Anonymous OS - you'd be crazy to trust it

Filed Under: Data loss, Featured, Law & order, Malware, Privacy, Vulnerability

Proceed with caution if you're thinking of downloading and installing Anonymous OS, the purported new operating system from the Anonymous collective.

More than 20,000 people may have downloaded the Ubuntu Linux image full of hacking tools - but how do they know what the code really does?

Anonymous OS

When I first heard about Anonymous OS a couple of days ago, I instantly asked myself why would anyone want to put their trust in a piece of unknown software, written by unknown people, promoted on an Anonymous Tumblr webpage that you don't know is safe or not?

If I were writing a cybercrime thriller, I might dream up a plot where the computer cops - desperate to know the identities of the hacktivists - concocted a plot where they made available software that promised to hide hackers' identities.. but in fact secretly passed information back to the cops.

Of course, I'm not suggesting that has happened in this case. But stranger things have happened.. (like the prominent leader of LulzSec turning out to have been secretly working for the FBI since the middle of last year..)

AnonymousDon't forget, earlier this year, we saw hacktivists tricked into installing a Trojanised version of the Slowloris Denial of Service tool.

In such a climate, it wouldn't be a surprise if there was a Trojan element sneaked into Anonymous OS too.

We haven't analysed the Anonymous OS download yet. Frankly, with over a hundred thousand new samples of malware coming into our labs each day we've got better things to do with our time.

Anonymous OS isn't a threat to the average guy in the street or to office workers, the only people who might be impacted by it are those who are foolish enough to knowingly install unknown software onto their computers.

Nevertheless, our advice to folks is clear - be wary!

, ,

You might like

9 Responses to Anonymous OS - you'd be crazy to trust it

  1. Paul · 949 days ago

    Why don't they just download BackTrack from Offsec and learn security for themselves? Play with a few of their own computers and if they get good enough and find an interest in security - join the White Hats! Get to do all the hacking you want and get paid a pretty nice price for it!

    Apologies for the 0clickemail I'd like to remain "Anonymous" (not the collective) :P

    Graham your posts do keep me entertained! Please keep up the good work!

    • Michael · 949 days ago

      Perhaps because they prefer to run DDoS scripts and be spoonfed by hackers, rather than put effort into learning something useful. Even if they did get copies of BackTrack, Matriux, Blackbuntu, etc., the script kiddies wouldn't have the background knowledge to use the tools effectively.

      It's kind of depressing how consumerisation is leading us to a society where more people are disrupting and breaking into stuff instead of creating.

    • foo · 948 days ago

      Some people actually believe there is more to life than money.

  2. Has any one got an .iso of it? I'm interested in poping it on a VM and having a look at what under the hood. However since sourceforge took there copy down it looks like you can only get it via torrent and I'd much prefer a direct download.

    Anyway as Paul said, why not just use BT their are lots of guides out their for BT and a thriving community helping the noob with getting started.

    • Michael · 945 days ago

      One of my colleagues already tried running it in a VM, and got some error message about a rootkitted corrupted kernel.
      If Anonymous OS really has a backdoor, the chances are you won't find it by looking at the OS itself. You'll need to intercept the traffic the VM is sending.

  3. Boris · 949 days ago

    Just choose a Linux LiveCD you enjoy using and download and extract The Tor Browser Bundle to the live session.

    Don't trust the TAILS LiveCD, it's bloated and has daemons loaded like cups which are not aimed at security.

  4. Steve · 948 days ago

    latest news is the OS has been pulled from Sourceforge after the collective claimed it wasn't theirs.

    But since anyone can be anonymous, it could well be one fo theirs and they just don't know it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.