On March 13, an anonymous benefactor announced the availability of Anonymous-OS, a new live-bootable Linux distribution tailored for a... particular class of user. The package was posted on Sourceforge and downloaded over 20,000 times before it was taken down by the service on March 15

Some in Anonymous had cautioned that it might be some sort of trap; others claimed it was in fact a clever socially engineered package of malware waiting to spring on whoever had the audacity to download it.

I had the audacity to download it just before Sourceforge shut the project down, loading it up on a virtual machine and installing it to a bootable USB. And honestly, there's not a whole lot to get excited about—Anonymous-OS is nothing more than a snapshot of a system running Ubuntu 11.10 with a few minor tweaks, redistributed as a live-boot ISO, and packaged with the usual collection of "educational" security tools (some of which may in fact expose you to law enforcement attention).

Sourceforge's move to take down the project had more to do with the shady way in which it was posted than its content. The Sourceforge community team looked at the project, and found it was "a security-related operating system, with, perhaps, an attack-oriented emphasis," the company said in its statement. But they found no evidence it was in any way connected to Anonymous, concluding that the person or persons behind the project were in fact using the name of the group to draw attention.

"By taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old," Sourceforge's spokesperson said in the company statement. "We have therefore decided to take this download offline and suspend this project until we have more information that might lead us to think differently. We’ll be in touch with the project admin, and let you know if and when we find out anything to contrary, but for now, that’s what we’re doing."

What's in the package

Nobody in the security realm is going to shed any tears over the suspension of the Sourceforge project. It is, at best, a poor substitute for other freely available distributions of Linux tailored to security tasks—most notably Backtrack Linux, an Ubuntu-based distribution that comes configured with a much broader selection of penetration testing, hacking, and "stress testing" tools. While I didn't find any evidence of trojans or rootkits while traipsing through its internals (and WireShark records of its network traffic), it's probably most useful as a snapshot of what overeager Anon wannabes would run on the USB stick they keep hidden under their pillow.

Before installing Anonymous-OS, I poked around the contents of its DVD image and found that it was created using Remastersys, a tool that creates a full-system backup of Debian and Ubuntu based operating system installs up to 4GB in size and turns them into bootable DVD images. There's no way to actually install the image onto a system; however, you could waste your time like I did and use UNetbootin to create a bootable USB version of the image.







Update: I performed an integrity check on the Ubuntu components in Anonymous-OS using MD5 checksums. You can see the list of fails here. While most of them were a result of the mangling of the theme to make it look more Anonymous-y, there are a few items that might cause some concern, usr/sbin/anacron among them.

Some of the tools are of questionable value, and the attack tools might well be booby-trapped in some way. But I don't know how much more booby-trapped a tool can get than pointing authorities right back at your IP address as LOIC does without being modified.

Most of the stuff in the "Anonymous" menu here is widely available as open source or as Web-based tools—in fact, a number of the tools are just links to websites, such as the MD5 hash cracker MD5Crack Web. But it's clear there are a number of tools here that are in daily use by AnonOps and others, including the encryption tool they've taken to using for passing target information back and forth.

Other than the tools, there's nothing particularly different in Anonymous-OS from the usual poorly configured Ubuntu installation. There are a few surface changes, including a change in the system configuration that makes the OS version appear as Anonymous-OS in the Ubuntu System Monitor App. It's no wonder Anonymous members are calling this a fake—if it isn't, it's an embarrassment.