Urgent Investigation Needed: Potential Widespread Tampering Linux Distributions Across Diverse Variants [closed]
I am writing to express my deep concern about potential widespread vulnerabilities affecting multiple Linux distributions. While my findings are based on personal experiences and require further verification, I urge the security community to investigate this matter urgently. The dire urgency for this is valid as when the Linux operating system/distro customer/user base is compromised and whilst compromised the attackers or bad actors take the opportunity to advance their methods with all new updates the distro receives making them ahead of the game, and thousands of users completely unaware possibly installing what they have as an end user immutable os, whilst installing the culprits modified using root permissions completely hijacking it, the user wouldn't even know it has happened. I upon booting all tested distros also discovered grub bootloader params by clicking e on boot menu entry stage, instead of for example linux /boot/linux it was $linux ($root)/boot/linux console=tty0 and other console and uuid and system identifier obtaining commands literally obtaining and bypassing even if one utilized cryptsetup luksFormat and all security options this would easily get past it.
Linux distros must urgently change the bootloader and remove all remote connectivity protocols and possibilities of a remote incoming system executing any runs as how it stands at present it is vulnerable and hacked and modified before setup even gets halfway.
Affected Distros: I have tested a significant number of Linux distributions, including (list all the distributions you mentioned: Makulu Linux, Ubuntu Linux, OpenSUSE, Blend OS, Debian, Fedora, Red Hat, Oracle with UEK, Arch Linux, Athena OS, Nix OS, OpenSUSE ALP, MicroOS, Archcraft, Deepin, Nitrux, Void, etc.).
Observed Modifications: On all tested distros, I encountered the following concerning modifications: Bootloader alterations, potentially allowing unauthorized changes. Installation of unauthorized packages and libraries, including "kmod-static-nodes," "user-session-scope.socket," "avahi-daemon," "sshd," "cups-browsed," "exim," "vim," "telnet," "samba," "cron," "anacron," "cronny," "anacron," "getty," and many many others visible by simply running systemctl. Also /bin /sbin /etc are flooded with hundreds literally executable bash python etc items such as (containing the words) "ghost" "script" "get" "clone" "remote" "scope" "mirror" "config" "rdp" "ssh" "avahi" "cups" "telnet" "brltty" "tty" "mod" "exec" "read" "redirect" "symlink" etc. Presence of systemd exploits within distros not using systemd. Modified package list during installation, bypassing user selection. Full root access granted to unauthorized entities.
Timeline: These modifications occurred consistently and promptly after initiating the installation process across all tested distros. Disclaimer: I acknowledge that my findings are based on personal testing and require further investigation by the security community. I urge the security community, to urgently take action and find out how this can occur, either my router or network connection itself or router firmware has somehow become compromised to allow the iso or img of various operating systems to be modified as it is being downloaded or it is via other means, my system is an intel i7 12700 12th gen cpu alderlake, gigabyte h610m-h-ddr4 rev 1.1 motherboard with FS version bios update, 32gb ddr4 corsair (x2 by 16GB) modules of ram, x1 240gb nvme, x1 1tb ssd and x1 2tb ssd, router in use is a Nokia beacon 1.1 I logged into the web version of the routers interface and disabled all other wifi ssid's from being broadcast and hid them from being shown or advertised, firewall is set to high, a complex password has been added, no wifi card nor bluetooth in PC. It is alarming.
Verify my findings: Attempt to reproduce the observed modifications on various Linux distributions.
Investigate the root cause: Determine the source and mechanism behind these potential vulnerabilities.
Disseminate findings: Share information and collaborate to raise awareness and develop solutions.
Notify relevant authorities: Report vulnerabilities through official channels within each affected distribution.
I have taken measures to ensure the security of my systems and avoided using any potentially compromised installations.
If you can all assist and spread the word, as this is now a real scenario having had occurred to me, on each install I downloaded the media clean, I ensured I wiped the disks of all partitions and the issue kept occuring this is a very urgent call if you can spread the word we can get this resolved, as I wish to re iterate the issue here, one operating system/distro base gives a foothold to affect others if left unresolved, already but still not quite able to affect Chrome OS Flex , Chrome OS Flex does end up within first run in a timeframe of 10 minutes offer a system update if I click on restart on this notification the system refuses to boot up again. I am suspecting an automated adverserial AI attack, possibly uniquely targeting me, but if this is possible, then there are others that will want this ability too and sadly many do pay and offer an incentive for such actions.
