The open-source collaboration website SourceForge on Thursday removed a Linux OS project allegedly affiliated with the online activist group Anonymous, after security experts said it could be harmful.
SourceForge said the project does not appear to be connected with Anonymous, has an intentionally misleading name and is not transparent, particularly in regards to security.
“We have therefore decided to take this download offline and suspend this project until we have more information that might lead us to think differently,” SourceForge’s Community Team wrote in a blog post.
The operating system, called Anonymous-OS, is an Ubuntu Linux distribution, skinned with Anonymous logos and mottos. It is preloaded with a variety of well-known tools for attacking websites, masking and analyzing internet traffic, and communication.
Anonymous is a loose collective of online activists that has campaigned against corporate and government policies it opposes by attacking websites and stealing sensitive data. The group suffered a major setback earlier this month when it was revealed that one of its top leaders was secretly working for the FBI and facilitated evidence collection against a handful of other alleged ringleaders.
Anonymous-OS was released on a Tumblr.com blog on Tuesday and since then been denounced by long-running Twitter accounts known to be affiliated with Anonymous. “AnonOps” wrote on Twitter that the distribution is fake and wrapped with Trojans, a reference that it may contain malicious software.
Another outlet for the group, posting on Twitter as “Anonymous”, wrote: “We are not responsible for other people’s lack of common sense. We repeatedly posted Anon-OS is not to be trusted”.
Graham Cluley, senior technology consultant for security vendor Sophos, wrote on the company’s Naked Security blog that while the company hasn’t analyzed the code, “it wouldn’t be a surprise if there was a Trojan element sneaked into Anonymous OS”.
On Thursday, the Tumblr.com blog promoting Anonymous-OS appeared to deny that the software contained malicious code, posting the results of a scan for harmful code on Pastebin that showed it allegedly showed it was free of rootkits.
SourceForge said Anonymous-OS appears to be security related with an “attack-oriented emphasis,” but the organization typically doesn’t pass judgment on projects. SourceForge said it runs the risk of wrongly classifying a project as malicious, and it doesn’t want to forfeit the trust of the developer community.
But “we believe this is the right decision in this case,” the group said.
Send news tips and comments to jeremy_kirk@idg.com