Oh No, Kernel.org was Hacked

by Ostatic Staff - Aug. 31, 2011

A notice appeared on www.kernel.org today informing visitors that the servers housing the Linux kernel source code had been hacked earlier this month. The breach was discovered yesterday and maintainers believe the source code itself is unaffected.

The notice continues with details as they are known at this point. Apparently, intruders gained root access through compromised user credentials. The exact method is still unknown at this time, but it appears that the OpenSSH files were hacked and running live. A trojan was added to the startup files and errors from a referenced program not installed on the server signaled the breach.

In response servers have been pulled and are getting reinstalls. Full audits of the source are being conducted. Users with access to the server are having their credentials and SSH keys changed. Security audits are also being conducted to identify any vulnerabilities and policies are being enhanced.

The unknown poster at kernel.org stresses that the Git system, designed by Linus Torvalds himself, is highly secure and any changes in the code would trigger an alarm immediately. So, in essence, Linux itself is okay. Jon Corbet, talented kernel developer, has an extensive explanation of how and why our beloved kernel is safe and sound. Corbet states:

Kernel.org may seem like the place where kernel development is done, but it's not; it's really just a distribution point. So when we say that we know the kernel source has not been compromised on kernel.org, we really know it.