Linux kernel source code site hacked

Kernel.org, home of the Linux kernel source code, was reportedly the victim of a security breach last week.

According to ReadWriteWeb and a note on the kernel.org homepage, an unknown intruder or intruders gained root access to the site's main server, known as Hera, as well as a number of other servers.

They made a number of changes to files related to SSH services, added a trojan to startup scripts on a number of systems and logged some user interactions with the breached servers. The upshot, however, is this: there is apparently next to no chance the Linux kernel itself was compromised by the attack, which was discovered on August 28.

According to the site note, that's because each of the nearly 40,000 files within the kernel are protected by a secure SHA-1 hash every time a file is modified. Any changes made by a hacker or hackers would be immediately apparent to the site's administrators, developers and members, though a check is still underway on each and every file to ensure nothing has been modified.

As for how the attack occurred, the leading theory at the moment is that a user's login credentials were stolen, though how the attacker gained root access is still under investigation. In the meantime, all compromised servers have been taken offline and all kernel.org servers will be reimaged to a known safe backup. Authorities in the United States and Europe have also been notified of the attack.

While the breach is likely to result in more than a few headaches for the site's administrators, it is unlikely to have any serious ramifications for the Linux community beyond a reminder that while no security system is entirely secure, a well-designed backup system can often save the day.

Image Credit: Wikipedia
 

Report a problem with article
Previous Story

Sony's first Android tablets priced at $499 and $599

Next Story

Culture of lewd behaviour and "excessive drunkenness" at Microsoft UK, former exec claims

14 Comments

Commenting is disabled on this article.

They made a number of changes to files related to SSH services, added a trojan to startup scripts on a number of systems and logged some user interactions with the breached servers.

But the zealots always told me that Linux doesn't have trojans!??

P.S. Swiss cheese.

RealFduch said,
But the zealots always told me that Linux doesn't have trojans!??
Erm... this is about stolen credentials. And the "trojan" was a script.

Not sure if serious.

tiagosilva29 said,
Erm... this is about stolen credentials. And the "trojan" was a script.

Not sure if serious.

Ya, not sure if you are serious either.

If this was Microsoft, what would someone like yourself say?

When this happened to Microsoft with Win2K code, it was big news, and people lampooned Window's horrible security, even though the measures to gain access were similar...

jingarelho said,
if they got away undetected and have modified kernel source that would be very profitable believe me.

Given the way that the git tool works, they'd have to break SHA-1 to get any changes into the kernel source without detection.

DonC said,

Given the way that the git tool works, they'd have to break SHA-1 to get any changes into the kernel source without detection.

SHA-1 - Schneier Has Access
SHA-2 - Schneier Has Access, two, in fact

DonC said,

Given the way that the git tool works, they'd have to break SHA-1 to get any changes into the kernel source without detection.

True, but if SHA-1 hashed are stored in a comromised server then the SHA-1 hashes could be regenerated. They have to make sure that they check the kernel files against un-compromised SHA-1 hashes.

I hope they remember to change the password or delete the compromised user account after doing the restore. At least until they figure out how they were able to get root access with a non-root account.

Meph said,
Hacking a not-for-profit? Talk about morally wrong...

But, if they made money, it would be okay? Anyone who thinks this is a danger to society, in my opinion. It's not right to attack others for having something that you don't.

Obviously a concern that they got in but fair play to Kernel.org for having the existing security measures in place to protect the content.

Looks like Cpt. Hindsight isn't needed here.