Anonymosus-OS: an OS for Anons

A group working under the Anonymous banner has release Anonymosus-OS, a derivative of the Ubuntu GNU/Linux distribution optimized for doing Anonymous-style stuff, with a bunch of "security testing" tools included in the distro. Given recent revelations about the infected version of the Low-Orbit Ion Cannon, it would be prudent to manually verify all the package checksums before using this.

Here some of preinstalled apps on Anonymous-OS:
- ParolaPass Password Generator
- Find Host IP
- Anonymous HOIC
- Ddosim
- Pyloris
- Slowloris
- TorsHammer
- Sqlmap
- Havij
- Sql Poison
- Admin Finder
- John the Ripper
- Hash Identifier
- Tor
- XChat IRC
- Pidgin
- Vidalia
- Polipo
- JonDo
- i2p
- Wireshark
- Zenmap
…and more

Anonymosus-OS

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

Andrew Timmons

uh oh http://www.itworld.com/security/259218/anonymous-os-turns-out-be-intelligence-test-not-preconfigured-hacker-tool
- bcsizemo
  
  I wouldn’t even under stand Anonymous’s motivation in creating something like this when BackTrack exists… It looks like it has a couple more/different apps, but geez they aren’t that hard to install.
  - trefecta
    
    But… but how can I be anonymous without a branding myself as such? All I want to do is show everyone how anonymous I am.
- cmpalmer
  
  Yes, but that’s what THEY want you to think, right?
pthree

Why didn’t they call this AnonymOS? Much catchier.
- unaboomer
  
  AnonymOS already exists:
  http://en.wikipedia.org/wiki/Anonym.OS
  Also, all Ive read about the Anonymous-OS is its a fake and full of bad things.
nexusheli

You know that Anonymous has already denounced this as not theirs, and alerted everyone that it’s full of trojans, no?
- Cory Doctorow
  
  There is no “Anonymous” to denounce this. Some people working under an Anonymous banner have produced this. One report I’ve seen says that an account run by someone or someones working under an Anonymous banner has denounced this (but didn’t actually link to the denunciation, if it exists).
  
  No one I’ve seen to date has said, “The following packages in this distro blow their checksums,” much less, “I have discovered the malicious code in these specific packages.”
  
  As I said, I wouldn’t run this OS until I had verified the checksum on every package, and I think you’d be nuts to do so, as well.
  - http://twitter.com/goinggeographic Patrick McCord
    
    Both @anonops and @youranonnews have confirmed that Anon-OS is fake + infected.
    - Cowicide
      
      Both @anonops and @youranonnews have confirmed that Anon-OS is fake + infected
      
      Confirmed… haha…
      
      If anyone has found any specific pieces of malware within this distro, please share the specific details. Otherwise, this all just sounds like a bunch of clucking chickens.
      
      This is probably just basically BackTrack with a different color scheme, desktop picture and assorted penetration tools added to it.
      
      I wouldn’t be surprised if there was a trojan hidden in there somewhere, but at the same time, I haven’t seen any actual confirmed evidence of malware (yet).
      
      I also haven’t seen where Cory has told anyone to run this on their grandmother’s computer, either.
      - SamSam
        
        From SourceForge’s announcement pulling the project:
        
        However, as the day progressed, various security experts have had a chance to take a look at what’s really in this distribution, and verify that it is indeed a security risk, and not merely a distribution of security-related utilities, as the project page implies.[...]
        
        Furthermore, by taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old.
      - Cowicide
        
        Thanks SamSam, I already read that previously. But, once again…. what is the specific security risk? Still just sounds like a bunch of clucking chickens to me. Is there specific malware embedded into the distro? What’s it called? Is it custom malware? Show the code.
        
        Otherwise… cluck.. cluck… cluck…
  - DavidJ3d
    
    http://www.pcmag.com/article2/0,2817,2401638,00.asp has the specific tweets denouncing it by @anonops and @youranonnews
  - Church
    
    “As I said, I wouldn’t run this OS until I had verified the checksum on every package…”
    
    Against what? Trojan OS is genuinely Trojan.
    
    Cory, don’t play. Write a story about Disney OS or something.
  - kartwaffles
    
    Well the Zeus trojan checksum appears legit, so that component of Anonymous-OS ought to work as designed.
- http://twitter.com/posty Derek
  
  [insert standard argument about the pointlessness of attempting to verify someone as "Anonymous"]
- nexusheli
  
  For all the crap you steal from Reddit I’m surprised you *didn’t* know. The disinformation and bias this site shows at time is really making me question my continued readership.
  
  http://www.bgr.com/2012/03/15/anonymous-os-is-fake-and-packed-with-malware-hacker-group-says/
  - Antinous / Moderator
    
    Don’t let the door hit your ass on the way out.
http://www.tumbleweed.net/ tyger11

It would be more prudent to read the news before posting something they’ve already said isn’t theirs. :)
- tehsusenoh
  
  Yeah. I’m pretty sure Cory has things on a queue. He posted an article about the Kony video well after Xeni posted all of the problems with it.
MB44

If I were an entity that was trying to battle forces like Anonymous, this is exactly the type of effort I would make to track as many of them as possible. I’m no hacker but I would be very wary of using a tool like this if I was.
SamSam

Yeah, checking the checksums is going to do you exactly fuck-all when the original OS was created as a trojan.

Sure, someone calling himself “Anonymous” created it, and some more (rather well-known and trusted…) people called “Anonymous” warned that this thing is a trojan, but you’re not going to get to the bottom of it unless it’s independently audited by someone with a real name.

But looking at the checksum will do nothing at all either way, so it’s disingenuous to imply that after doing so you can feel all warm and safe about tweeting the latest from Iran.

People’s lives can be on the line. You shouldn’t hide behind journalistic balance and say “I’m just reporting what I’m told, I don’t need to find out the truth, and he-said/she-said/all-sides-are-worth-the-same.” If some fairly respected voices in Anonymous are denouncing this as a trojan, you should at least put that in your post.
DavidJ3d

Source Forge has now removed the download and suspended the project. Their blog post here > http://sourceforge.net/blog/anonymous-os-response/
Alan Olsen

I have a copy of it. I have not had the time to take it apart yet. Should be interesting. I have tools for finding and reverse engineering malware, so it should be fun.
AudioTherapist

Seriously, no one has name checked ParanoidLinux but are pleased to pettifog about the time line for posting this?

Kudos to Cory who stuck the concept in a book quite some time ago
- proginoskes
  
  I don’t see what this has to do with Paranoid Linux. From the about page, it doesn’t look like they added any interesting low-level behavior to Ubuntu Linux. I’m still waiting for someone to build a Paranoid Linux-style system with a secure anonymous mesh network layered on top of the low-level network, and complete distrust of the hardware and the room the OS is sitting in.
Thomas Zaraat

Downloading the torrent was a long slog.

I’m planning on running it in a virtual machine and watching the traffic on the host interface (via Wireshark). Just for the lulz of seeing what it tries to connect with.
Phoc Yu

I like that this is pretty much Linux for Dummies, Script Kiddie Edition, powered by NSA.

Real hackers hopefully have the sense to at least use something better than Ubuntu.
http://www.facebook.com/people/Ender-Wiggin/100000885624281 Ender Wiggin

Sounds like a standard false flag distro, trying to capitalize on idiots who think that a hackinthebox kit is a really stellar, safe way to go about things.
- chellberty
  
  When in doubt Just ask ackbar.
http://twitter.com/Warfreak2 Andrew Kay

At first I was like “Cory! Haven’t you noticed that it’s covered in trojans?” but then I got as far as “it would be prudent to manually verify all the package checksums before using this” and realised that Cory Doctorow must be trolling us.

Checksums will tell you nobody opened your lunchbox, they won’t tell you if the sandwich is mouldy.
http://twitter.com/Warfreak2 Andrew Kay

Also, if it would be prudent to check first before downloading, isn’t Cory basically admitting that he wasn’t prudent enough to check first before posting?
awjt

moar liek CIAnonymosus-OS
mat catastrophe

Has anyone told Cory this isn’t legit?
http://thriftfu.wordpress.com License Farm

HONEYPOT’S BIG! YEAH YEAH YEAH! IT’S NOT SMALL! NO NO NO!
- BBNinja
  
  Lol. True dat.
liquidstar

https://www.youtube.com/watch?v=hxD0PqVlt5Q