In a statement released late last night, SourceForge explained that it had taken the distribution off its servers as significant concerns were raised concerning the software bundle's authenticity and possible maliciousness. SourceForge stated that while it tends to consider projects to be amoral and thus even host software that could be considered controversial, it decided to take Anonymous-OS down as soon as it became clear that it might include malicious software and did not appear to be officially connected with the Anonymous movement. Almost as soon as the release of Anonymous-OS was announced on a new Tumblr page, the activist group stated via its Twitter account that Anonymous-OS is a fake and contains trojans.
Indeed, this statement cannot easily be refuted, even though an initial analysis by The H's associates at heise Security did not reveal any modified binary programs in the basic system. It is possible that a well disguised malicious program is hiding in the initial ramdisk, the bootloader, or one of the additional firmware files. At the very least, however, Anonymous-OS uses the official Greek Ubuntu package sources and, besides the official keys for the Tor Project, the Mate Maintainer, and the I2P-PPA repository, has not put any of its own keys in the package database that would allow fake packages to start up after a delay and without warning. If anyone wants to risk running the Anonymous Live distribution on their computer, they should understand that it will have access to all the data on the hard drive and to any connected network.
Sign up with Google