March 16, 2012
Anonymous-OS Released Into The Wild…Best To Steer Clear
Michael Harper for RedOrbit.com
A new operating system called “Anonymous-OS” has been released on the internet. The operating system bears the name of the now infamous “hacktivist” collective “Anonymous” and includes a number of hacking tools. However, the “official” word from Anonymous is that they have nothing to do with the operating software. Despite the unsavory nature of the group and numerous warnings against downloading the software, more than 26,000 copies have been downloaded as of March 15, 2012.
Anonymous-OS is based on open source operating system software Ubuntu and runs the MATE user interface. While an information page for the OS states the software was created for “educational purposes” and to “check the security of web pages”, the motive behind this operating system seems dicey at best. For example, the OS comes preloaded with hacker tools used to break in, manipulate, or cripple websites such as John the Ripper, a password breaker, DDoSim for simulating DDoS (Distributed Denial of Service) attacks, and SQL Poison for searching web servers for vulnerability.
Those behind the 1.5GB sized operating system replete with these tools have asked those who download it not to use it to destroy websites.
Shortly after the OS was made available to the public, the “official” Twitter account for Anonymous denied its authenticity, saying “The Anon OS is fake it is wrapped in trojans. RT”.
Not to be outdone, a Twitter account linked to the OS claimed that the software was safe.
The software is available via the Sound Forge website.
Rik Ferguson, director of Trend Micro´s European Security Research told BBC News that it is “a functional OS with a bunch of pre-installed tools that can be used for things like looking for [database] vulnerabilities or password cracking.”
Similar tools can be found in an alternate version of Linux known as BackTrack. Mr. Ferguson said that he was looking more deeply into the software to see if there were any major threats lying in the background.
Besides the fact that this software has been created and released by unknown people associated with very questionable beliefs and behavior, there are other reasons to avoid this operating system at all costs.
In the backlash of the MegaUpload debacle, countless users who wanted to be a part of the “Anonymous” movement downloaded a piece of software called Slowloris, used for DDoS attacks. Around this same time, another user was able to slip in a very dangerous trojan called Zeus into the Slowloris software. Zeus is a piece of software designed to grab banking credentials from infected systems. So as many users took part in this “hacktivism”, other users walked away with the banking credentials of these users.
Graham Cluley, senior researcher at Sophos Security put it best when he posed this question to the BBC: “Who would want to put their trust in a piece of unknown software written by unknown people on a webpage that they don´t know is safe or not?”