Open Source Insider

Sep 5 2011   12:41PM GMT

Hacking Linux sorts the script kiddies from the developers

Adrian Bridgwater Adrian Bridgwater Profile: Adrian Bridgwater


Not for the first time in its illustrious history, hackers recently chanced their collective arm by launching an attack on the Linux repository last month. The offensive used a Trojan in an attempt to ultimately make changes to the source code of the Linux kernel itself.

Quite why hackers would target the chalice held dear to many developers’ hearts is, arguably, harder to understand than any other “hack” — given that hackers typically fall into the more code-aware segments of the global user community.

Linux (as we know) is free and loved by countless individuals and organisations alike. So for many of us, the initial reaction to this news was perhaps confusion – isn’t this code fanatics cutting off their nose to spite their own faces?

Of course hackers are not developers. The hackers in this case used an off-the-shelf Trojan, so the protagonists in question were probably mere script kiddies with all the military precision and sophistication of London’s recent maladjusted rioters.


Linus Torvals himself has said before that because the Linux kernel is so distributed on so many thousands of computers, there is no single “kernel tree” and therefore no true single point of failure. The “Git” distributed revision control system was key in this instance (as it has been before) to keeping the kernel safe says it maintainers.

Writing on text-sharing website Pastebin, chief administrator John ‘Warthog9’ Hawley said, “As you can guess from the subject line, I’ve not had what many would consider a “good” day.”

“Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified and running live. These have been uninstalled and removed, all processes were killed and known good copies were reinstalled. That said all users may wish to consider taking this opportunity to change their passwords,” he added.

Notes on homepage itself specify that the group is taking steps to enhance security across the infrastructure. Notes also detail the following, “Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.”

As the title of this blog suggests, this type of action sorts the script kiddies from the developers and thankfully, the collective expertise of the open source community at this level (and the distributed nature of the kernel) will almost certainly keep the cyber rioters down in the gutter where they belong.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: