download, if I have need to, before or after installation, I use a Utility called GTKHash, and you can read my article on it here https://www.linux.org/threads/gtkhash-–-hashing-out-the-basics.4430/
If I forget to do this, and I get as far as burning the iso to USB, with a view to install, and then think "Damn - I should check the iso", I can do it on the product on the USB stick, by using this article I wrote

https://linux.org/threads/hash-checking-rare-tips.13544/#post-45991

Cheers

Wizard
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Latest posts

Top