Hackers warn of malicious tools

21:38, Apr 16 2012

Hacking tools infected with malicious software, or malware, threaten to destroy the credibility of the growing hacktivist movement.

Online security experts say warnings from prominent members of Anonymous, the hacktivist group, not to trust hacking tools released under the group's name, serve as a timely warning for would-be hacktivists.

Anonymous OS Live is a computer operating system pre-loaded with hacking tools such as Slowloris for attacking web servers and John the Ripper for cracking passwords.

The 1.5GB download is designed to run from a CD or USB stick, allowing users to reboot their computer to use Anonymous OS Live without the need to install it on their hard drive.

This makes it easy for people to use Anonymous OS Live on a standard Windows computer without the need to change any settings.

The release of such a hacking toolkit follows ongoing efforts by groups such as Anonymous to arm would-be hacktivists with the tools to participate in online attacks.


In the past online activists have been encouraged to use the network stress testing tool Low Orbit Ion Cannon to take part in activities such as Operation Payback.

This was a revenge attack designed to cripple the websites of organisations opposing of piracy and the WikiLeaks whistleblowers site.

Anonymous OS Live was recently made freely available via the SourceForge online software repository, but was soon taken offline due to security concerns.

"Various security experts have had a chance to take a look at what's really in this distribution, and verify that it is indeed a security risk, and not merely a distribution of security-related utilities, as the project page implies," according to the SourceForge Community Team.

"It is critical that security-related software be completely open to peer review... so that risks may be assessed along with benefits. That is not available in this case, and the result is that people are taking a substantial risk in downloading and installing this distribution."

Anonymous representatives also distanced themselves from Anonymous OS Live, warning via Twitter; "Don't use Anonymous OS, we don't know anything about it and can't vouch for it".

Meanwhile, those behind Anonymous OS Live continue to deny it contains malware. They labelled the accusation as as an attack against open source software, as Anonymous OS Live is built on the open source Linux operating system.

The fragmented nature of the Anonymous movement makes it difficult to assess which actions are officially condoned by the group. Regardless of who is behind Anonymous OS Live, any software associated with the group "should be treated as malicious", warns Ty Miller, chief technology officer of security testing service Pure Hacking.

"The risks associated with using Anonymous OS include providing malicious hackers with a pre-installed backdoor directly into your computer," he says.

"Depending upon how each individual uses the OS, this may lead to usernames and passwords being captured, or the ability to pivot through the OS to begin attacking the individual's home or corporate network. This could lead to a large number of systems being added to botnet networks."

Security expert at Sophos in Australia, Paul Ducklin, agrees that Anonymous OS Live poses a significant risk.

"There are already a number of forensically-oriented open source software distros based on Linux which are caringly developed by well-organised and trustworthy open source communities - people who are open about who they are, and whose credibility can be judged," he says.

In the past few months versions of both Slowloris and Low Orbit Ion Cannon have been found to contain the Zeus banking Trojan designed to steal passwords.

Anonymous has denied responsibility for the infected downloads, but its fragmented nature makes it difficult to determine whether the Zeus-infected downloads are the work of Anonymous factions, independent scammers looking to take advantage of interest in Anonymous, or other parties looking to discredit Anonymous and the hacktivist movement.

Regardless of who is behind such malware attacks, they're likely to escalate, warns Pure Hacking's Miller.

"As the increasing interest in hacking and hactivist groups continues to grow, the amount of fake software and mobile apps will also grow as they are an easy way to compromise laptops and mobile devices," he says.

"Whether you support the Anonymous causes or not, any software supplied by Anonymous or under the Anonymous name should be treated as malicious."

- Sydney Morning Herald