Hackers gain root access to Linux repository Kernel.org

Matthew DeCarlo

Matthew DeCarlo

Posts: 5,271   +104
Staff

Kernel.org, a site that distributes Linux source kernels, has suffered a breach of security according to a leaked email by Chief Administrator John Hawley. First noticed on August 28, it's believed multiple infected servers sat undetected for 17 days. 

Shortly after the leaked email went public, Kernel.org released a statement confirming intruders had gained root access to at least one server. The intruders reportedly gained access to the server with compromised user credentials, but it's unknown how they obtained root access from there.

Files belonging to SSH were modified and running live. A Trojan was also added to the start-up scripts and all user interactions were logged, possibly compromising usernames and passwords.

The infected servers have been taken offline with backups made pending further investigation and full analysis on the code in Git. All servers will have full reinstalls and the respective authorities in Europe and the United States have been notified.

One major advantage in the case of Kernel.org is that the Git version control system is used to manage the entire development lifecycle of kernel packages. Each version of every package has its own cryptographically secure SHA-1 hash calculated, which changes as the package does. This creates a development history for each package, making it impossible to introduce changes without them being noticed.

Many will consider this attack to be a serious problem, but Kernel.org moved quickly to reassure everyone that repositories remained unaffected and they are working closely with the hundreds of users of kernel.org to change passwords and SSH keys.

They are also going to audit all security policies and make improvements if required to ensure this is a onetime event. The site was keen to note that it takes security seriously and is pursuing all avenues to find the attackers and prevent future infiltrations

Permalink to story.

https://www.techspot.com/news/45323-hackers-gain-root-access-to-linux-repository-kernelorg.html

 
What would the main reason for doing something like this? A motive probably isn't needed anyway...
 
RH00D said:
But... But... But Linux is unhackable!!! amirite?
Click to expand...

Sadly no because if you know how it works you can just hack it, and if you make your servers really hardcore closed whit verification's and really secure encryptions it will slow them down (rite SONY?).
 
it's mostly hackable when dumb shits get floppy with their credentials.

"reportedly gained access to the server with compromised user credentials,"
 
@RH00D & Cota
It is more like that many Linux lovers don't want to accept that 'nothing is secured, and that nothing also includes Linux'.
 
Archean said:
@RH00D & Cota
It is more like that many Linux lovers don't want to accept that 'nothing is secured, and that nothing also includes Linux'.
Click to expand...
Or... you could actually read the article and the original news article here - rather than venting your own silly prejudices?

I saw this yesterday and knew it would have some of the typical windows fanboys masturbating with glee - I expected more of you though - pity.

Guest said:
it's mostly hackable when dumb shits get floppy with their credentials.

"reportedly gained access to the server with compromised user credentials,"
Click to expand...
That is actually what occurred - the server wasn't "hacked"...

Nothing is unhackable and no one has ever made such a claim. But there is a reason that most of the world's web servers are running some kind of *nix rather than windows...
 
Nothing is unhackable.
Click to expand...

Well you contradicted yourself after replying to my comment haven't you? By the way I said exactly the same thing but differently. Slight pause will always help understand what is being said and what actually it means, usually something which many people lacks anyway.

But there is a reason that most of the world's web servers are running some kind of *nix rather than windows...
Click to expand...

Very true, and something which I don't remember I negated in any way ever.
 
As far as I can tell, the intruder(s) gained root access via compromised user credential (i.e. someone guessed or discovered a username and password) and then proceeded to inject their own exploit into the kernel source git tree...

3.1-r2 has blocked the exploit injector for reasons unknown - so the exploit won't be in kernels newer than that...

It does however all reflect quite badly on the kernel.org server admins who apparently took 17 days to detect this and have so far not been forthcoming enough with information... In short - some arses need to get kicked there.

My point is it's hardly "OMFGWTF 1!NUX W4Z H4X0RD!!!!11111"...

:rolleyes:
 
Did they do any harm or are they eager to get the latest kernel before it is even placed into the latest build CVS??

Or is this a way to make the security to guard Linux the best by exposing the weaknesses??
 
It would be scary if they could inject a trojan into the Linux kernel, an no one catches it. With the number of servers that run off of some short on Linux, and a compromised kernel updated to them that could wreck untold havoc.
Very scary to think about.....
 
MrAnderson said:
Did they do any harm or are they eager to get the latest kernel before it is even placed into the latest build CVS??
Click to expand...
The kernel uses Git rather than CVS or SVN - Torvalds would never use CVS...

They did "harm" yes - they rooted the server, and injected code... as the article at kernel.org states.

MrAnderson said:
Or is this a way to make the security to guard Linux the best by exposing the weaknesses??
Click to expand...
It will certainly be a (hugely embarrassing) virtual kick up the **** for the server admins yes. Hopefully lessons will be learned here...
 
caravel said:
I saw this yesterday and knew it would have some of the typical windows fanboys masturbating with glee - I expected more of you though - pity.
Click to expand...
I like the part where you think I'm a Windows fanboy. For all you know I could be running 3 Linux machines and no other OS.
 
RH00D said:
But... But... But Linux is unhackable!!! amirite?
Click to expand...
RH00D said:
I like the part where you think I'm a Windows fanboy. For all you know I could be running 3 Linux machines and no other OS.
Click to expand...
Well... I do apologise for making such an assumption... based on my taking that comment as a purely sarcastic one, from someone running windows... silly me... next time I see such a comment from someone running Windows 7 x64 - I will assume they are running OpenBSD or Solaris just to be on the safe side...

:rolleyes:
 
caravel said:
RH00D said:
But... But... But Linux is unhackable!!! amirite?
Click to expand...
RH00D said:
I like the part where you think I'm a Windows fanboy. For all you know I could be running 3 Linux machines and no other OS.
Click to expand...
Well... I do apologise for making such an assumption... based on my taking that comment as a purely sarcastic one, from someone running windows... silly me... next time I see such a comment from someone running Windows 7 x64 - I will assume they are running OpenBSD or Solaris just to be on the safe side...

:rolleyes:
Click to expand...
The funny thing is that I actually do run a Linux machine. I enjoy Linux just as much as I enjoy Windows. Because I can acknowledge and accept that they both have pros and cons. Obviously that's something you're still having difficulty with.
 
You must log in or register to reply here.

Similar threads

A
Russian state-sponsored hackers compromised Microsoft source code repositories
Replies
16
Views
385
ZedRM
ZedRM
A
Russian hackers accessed Microsoft's corporate network for a month
2
Replies
32
Views
744
ZedRM
ZedRM
Daniel Sims
Jailbroken Wiis gain access to a revived digital storefront
Replies
14
Views
373
ZedRM
ZedRM

Latest posts

Back