A lone hacker who duped hundreds of users into downloading a version of Linux with a backdoor installed has revealed how it was done.
Lefebvre said in a blog post that only downloads from Saturday were compromised, and subsequently pulled the site offline to prevent further downloads. The hacker responsible, who goes by the name “Peace,” told me in an encrypted chat on Sunday that a “few hundred” Linux Mint installs were under their control — a significant portion of the thousand-plus downloads during the day.
But that’s only half of the story.
Peace also claimed to have stolen an entire copy of the site’s forum twice — one from January 28, and most recently February 18, two days before the hack was confirmed.
Read more at ZDNet
