Anonymosus-OS: the checksums that don't check out


38 Responses to “Anonymosus-OS: the checksums that don't check out”

  1. kartwaffles says:

    Looks like Sean Gallagher actually ran Anonymosus-OS in order to run the checksums. Dumb, dumb dumb.

    Mount the Anonymosus-OS image readonly, noexec, with a trusted known-good operating system. Then use *THAT* operating system’s checksum tools to examine the files.

    • rageaholic says:

       virtualization. perhaps you’ve heard of it. it’s a thing.

      • fuzzyfuzzyfungus says:

        That would protect your system(barring some very fancy VM exploit that would be worth so much for precision attacks on high value targets that they can likely be ignored here); but it wouldn’t solve the “if you are going to tamper with the OS, you should probably bug the tools that somebody would use to check for tampering” problem.(though freezing the VM and mounting its disk any time that suited you wouldn’t be so terribly difficult, and it’s easier than finding a physical computer with a CD-ROM drive, at least in my house.)

  2. digi_owl says:


    Edit: ah, never mind…

  3. stationstops says:

    anyone who actually downloaded this software is kind of out of their mind anyway

  4. Xof says:

    “Of course this OS is safe and can be used for activities that you don’t want to be traced back to you! A bunch of anonymous hackers assure you of its integrity. See, we’re wearing a Guy Fawkes mask! Only good people do that.”

  5. Rob says:

    The vast majority of those are UI.

    I’d like to see the diffs between the others, but I’m guessing those are UI changes as well. Wouldn’t bet my life on it, but it does seem somewhat likely.

    • digi_owl says:

       Kinda heavy handed of them to change the files rather than creating an alternate theme alongside the Gnome default. If that is what they have done. Or could it be a cause of steganography?

      • Rob says:

        From what I saw in another review of it, yeah, it’s heavy handed. The sum up of it was Anonymous didn’t do it because they wouldn’t want their name associated with something done this badly.

        Of course, I thought LOIC was VB, so maybe that’s wrong.

  6. Douglas Rushkoff says:

    oy.  Kind of makes me reconsider the “program or be programmed” concept, at least insofar as a little knowledge of programming can be a dangerous thing if one assumes there are other people who don’t know a whole lot more. 

  7. dnebdal says:

    … the files in the example are translation text files and shortcut descriptors, and completely harmless – incidentally. :)

  8. onereader says:

    .mo files are i18n (translations), .desktop files are more or less launchers, then some changelogs and image files. apt-setup is from ubiquity, the livecd  installer, so it seems that most of the changes are due to the media customization.

    I wouldn’t use it, but there’s nothing immediately suspicious there.

    • dnebdal says:

      Spending another 20 seconds or so before submitting on weeding out all the obviously harmless changes would have made for a more compelling post, ye. :)

      There are a few things I’d like to see a bit more about, though. In no particular order:

      At this point I’d be surprised if there was anything dodgy in any of them, but still.

  9. fuzzyfuzzyfungus says:

    I certainly have no reason to trust this particular spin; but you’d expect a fair number of changes in UI-related packages and package install lists. It does, after all, look different and have different packages installed…

    The risk I’d be inclined to worry about would be anything that simply doesn’t have an analogous package in Ubuntu(or isn’t installed via a package at all: package management is a convenience, there is no enforcement against manually added stuff).

    There would be nothing stopping somebody from, say, using a dead-stock Ubuntu kernel, MD5s right from the factory; and loading a bugged kernel module stashed manually in the filesystem somewhere. Modifying the package directly would be deeply suspicious; but there is absolutely no requirement that all kernel modules be provided by the package that has ‘kernel-modules’ somewhere in the name.

    Kernel modules would just be an example, of course, a suitably clever and malicious actor could overlay enough goodies to compromise the system in all sorts of places without touching the packages or package manager at all…

  10. MrEricSir says:

    I’m assuming the packages weren’t built by Launchpad then? 

  11. Doug Nelson says:

    No one ever explained the deliberate misspelling. Is it an SEO thing?

    • elix says:

      Because Anonym.OS was already taken, I imagine.

    • SamSam says:

      No, it’s a Cory thing, for reasons he hasn’t ever explained why. The project itself is just called Anonymous-OS with no extra ‘s’. And that’s the way all the rest of the press has described it.

      I think Cory just typoed in the first post and has decided to keep it that way ever since (Cory isn’t the best at admitting mistakes here… ;)

  12. twiddl says:

    why would anyone want to use that thing?

  13. I’m sure it’s been said before, but I’m going to say it again anyway…  BackTrack.

  14. If you already use Ubuntu as I do you could snag all these functions  from reliable sources using the terminal window. And if you have to use a clickable ling to get this OS, it’s fake.

    Every Ubuntu user knows you can’t click for the cool stuff. Terminal only. 

    • MrEricSir says:

      Some of these tools are already  in the Ubuntu repos and/or PPAs, meaning you don’t need the terminal.  Ubuntu Software Center or Synaptic would work fine.

      Of course, you will need the terminal to use some of the apps but that’s a different story.  Hacking tools ain’t for noobs.

    • Rah El says:

      Actually you can click on this link for a really cool, penetration test-centered OS based on Ubuntu:

  15. unaboomer says:

    Is it wrong to root against the script kiddies?  Not that Im some 1337 haxor, but come on.   

  16. saurabh says:

    I am unable to understand why, in the wake of the whole FBI/Sabu clusterfuck, anyone would even consider running this thing.

  17. Lee Dannascher says:

    this is the sort of thing which might be fun to run on a neighbors network with a packet sniffer and just let it cook for a while.
    Really, it’s just about trust. FOSS is safer (i’d say) simply because there’s more eyes on the code. these allegations can be brought and they’ll be proven or thrown out. We have no such safety with a microsoft, apple (or google) product.

  18. SomeGuy says:

    What’s this file /etc/kernel/fbi/gonna/nail/yer/ass.ha_ha_ha?

    Never mind.  I’m sure it’s nothing.

  19. Bob Webb says:

    What’s the difference between Anonymosus-OS and Anonymous-OS? 

  20. Guest says:

    Of course it’s fake. The real variant will be called EXPECT_OS

Leave a Reply