Anonymous operating system 'laced with trojans'

By Darren Pauli on Mar 20, 2012 8:23 AM
Filed under Security

SourceForge takes down AnonOS.

An Ubuntu operating system developed under the auspices of the Anonymous movement has been taken down from SourceForge due to security concerns.

The operating system came preloaded with anonymity and hacking applications including ParaloaPass and Pyloris, which allow password-cracking, SQL injection and anonymous surfing via the Tor network.

The rare take-down followed a tweet circulating yesterday from popular Anonymous account AnonOps that claimed the AnonOS was "laced with trojans".

The creator of the operating system released a purported Rootkit Hunter log analysis of the system, said to show that AnonOS was free of Trojans and backdoors.

But SourceForge, which hosted the project, removed the operating system from its site citing "security concerns" raised in a BBC story.

"As the day progressed, various security experts have had a chance to take a look at what's really in this distribution, and verify that it is indeed a security risk, and not merely a distribution of security-related utilities, as the project page implies," SourceForge said in a statement.

Trend Micro director of security research Rik Ferguson told the BBC he had not established whether the operating system was "booby trapped" with trojans or backdoors.

Similar news coverage of the operating system had merely flagged the potential for it to be a security risk because its source code was not open.

SourceForge, too, flagged concerns about the lack of openess in the project.

"SourceForge, and the Open Source community as a whole, values transparency, particularly where issues of security are involved," the organisation said.

"This project isn't transparent with regard to what's in it.

"It is critical that security-related software be completely open to peer review (i.e., by providing source code), so that risks may be assessed along with benefits.

"That is not available in this case, and the result is that people are taking a substantial risk in downloading and installing this distribution."

SourceForge said the offending security components in AnonOS – also common in platforms such as BackTrack – did not breach its terms and conditions.

"We have, in the past, taken a consistent stance on 'controversial' projects - that is, we don't pass judgement based on what's possible with a product, but rather consider it to be amoral - neither good nor bad - until someone chooses to take action with it." 

SourceForge also claimed the project had taken on an "intentionally misleading name" which attempted to "capitalise on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old".

Yet the Anonymous collective was a leaderless movement, illustrated by its popular mantra "we are all Anonymous".

Sophos chief technology officer Paul Ducklin said yesterday examining the security integrity of the system would be complex.

He said users should use more established Linux operating systems.

"Why would you download this when there are more trusted quality systems available?" he said.

Some 40,000 users had downloaded the operating system as of Friday afternoon.

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, Australia

Anonymous operating system 'laced with trojans'
 
 
 
 
 
Top Stories
How Nadella is re-engineering Microsoft
On the floor at last month's World Partner Conference.
 
Dicker Data on track for billion-dollar goal
Revenue approaches $700m for partial year running Express Data.
 
Datacom's search for a new Australian boss is over
Appointment comes as Kiwi firm profits surge – no thanks to Aussie business.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
My business strategy is to:

Latest Comments
CRN Magazine

Issue: 330 | August 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.