Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kernel.org Attackers Didn't Know What They Had

Posted by Soulskill on from the you-never-appreciate-it-until-it's-gone dept.

Trailrunner7 writes "The attack that compromised some high-value servers belonging to kernel.org — but not the Linux kernel source code — may have been the work of hackers who simply got lucky and didn't realize the value of the servers that they had gotten their hands on. The attackers made a couple of mistakes that enabled the administrators at kernel.org to discover the breach and stop it before any major damage occurred. First, they used a known Linux rootkit called Phalanx that the admins were able to detect. And second, the attackers set up SSH backdoors on the compromised servers, which the admins also discovered. Had the hackers been specifically targeting the kernel.org servers, the attack probably would've looked quite different." A few blog posts in the wake of the attack have agreed with the initial announcement; while it was embarrassing, the integrity of the kernel source is not in question.

8 of 183 comments (clear)

  1. The truth by Iskorptix · · Score: 1, Insightful

    I think the truth is that failers trying to save their asses and trying to make themselves heroes here.

  2. Spin by 93+Escort+Wagon · · Score: 4, Insightful

    Given that they attackers hacked the server a minimum of 17 days before it was detected, I'm not sure I'm going to buy into a story that makes the attackers sound clueless and the server admins smart and on the ball.

    --
    #DeleteChrome
    1. Re:Spin by microbee · · Score: 4, Insightful

      Yeah, just admit failure and do better next time. No need to blog about how a trivial issue it was.

  3. Re:and after reading the articles.... by Samantha+Wright · · Score: 5, Insightful

    That's pretty much it. Malicious control over the master copy of the kernel source means you can bake a rootkit into everything everywhere with enough clever code. All it takes is one generation of bad files to silently patch all successive copies during compilation, and you've got the stuff that cypherpunk nightmares are made of.

    --
    Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
  4. Feeling better by ChatHuant · · Score: 5, Insightful

    I was concerned about the fact that a high profile like kernel.org site was rooted, but knowing it didn't take a sophisticated and highly knowledgeable penetration team but just a group of bumbling script kiddies makes it all better.

  5. Two ways to look at this... by CajunArson · · Score: 4, Insightful

    The first way: Haha, these skiddies didn't have what it takes to effectively hide their cracking.

    The second way: Skiddies were able to crack kernel.org using automated cracking tools just Windows, no evil genius required.

    --
    AntiFA: An abbreviation for Anti First Amendment.
  6. Re:The motive doesn't matter. It's time for action by LordLimecat · · Score: 3, Insightful

    Question, how would OpenBSD prevent them from getting into the server with compromised username and password? Or from running arbitrary code once they do so?

  7. Re:The motive doesn't matter. It's time for action by LordLimecat · · Score: 3, Insightful

    Yes, well everyone knows those kernel.org sysops are a bunch of pushover newbies. Im sure you can do way better with the scope and size of the systems they deal with.