Hackers gain root access to Linux repository Kernel.org

By Lee Kaelin on September 1, 2011, 6:00 PM

Kernel.org, a site that distributes Linux source kernels, has suffered a breach of security according to a leaked email by Chief Administrator John Hawley. First noticed on August 28, it's believed multiple infected servers sat undetected for 17 days. 

Shortly after the leaked email went public, Kernel.org released a statement confirming intruders had gained root access to at least one server. The intruders reportedly gained access to the server with compromised user credentials, but it's unknown how they obtained root access from there.

Files belonging to SSH were modified and running live. A Trojan was also added to the start-up scripts and all user interactions were logged, possibly compromising usernames and passwords.

The infected servers have been taken offline with backups made pending further investigation and full analysis on the code in Git. All servers will have full reinstalls and the respective authorities in Europe and the United States have been notified.

One major advantage in the case of Kernel.org is that the Git version control system is used to manage the entire development lifecycle of kernel packages. Each version of every package has its own cryptographically secure SHA-1 hash calculated, which changes as the package does. This creates a development history for each package, making it impossible to introduce changes without them being noticed.

Many will consider this attack to be a serious problem, but Kernel.org moved quickly to reassure everyone that repositories remained unaffected and they are working closely with the hundreds of users of kernel.org to change passwords and SSH keys.

They are also going to audit all security policies and make improvements if required to ensure this is a onetime event. The site was keen to note that it takes security seriously and is pursuing all avenues to find the attackers and prevent future infiltrations




User Comments: 17

Got something to say? Post a comment
NTAPRO NTAPRO said:

What would the main reason for doing something like this? A motive probably isn't needed anyway...

RH00D RH00D said:

But... But... But Linux is unhackable!!! amirite?

Cota Cota said:

RH00D said:

But... But... But Linux is unhackable!!! amirite?

Sadly no because if you know how it works you can just hack it, and if you make your servers really hardcore closed whit verification's and really secure encryptions it will slow them down (rite SONY?).

Guest said:

it's mostly hackable when dumb shits get floppy with their credentials.

"reportedly gained access to the server with compromised user credentials,"

Archean Archean, TechSpot Paladin, said:

@RH00D & Cota

It is more like that many Linux lovers don't want to accept that 'nothing is secured, and that nothing also includes Linux'.

Guest said:

Damn Chinese...

caravel said:

@RH00D & Cota

It is more like that many Linux lovers don't want to accept that 'nothing is secured, and that nothing also includes Linux'.

Or... you could actually read the article and the original news article here - rather than venting your own silly prejudices?

I saw this yesterday and knew it would have some of the typical windows fanboys masturbating with glee - I expected more of you though - pity.

it's mostly hackable when dumb shits get floppy with their credentials.

"reportedly gained access to the server with compromised user credentials,"

That is actually what occurred - the server wasn't "hacked"...

Nothing is unhackable and no one has ever made such a claim. But there is a reason that most of the world's web servers are running some kind of *nix rather than windows...

Archean Archean, TechSpot Paladin, said:

Nothing is unhackable.

Well you contradicted yourself after replying to my comment haven't you? By the way I said exactly the same thing but differently. Slight pause will always help understand what is being said and what actually it means, usually something which many people lacks anyway.

But there is a reason that most of the world's web servers are running some kind of *nix rather than windows...

Very true, and something which I don't remember I negated in any way ever.

caravel said:

As far as I can tell, the intruder(s) gained root access via compromised user credential (i.e. someone guessed or discovered a username and password) and then proceeded to inject their own exploit into the kernel source git tree...

3.1-r2 has blocked the exploit injector for reasons unknown - so the exploit won't be in kernels newer than that...

It does however all reflect quite badly on the kernel.org server admins who apparently took 17 days to detect this and have so far not been forthcoming enough with information... In short - some arses need to get kicked there.

My point is it's hardly "OMFGWTF 1!NUX W4Z H4X0RD!!!!11111"...

MrAnderson said:

Did they do any harm or are they eager to get the latest kernel before it is even placed into the latest build CVS??

Or is this a way to make the security to guard Linux the best by exposing the weaknesses??

TorturedChaos, TechSpot Chancellor, said:

It would be scary if they could inject a trojan into the Linux kernel, an no one catches it. With the number of servers that run off of some short on Linux, and a compromised kernel updated to them that could wreck untold havoc.

Very scary to think about.....

caravel said:

Did they do any harm or are they eager to get the latest kernel before it is even placed into the latest build CVS??

The kernel uses Git rather than CVS or SVN - Torvalds would never use CVS...

They did "harm" yes - they rooted the server, and injected code... as the article at kernel.org states.

Or is this a way to make the security to guard Linux the best by exposing the weaknesses??

It will certainly be a (hugely embarrassing) virtual kick up the **** for the server admins yes. Hopefully lessons will be learned here...

RH00D RH00D said:

caravel said:

I saw this yesterday and knew it would have some of the typical windows fanboys masturbating with glee - I expected more of you though - pity.

I like the part where you think I'm a Windows fanboy. For all you know I could be running 3 Linux machines and no other OS.

caravel said:

But... But... But Linux is unhackable!!! amirite?

I like the part where you think I'm a Windows fanboy. For all you know I could be running 3 Linux machines and no other OS.

Well... I do apologise for making such an assumption... based on my taking that comment as a purely sarcastic one, from someone running windows... silly me... next time I see such a comment from someone running Windows 7 x64 - I will assume they are running OpenBSD or Solaris just to be on the safe side...

RH00D RH00D said:

caravel said:

But... But... But Linux is unhackable!!! amirite?

I like the part where you think I'm a Windows fanboy. For all you know I could be running 3 Linux machines and no other OS.

Well... I do apologise for making such an assumption... based on my taking that comment as a purely sarcastic one, from someone running windows... silly me... next time I see such a comment from someone running Windows 7 x64 - I will assume they are running OpenBSD or Solaris just to be on the safe side...

The funny thing is that I actually do run a Linux machine. I enjoy Linux just as much as I enjoy Windows. Because I can acknowledge and accept that they both have pros and cons. Obviously that's something you're still having difficulty with.

caravel said:

Obviously that's something you're still having difficulty with.

Ah... so now you're making assumptions... how do you know I'm not running three windows 7 x64 boxes?

onlyjustincase said:

Well the main website is now back up online:

http://kernel.org/

but all the subdomains are still down unfortunately:

https://bugzilla.kernel.org/

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.