Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux.org's DNS Got Hijacked (linux.org)

Posted by EditorDavid on from the content-mismanagement-systems dept.

Linux.org reports: Wednesday afternoon around 5pm EST someone was able to get into the registrar account for our domain and point DNS to another server -- as well as lock us out from changing it. They pointed the domain name to a pretty rude page for most of the evening until Cloudflare stepped in and blocked the domain for us.

After a lot of back and forth with our registrar, we were able to get things back under our control. I'd like to point out that our server environment was not touched so there are no worries about your data. We've gone over security protocols and are tightening things up that may have slipped through in the past. Thanks for your support!
Linux.org apparently pointed to a page exclaiming "G3T 0WNED L1NUX N3RDZ", which also included a NSFW picture, some abusive language, a shout-out to recently-deceased programmer Terry Davis, and a link to an article about Linus Torvalds' controversial apology for "his hostile behavior towards others in the community."

Long-time Slashdot reader Grady Martin says he also saw the page pointing to "presumably doxed info" about the creator of Linux's code of conduct, a fact confirmed by a report in the Register. "As for how it was hacked, [Linux.org owner Mike] McLagan blames the public Whois displaying his partner's email address -- presumably the hacker worked their way into the Yahoo email account listed as the admin of the site and from there requested a password change in her Network Solutions account to gain access to the domain."

62 comments

  1. It's now sunday. by BlacKSacrificE · · Score: 5, Funny

    It took 4 days for the hacking of one of the biggest tech community sites on the internet to land on /.? Really? We gunna see a story about the Falcon 9 water landing next Friday?

    --
    [Sorry, this signature is unavailable in your country/region]
    1. Re:It's now sunday. by Anonymous Coward · · Score: 0

      "It took 4 days for the hacking of one of the biggest tech community sites on the internet to land on /.?"

      One of the biggest the community sites?
      Did you ever visit Linux.org?

      It's such a big and well-known community that Wikipedia has no article about it.
      Even though it has articles about e.g. https://en.wikipedia.org/wiki/Linux.conf.au

    2. Re: It's now sunday. by Anonymous Coward · · Score: 2, Funny

      Sorry. My mom grounded me and changed the wifi password.

    3. Re:It's now sunday. by Anonymous Coward · · Score: 0

      I've used Linux since 1999 and I don't think I've never gone to Linux.org.

    4. Re:It's now sunday. by Anonymous Coward · · Score: 0

      Yeah, worst part of slashdot is the timing on some articles.

    5. Re:It's now sunday. by DontBeAMoran · · Score: 1

      You don't think you've never gone to Linux.org

      Is that a new form of double-negative?

      --
      #DeleteFacebook
    6. Re: It's now sunday. by Anonymous Coward · · Score: 0

      Not that can not be recalled.

    7. Re:It's now sunday. by 110010001000 · · Score: 0

      Rei submits anything Musk related immediately.

    8. Re: It's now sunday. by jd · · Score: 2

      I visit it regularly. Ok, that's because I actually am a nerd and many here are only here to scream at each other or use mod points as an offensive weapon.

      It's fairly obvious that the attack was by one of the alt-right morons we seem to be infected with, who aren't interested in the community unless they can hijack it.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    9. Re: It's now sunday. by jd · · Score: 1

      No, it's been discussed a few times.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    10. Re:It's now sunday. by AmiMoJo · · Score: 2, Interesting

      Because someone was doxed it was probably best to wait until they had at least removed that information. Not point amplifying the doxing.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    11. Re:It's now sunday. by Anonymous Coward · · Score: 0

      No. You're going to see the falcon 9 water landing story repeated at least 6 times, for the next 3 weeks because Beau isn't paying attention again ;)

      I mean, honestly, this is /.

    12. Re:It's now sunday. by Anonymous Coward · · Score: 1, Insightful

      I love how they call him the creator of the code of conduct. Apparently copy pasting what some other person created on a feminist wiki is enough to give you creative ownership over a text.

      This is a great standup joke:
      So there was a 1st World white middle-aged man whose only skill was tweeting 16 hours a day and he didn't feel very white because of it since most other whites had skills worth a shit, and he needed a break out. So one day he used transgenderism as a vehicle in hopes of waiving his white privilege and copy pasted a code of conduct someone else wrote on some feminist wiki and he tweeted about it 16 hours a day and was referred to as the creator like in this dumbshit article, while a band of his social justice friends patted him on the back and begged for this poor 1st world middle-aged white man's patreon page to be funded by 2nd and 3rd world people since it would be untoward for him to do it directly, resulting in the biggest and most pathetic showcase of a gold digging 1st world middle-aged white male whore doing his thing and pulling a scam on a community of people too socially retarded to recognize this scam for what it is or to realize these nuances of a 1st world middle-aged white male trying to act like his livelihood and existence is more oppressed than fucking 2nd and 3rd worlders.

    13. Re:It's now sunday. by thegarbz · · Score: 3, Funny

      It took 4 days for the hacking of one of the biggest tech community sites on the internet to land on /.? Really? We gunna see a story about the Falcon 9 water landing next Friday?

      I know right? Record time for Slashdot.

    14. Re: It's now sunday. by Anonymous Coward · · Score: 0

      I agree man. Not point. Totally not point.

    15. Re: It's now sunday. by umghhh · · Score: 1

      By using a word 'moron' and throwing allegations you joined the screaming crowd that you complained about.
      If you were AS I would even considering a trolling but as you are in full glory here I'd say your comment is not as valid as it could have been if it were posted w/o pointing fingers and verbal abuse.

    16. Re: It's now sunday. by Aighearach · · Score: 2

      They're called neckbeards. The whole "alt-right" movement was birthed by a neckbeard, wizard, hot grits, and a fertility spell gone awry.

      It all started here, Grampy.

    17. Re: It's now sunday. by Anonymous Coward · · Score: 0

      Real nerds don't visit a 'how to' site for Linux tips. Same with stack overflow. I think you're confusing nerds with fanbois who listen to the Linux Action Show.

    18. Re:It's now sunday. by Anonymous Coward · · Score: 0

      I love how they call him the creator of the code of conduct. Apparently copy pasting what some other person created on a feminist wiki is enough to give you creative ownership over a text.

      Copy-pasting gives no credit - just means the person is not creative.

      Copy-pasting a COC from a feminist wiki is a special kind of insane, and so he deserves every punishment imaginable - even being called author of that dreck.

    19. Re: It's now sunday. by Anonymous Coward · · Score: 0

      I visit it regularly. Ok, that's because I actually am a nerd and many here are only here to scream at each other or use mod points as an offensive weapon.

      It's fairly obvious that the attack was by one of the alt-right morons we seem to be infected with, who aren't interested in the community unless they can hijack it.

      They're like Hitler. Literally Hitler. I also blame Trump becoz Trump eats immigrant babies, it's a fact. And white males becoz too much privilege. I would blame those innocent looking cisgendered white females but we all know they are literally satan.

    20. Re: It's now sunday. by rtb61 · · Score: 0

      Well actually in reality, the alt-right was started as an alternate to the corporate Republicans, more libertarian in approach. This was considered a threat by the establishment and they trotted out some paid for nazis to rebrand the alt-right as white supremacy, so a deep state/shadow government rebranding of the alt-right. It all came about when the Greens and the Libertarians found they had more in common with each other, then either did with the corporate Republicans and the corporate Democrats, who in reality are much the same, legislation for sale to the highest bidder, foreign or domestic, so couldn't let that happen and SJW shite and fake left emerged there in after, again deep state and shadow government plots and schemes, the whole identity politics thing an establishment lie carried by totally disingenuous corporate main stream media who routinely gives voice to the nuttiest identitarian gender freaks. Disclosure, I have chosen my own identity and my preferred pronoun is cheeky bastard, ask me that in public and I will dare you to ask all the cheeky bitches in that locale to put up their hand ;D.

      --
      Chaos - everything, everywhere, everywhen
    21. Re: It's now sunday. by Anonymous Coward · · Score: 0

      I agree man. Not point. Totally not point.

      Wow, typical judgmental white male. Why can't you do something useful with your privilege?

    22. Re: It's now sunday. by Anonymous Coward · · Score: 0

      The alt-right brand was made up by Republicans to make it politically acceptable.
      The movement itself started in Germany about a century ago.

    23. Re: It's now sunday. by Anonymous Coward · · Score: 0

      Shut up you fake news faggot shill INCEL genocidaire deplorable uneducated cis-hetero gaylord running dog trumptard Russian NAZI alt-right bolshevik anti-Semitic Zionist Chinese cock-gobbling fascist mansplaining French fundamentalist SJW shitfucker MRA strawman trailer trash inbred lesbian Hillaryist feminazi richie rich ghetto alt-left white supremacist PEDOPHILE wetback spic mick wop nlgger chink kike redneck dago camel jockey bourgeois puritanical crackhead liberturdian commie TRAITOR!

    24. Re:It's now sunday. by Anonymous Coward · · Score: 0

      It took 4 days for the hacking of one of the biggest tech community sites on the internet to land on /.? Really? We gunna see a story about the Falcon 9 water landing next Friday?

      Linux.org? I haven't visited that site in years.

      Move along, folks. Nothing to see here.

    25. Re:It's now sunday. by BlackOverflow · · Score: 1

      It means he has constantly been on linux.org since 1999.

    26. Re: It's now sunday. by jd · · Score: 1

      The statement is factually correct and the categorization appropriate. Sorry you don't like it.

      I am also playing the 4-digit UID Joker Card, which gives me a free excuse.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  2. social engineering by hunter44102 · · Score: 2

    Looks like social engineering attacks still work in 2018, and Linux / community is not immune to it. There is no organization or company that can't be fooled if they believe the person/email/account is legit. The email address of high access users is capable of lots of damage even if temporary

    1. Re:social engineering by TFlan91 · · Score: 1

      The registrar wasnt the one being fooled. They were reacting to a "legitimate" email address password reset.

      If you've been on /. Long enough, you'll remember countless stories about how ALL Yahoo emails were breached. This was during the proposed sale to Verizon (?).

      My wife had a Yahoo account, it took awhile to convince her to move elsewhere, but only because it was entrenched in the services she used.

      Yea it's a PITA, but of you have a Yahoo email address, migrate immediately to anywhere else.

  3. Yahoo.... by TFlan91 · · Score: 4, Insightful

    I'm sorry, if you still have a Yahoo email that controls anything of value, you're an idiot and this is well deserved.

    1. Re: Yahoo.... by Anonymous Coward · · Score: 0

      Unlikely. Important decisions are always made by people in person, never through DNS records or email. I am so sorry to turn your mental world upside down

  4. Re:Hotmail? by mveloso · · Score: 1

    Wow, it's almost as bad as having a hotmail account. I mean seriously, it's 2018. A yahoo email address? Did he get it so he could do email push with the iPhone 1?

  5. Re:Hotmail? by DontBeAMoran · · Score: 2

    Yahoo
    Hotmail
    Gmail

    Which one really is safer?

    --
    #DeleteFacebook
  6. Re:Hotmail? by KiloByte · · Score: 1

    Might still be better than gmail. I'm so happy keeping mail servers working is no longer a part of my work duties -- "can't send mail to site X" had X = gmail in at least 80% cases, as they invent a standards-defying policy once than a couple of months. And tossing ham into a spam box without a reject to the sender makes gmail unfit for your kid's kindergarten invites, much less some important stuff.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  7. And the Registrar is ... by hcs_$reboot · · Score: 1
    NetSol!

    Domain Name: LINUX.ORG
    Registry Domain ID: D2338975-LROR
    Registrar WHOIS Server: whois.networksolutions.com
    Registrar URL: http://www.networksolutions.com/
    Updated Date: 2018-12-07T19:00:36Z
    Creation Date: 1994-05-10T04:00:00Z
    Registry Expiry Date: 2027-05-11T04:00:00Z

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  8. Re: And the NSFW pic is ... by Anonymous Coward · · Score: 0

    https://web.archive.org/web/20181206232921im_/https://www.linux.org/asshole.jpg

  9. RIP Terry Davis by treymichaelcook · · Score: 1

    I just want to give a shout out for Terry Davis, and hope he is working on his TempleOS in the sky. Also, f*ck glow in the dark CIA n1ggers.

    1. Re:RIP Terry Davis by Anonymous Coward · · Score: 0

      based and redpilled

  10. Re:Hotmail? by Ol+Olsoc · · Score: 2

    Yahoo Hotmail Gmail

    Which one really is safer?

    Running a number of Sigs, my experience is that if someone is hacked, the odds that they are using a Yahoo email account is pretty overwhelming.

    It does say something that the creator of Linux's Code of Conduct is using a Yahoo email address. That is the realm of the computer inept, the land of passwords like password1, or 1234567.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  11. Re:Hotmail? by AmiMoJo · · Score: 1, Informative

    It wasn't author of the CoC's email address that was used for the DNS records, it was the site owner.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  12. Verification by jd · · Score: 4, Interesting

    DNS hijacking has been a problen in the past, resulting in DNS registrars swearing blind that they'll never again change ownership without verfying ownership over the phone.

    NS obviously broke that rule.

    Easy solution - pull their business license for a year.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:Verification by Anonymous Coward · · Score: 0

      The fault was 100% on linux.org
      The admin let the DNS laps for 7 MONTHS, so it simply became available for purchase by anyone.
      Its hardly a sneaky hijacking when there is apparently no one at the wheel at linux.org

    2. Re:Verification by Anonymous Coward · · Score: 0

      The fault was 100% on linux.org
      The admin let the DNS laps for 7 MONTHS, so it simply became available for purchase by anyone.
      Its hardly a sneaky hijacking when there is apparently no one at the wheel at linux.org

      In TFS:
        "As for how it was hacked, [Linux.org owner Mike] McLagan blames the public Whois displaying his partner's email address -- presumably the hacker worked their way into the Yahoo email account listed as the admin of the site and from there requested a password change in her Network Solutions account to gain access to the domain."

  13. Re:Hotmail? by AmiMoJo · · Score: 1, Interesting

    Gmail, because it supports really good 2 factor auth. There is even an extra secure mode that blocks some normal Google account use and requires two FIDO keys.

    Hotmail also supports 2 factor via a Microsoft account. Yahoo, I don't know.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  14. Re: And the NSFW pic is ... by Anonymous Coward · · Score: 0

    I'm not going to look at it, but the filename suggests it I can safely assume it's goatsex.

  15. Re:Hotmail? by Ol+Olsoc · · Score: 1

    It wasn't author of the CoC's email address that was used for the DNS records, it was the site owner.

    You are correct. That summary is just plain wrong.

    I am a victim of assuming that there would be some relation between the site referenced and the Slashdot summary. But I should know better.

    Mike McLagan is the administrator of Linux.org. not the owner as described in the summary.

    Michelle McLagan is the owner of Linux.org. Not mentioned anywhere in the summary.

    She - although unnamed - is called "his partner" in the summary. Whether this means Significant Other type partner or business partner is not immediately clear. Doesn't matter much, but another example of garbled writing.

    But yes, the creator of the CoC is one Coraline Ehmke. Who is trying to get rid of meritocracy which she considers misogynist, and replacing it with credentials based on "humanity."

    I was definitely incorrect, except that I stand by my assertion that a Yahoo email address is in itself a security risk. Mea culpas all around.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  16. Where are the kids parents? by thegarbz · · Score: 1

    G3T 0WNED L1NUX N3RDZ

    Why isn't this child being supervised while on the internet?

    1. Re: Where are the kids parents? by Anonymous Coward · · Score: 0

      We're snickering alongside them, n00bz.

  17. Here is a screenshot by paulpach · · Score: 2

    If you want to see what it looked like, here you go (NSFW)

    Is it wrong that I just laughed for 10 mins?

    The manhunt is on for the owner of that hairy asshole.

  18. So, when is the hack going to be serious ? by dargaud · · Score: 0

    One day such hack will redirect archive.ubuntu.org (or other) to a repository of hacked updates and millions of linux users will get massively hacked with no hope of cleaning up. As a linux user and admin I hope it won't happen, but I'm surprised it hasn't happened yet.

    --
    Non-Linux Penguins ?
    1. Re:So, when is the hack going to be serious ? by Anonymous Coward · · Score: 1

      Famous computer guy Ken Thompson said in 1984:

      "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."

      So there is the warning issued over 30 years ago, and published, so every computer scientist must know this. Still computers and software can't be trusted. And the trustworthiness is becoming worse, with CPUs willing to leak secrets, and operating systems and application software being designed to collect secrets and report them to others.

      In the face of this situation, computers are becoming even more widespread. They have become critically important to critical infrastructure. Pretty much all computers are made in China. There could be a natural disaster or civil war in China, that shuts off the supply of computers to the whole world.

      The only people who seem to be taking this seriously is the Russian govt. They stopped using computers for important jobs. They switched to using typewriters and filing cabinets and pieces of paper.

    2. Re:So, when is the hack going to be serious ? by Anonymous Coward · · Score: 0

      > They stopped using computers for important jobs. They switched to using typewriters and filing cabinets and pieces of paper.

      what do you mean in "switched"? more likely they just did not start using computers for processing top secret info

    3. Re:So, when is the hack going to be serious ? by dissy · · Score: 3, Informative

      One day such hack will redirect archive.ubuntu.org (or other) to a repository of hacked updates and millions of linux users will get massively hacked with no hope of cleaning up.
      As a linux user and admin I hope it won't happen, but I'm surprised it hasn't happened yet.

      This is why the software packages are digitally signed by a key pair that the OS verifies against its keystore.

      Even if archive.ubuntu.org was hijacked and pointed to a web server setup to serve the same package files, the signature wouldn't match if so much as a single bit was changed in the package, and your OS wouldn't install it.

      Hijacking DNS would give the attacker no access what so ever to the real archive.ubuntu.org or whatever machine has their HSM hardware plugged into it, and so no ability to sign packages.

    4. Re:So, when is the hack going to be serious ? by Anonymous Coward · · Score: 0

      If they pulled this trick when a remote exploit is found and before you get a chance to update, they might be able to prevent their target from updating and gain access without divulging who the targets were.

  19. Here is the problem by Anonymous Coward · · Score: 0

    After a lot of back and forth with our registrar, we were able to get things back under our control.

    Right there lies the problem. The registrars do not know their clients and when the sh!+ hits the fan, they go all defensive, quote privacy at you and in effect side with the hackers who hijacked the site! Registrars need to be held to a much higher and stricter standard, worldwide. I lost a site I had for a decade because the host was being merged into a larger business, something went wrong and it seems they were internally hacked. Then they cut all access and emailing support went into robo-reply hell, only.

    PS - libel laws need to be loosened so in the above I could freely name and shame the bastards.

  20. TempleOS is beautiful by Anonymous Coward · · Score: 0

    Terry's TempleOS torn apart mind would have been better understood, if you'd knew about his childhood. For example his words about people 'They Glow In The Dark'. Terry A Davis lived among the Klux Klux Klan when he was a young child. That was in Texas. All people around a camp fire in the night glow. Especially people with a white costume, and the unfortunately soul, that the KKK ritually sacrifices in their beliefs. It forced his parents to move away from Texas and Dallas. With an open question, why did Terry return to the place as a homeless person anyway. Now Terry is dead officially. A little train accident.
    https://youtu.be/qKptDKVpA7s

  21. Re:Hotmail? by Anonymous Coward · · Score: 0

    It does say something that the creator of Linux's Code of Conduct is using a Yahoo email address. That is the realm of the computer inept, the land of passwords like password1, or 1234567.

    I think the problem (haven't yahooed in a long time) is the policy of password recovery and naivety of providing authentic answers to [hometown, school, first car, pet's name]. In the past my pet was always "password recovery dog".

  22. Re: Hotmail? by Anonymous Coward · · Score: 0

    Yahoo does 2FA now. Ironically, my 17-year-old Yahoo email isn't the one I'm getting sextortion emails on... that would be Gmail.

  23. The Problem Has Been Identified by Anonymous Coward · · Score: 0

    and from there requested a password change in her Network Solutions account

    Why the fuck would you give anything of importance to a woman? They know shit about security or anything involving tech.

    You did this to yourself you dumbfucks.

  24. Yahoo again by Anonymous Coward · · Score: 0

    Anybody using Yahoo services in this day and age is foolish. Yahoo transmits your contacts in the clear, and their services are very poor. Using Yahoo services (any of them) is like being on a ship adrift at sea ... Do not do it.