Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kernel.org Attackers Didn't Know What They Had

Posted by Soulskill on from the you-never-appreciate-it-until-it's-gone dept.

Trailrunner7 writes "The attack that compromised some high-value servers belonging to kernel.org — but not the Linux kernel source code — may have been the work of hackers who simply got lucky and didn't realize the value of the servers that they had gotten their hands on. The attackers made a couple of mistakes that enabled the administrators at kernel.org to discover the breach and stop it before any major damage occurred. First, they used a known Linux rootkit called Phalanx that the admins were able to detect. And second, the attackers set up SSH backdoors on the compromised servers, which the admins also discovered. Had the hackers been specifically targeting the kernel.org servers, the attack probably would've looked quite different." A few blog posts in the wake of the attack have agreed with the initial announcement; while it was embarrassing, the integrity of the kernel source is not in question.

3 of 183 comments (clear)

  1. Re:Or maybe by Anonymous Coward · · Score: 2, Interesting

    Or maybe, just maybe, the hackers wanted to appear that they didn't realize what they had gotten their hands on. I'm not trying to cause any tinfoil hats to come out, but I would still check everything.

  2. Re:Spin by Rogerborg · · Score: 4, Interesting

    We totally hadn't detected any intrusion!

    Uh... then we did.

    But we totally haven't detect any meddling with the sources

    Uh...

    --
    If you were blocking sigs, you wouldn't have to read this.
  3. Detection?? by Anonymous Coward · · Score: 2, Interesting

    With Chkrootkit having seen its last update sometime 2009 and RK Hunter also being on the backburner, how does one even check these days for rootkits and other nasties like it? Suggestions?