Anonymosus-OS: an OS for Anons


37 Responses to “Anonymosus-OS: an OS for Anons”

  1. Andrew Timmons says:

    uh oh

    • bcsizemo says:

      I wouldn’t even under stand Anonymous’s motivation in creating something like this when BackTrack exists…  It looks like it has a couple more/different apps, but geez they aren’t that hard to install.

      • trefecta says:

        But… but how can I be anonymous without a branding myself as such? All I want to do is show everyone how anonymous I am.

    • cmpalmer says:

      Yes, but that’s what THEY want you to think, right?

  2. pthree says:

    Why didn’t they call this AnonymOS? Much catchier.

  3. nexusheli says:

    You know that Anonymous has already denounced this as not theirs, and alerted everyone that it’s full of trojans, no?

    • Cory Doctorow says:

      There is no “Anonymous” to denounce this. Some people working under an Anonymous banner have produced this. One report I’ve seen says that an account run by someone or someones working under an Anonymous banner has denounced this (but didn’t actually link to the denunciation, if it exists).

      No one I’ve seen to date has said, “The following packages in this distro blow their checksums,” much less, “I have discovered the malicious code in these specific packages.”

      As I said, I wouldn’t run this OS until I had verified the checksum on every package, and I think you’d be nuts to do so, as well.

      • Both @anonops and @youranonnews have confirmed that Anon-OS is fake + infected.

        • Cowicide says:

          Both @anonops and @youranonnews have confirmed that Anon-OS is fake + infected

          Confirmed…  haha…

          If anyone has found any specific pieces of malware within this distro, please share the specific details. Otherwise, this all just sounds like a bunch of clucking chickens.

          This is probably just basically BackTrack with a different color scheme, desktop picture and assorted penetration tools added to it.

          I wouldn’t be surprised if there was a trojan hidden in there somewhere, but at the same time, I haven’t seen any actual confirmed evidence of malware (yet).

          I also haven’t seen where Cory has told anyone to run this on their grandmother’s computer, either.

          • SamSam says:

            From SourceForge’s announcement pulling the project:

            However, as the day progressed, various security experts have had a chance to take a look at what’s really in this distribution, and verify that it is indeed a security risk, and not merely a distribution of security-related utilities, as the project page implies.[...]

            Furthermore, by taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old.

          • Cowicide says:

            Thanks SamSam, I already read that previously. But, once again…. what is the specific security risk? Still just sounds like a bunch of clucking chickens to me. Is there specific malware embedded into the distro? What’s it called? Is it custom malware? Show the code.

            Otherwise… cluck.. cluck… cluck…

      • DavidJ3d says:,2817,2401638,00.asp has the specific tweets denouncing it by @anonops and @youranonnews 

      • Church says:

        “As I said, I wouldn’t run this OS until I had verified the checksum on every package…”

        Against what? Trojan OS is genuinely Trojan.

        Cory, don’t play. Write a story about Disney OS or something.

      • kartwaffles says:

         Well the Zeus trojan checksum appears legit, so that component of Anonymous-OS ought to work as designed.

    • Derek says:

      [insert standard argument about the pointlessness of attempting to verify someone as "Anonymous"]

    • nexusheli says:

      For all the crap you steal from Reddit I’m surprised you *didn’t* know.  The disinformation and bias this site shows at time is really making me question my continued readership.

  4. tyger11 says:

    It would be more prudent to read the news before posting something they’ve already said isn’t theirs.  :)

    • tehsusenoh says:

      Yeah.  I’m pretty sure Cory has things on a queue.  He posted an article about the Kony video well after Xeni posted all of the problems with it.

  5. MB44 says:

    If I were an entity that was trying to battle forces like Anonymous, this is exactly the type of effort I would make to track as many of them as possible. I’m no hacker but I would be very wary of using a tool like this if I was.

  6. SamSam says:

    Yeah, checking the checksums is going to do you exactly fuck-all when the original OS was created as a trojan.

    Sure, someone calling himself “Anonymous” created it, and some more (rather well-known and trusted…) people called “Anonymous” warned that this thing is a trojan, but you’re not going to get to the bottom of it unless it’s independently audited by someone with a real name.

    But looking at the checksum will do nothing at all either way, so it’s disingenuous to imply that after doing so you can feel all warm and safe about tweeting the latest from Iran.

    People’s lives can be on the line. You shouldn’t hide behind journalistic balance and say “I’m just reporting what I’m told, I don’t need to find out the truth, and he-said/she-said/all-sides-are-worth-the-same.” If some fairly respected voices in Anonymous are denouncing this as a trojan, you should at least put that in your post.

  7. DavidJ3d says:

    Source Forge has now removed the download and suspended the project. Their blog post here >

  8. Alan Olsen says:

    I have a copy of it. I have not had the time to take it apart yet.  Should be interesting.  I have tools for finding and reverse engineering malware, so it should be fun.

  9. AudioTherapist says:

    Seriously, no one has name checked ParanoidLinux but are pleased to pettifog about the time line for posting this?

    Kudos to Cory who stuck the concept in a book quite some time ago

    • proginoskes says:

      I don’t see what this has to do with Paranoid Linux. From the about page, it doesn’t look like they added any interesting low-level behavior to Ubuntu Linux. I’m still waiting for someone to build a Paranoid Linux-style system with a secure anonymous mesh network layered on top of the low-level network, and complete distrust of the hardware and the room the OS is sitting in.

  10. Thomas Zaraat says:

    Downloading the torrent was a long slog. 

    I’m planning on running it in a virtual machine and watching the traffic on the host interface (via Wireshark). Just for the lulz of seeing what it tries to connect with.

  11. Phoc Yu says:

    I like that this is pretty much Linux for Dummies, Script Kiddie Edition, powered by NSA.

    Real hackers hopefully have the sense to at least use something better than Ubuntu.

  12. Ender Wiggin says:

    Sounds like a standard false flag distro, trying to capitalize on idiots who think that a hackinthebox kit is a  really stellar, safe way to go about things.

  13. Andrew Kay says:

    At first I was like “Cory! Haven’t you noticed that it’s covered in trojans?” but then I got as far as “it would be prudent to manually verify all the package checksums before using this” and realised that Cory Doctorow must be trolling us.

    Checksums will tell you nobody opened your lunchbox, they won’t tell you if the sandwich is mouldy.

  14. Andrew Kay says:

     Also, if it would be prudent to check first before downloading, isn’t Cory basically admitting that he wasn’t prudent enough to check first before posting?

  15. awjt says:

    moar liek CIAnonymosus-OS

  16. mat catastrophe says:

    Has anyone told Cory this isn’t legit?

  17. License Farm says:


  18. liquidstar says:

Leave a Reply