An Ubuntu operating system developed under the auspices of the Anonymous movement has been taken down from SourceForge due to security concerns.
The operating system came preloaded with anonymity and hacking applications including ParaloaPass and Pyloris, which allow password-cracking, SQL injection and anonymous surfing via the Tor network.
The rare take-down followed a tweet circulating yesterday from popular Anonymous account AnonOps that claimed the AnonOS was "laced with trojans".
AnonOps did not respond to requests sent immediately after by SC Magazine for more information on the claim.
The SourceForge website, which hosted the project, removed the operating system citing "security concerns" raised in a BBC story.
"...As the day progressed, various security experts have had a chance to take a look at what's really in this distribution, and verify that it is indeed a security risk, and not merely a distribution of security-related utilities, as the project page implies," SourceForge said in a statement.
It may relist the project pending further analysis. AnonOS was also available via BitTorrent.
Trend Micro director of security research Rik Ferguson told the BBC he had not established whether the operating system was "booby trapped" with trojans or backdoors.
Similar news coverage of the operating system had merely flagged the potential for it to be a security risk because its source code was not open.
SourceForge, too, flagged concerns about the lack of openess in the project.
"SourceForge, and the Open Source community as a whole, values transparency, particularly where issues of security are involved," the organisation said.
"This project isn't transparent with regard to what's in it.
"It is critical that security-related software be completely open to peer review (i.e., by providing source code), so that risks may be assessed along with benefits. That is not available in this case, and the result is that people are taking a substantial risk in downloading and installing this distribution."
It said the offensive security components in AnonOS – also common in platforms such as BackTrack – did not breach its terms and conditions.
"We have, in the past, taken a consistent stance on 'controversial' projects - that is, we don't pass judgement based on what's possible with a product, but rather consider it to be amoral - neither good nor bad - until someone chooses to take action with it."
rkhunter log analysis.
SourceForge also claimed the project had taken on an "intentionally misleading name" which attempted to "capitalise on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old".
Yet the Anonymous collective was a leaderless movement, illustrated by its popular mantra "we are all Anonymous".
Sophos chief technology officer Paul Ducklin told SC Magazine Australia yesterday that examining the security integrity of the system would be complex. He said users should use more established Linux operating systems.
"Why would you download this when there are more trusted quality systems available?" he said.
So far 40,000 users have downloaded the operating system.