Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux.org's DNS Got Hijacked (linux.org)

Posted by EditorDavid on from the content-mismanagement-systems dept.

Linux.org reports: Wednesday afternoon around 5pm EST someone was able to get into the registrar account for our domain and point DNS to another server -- as well as lock us out from changing it. They pointed the domain name to a pretty rude page for most of the evening until Cloudflare stepped in and blocked the domain for us.

After a lot of back and forth with our registrar, we were able to get things back under our control. I'd like to point out that our server environment was not touched so there are no worries about your data. We've gone over security protocols and are tightening things up that may have slipped through in the past. Thanks for your support!
Linux.org apparently pointed to a page exclaiming "G3T 0WNED L1NUX N3RDZ", which also included a NSFW picture, some abusive language, a shout-out to recently-deceased programmer Terry Davis, and a link to an article about Linus Torvalds' controversial apology for "his hostile behavior towards others in the community."

Long-time Slashdot reader Grady Martin says he also saw the page pointing to "presumably doxed info" about the creator of Linux's code of conduct, a fact confirmed by a report in the Register. "As for how it was hacked, [Linux.org owner Mike] McLagan blames the public Whois displaying his partner's email address -- presumably the hacker worked their way into the Yahoo email account listed as the admin of the site and from there requested a password change in her Network Solutions account to gain access to the domain."

13 of 62 comments (clear)

  1. It's now sunday. by BlacKSacrificE · · Score: 5, Funny

    It took 4 days for the hacking of one of the biggest tech community sites on the internet to land on /.? Really? We gunna see a story about the Falcon 9 water landing next Friday?

    --
    [Sorry, this signature is unavailable in your country/region]
    1. Re: It's now sunday. by Anonymous Coward · · Score: 2, Funny

      Sorry. My mom grounded me and changed the wifi password.

    2. Re: It's now sunday. by jd · · Score: 2

      I visit it regularly. Ok, that's because I actually am a nerd and many here are only here to scream at each other or use mod points as an offensive weapon.

      It's fairly obvious that the attack was by one of the alt-right morons we seem to be infected with, who aren't interested in the community unless they can hijack it.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    3. Re:It's now sunday. by AmiMoJo · · Score: 2, Interesting

      Because someone was doxed it was probably best to wait until they had at least removed that information. Not point amplifying the doxing.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:It's now sunday. by thegarbz · · Score: 3, Funny

      It took 4 days for the hacking of one of the biggest tech community sites on the internet to land on /.? Really? We gunna see a story about the Falcon 9 water landing next Friday?

      I know right? Record time for Slashdot.

    5. Re: It's now sunday. by Aighearach · · Score: 2

      They're called neckbeards. The whole "alt-right" movement was birthed by a neckbeard, wizard, hot grits, and a fertility spell gone awry.

      It all started here, Grampy.

  2. social engineering by hunter44102 · · Score: 2

    Looks like social engineering attacks still work in 2018, and Linux / community is not immune to it. There is no organization or company that can't be fooled if they believe the person/email/account is legit. The email address of high access users is capable of lots of damage even if temporary

  3. Yahoo.... by TFlan91 · · Score: 4, Insightful

    I'm sorry, if you still have a Yahoo email that controls anything of value, you're an idiot and this is well deserved.

  4. Re:Hotmail? by DontBeAMoran · · Score: 2

    Yahoo
    Hotmail
    Gmail

    Which one really is safer?

    --
    #DeleteFacebook
  5. Re:Hotmail? by Ol+Olsoc · · Score: 2

    Yahoo Hotmail Gmail

    Which one really is safer?

    Running a number of Sigs, my experience is that if someone is hacked, the odds that they are using a Yahoo email account is pretty overwhelming.

    It does say something that the creator of Linux's Code of Conduct is using a Yahoo email address. That is the realm of the computer inept, the land of passwords like password1, or 1234567.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  6. Verification by jd · · Score: 4, Interesting

    DNS hijacking has been a problen in the past, resulting in DNS registrars swearing blind that they'll never again change ownership without verfying ownership over the phone.

    NS obviously broke that rule.

    Easy solution - pull their business license for a year.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  7. Here is a screenshot by paulpach · · Score: 2

    If you want to see what it looked like, here you go (NSFW)

    Is it wrong that I just laughed for 10 mins?

    The manhunt is on for the owner of that hairy asshole.

  8. Re:So, when is the hack going to be serious ? by dissy · · Score: 3, Informative

    One day such hack will redirect archive.ubuntu.org (or other) to a repository of hacked updates and millions of linux users will get massively hacked with no hope of cleaning up.
    As a linux user and admin I hope it won't happen, but I'm surprised it hasn't happened yet.

    This is why the software packages are digitally signed by a key pair that the OS verifies against its keystore.

    Even if archive.ubuntu.org was hijacked and pointed to a web server setup to serve the same package files, the signature wouldn't match if so much as a single bit was changed in the package, and your OS wouldn't install it.

    Hijacking DNS would give the attacker no access what so ever to the real archive.ubuntu.org or whatever machine has their HSM hardware plugged into it, and so no ability to sign packages.