Not for the first time in its illustrious history, hackers recently chanced their collective arm by launching an attack on the Kernel.org Linux repository last month. The offensive used a Trojan in an attempt to ultimately make changes to the source code of the Linux kernel itself.
Quite why hackers would target the chalice held dear to many developers’ hearts is, arguably, harder to understand than any other “hack” — given that hackers typically fall into the more code-aware segments of the global user community.
Linux (as we know) is free and loved by countless individuals and organisations alike. So for many of us, the initial reaction to this news was perhaps confusion – isn’t this code fanatics cutting off their nose to spite their own faces?
Of course hackers are not developers. The hackers in this case used an off-the-shelf Trojan, so the protagonists in question were probably mere script kiddies with all the military precision and sophistication of London’s recent maladjusted rioters.
Linus Torvals himself has said before that because the Linux kernel is so distributed on so many thousands of computers, there is no single “kernel tree” and therefore no true single point of failure. The “Git” distributed revision control system was key in this instance (as it has been before) to keeping the kernel safe says it maintainers.
Writing on text-sharing website Pastebin, chief Kernel.org administrator John ‘Warthog9’ Hawley said, “As you can guess from the subject line, I’ve not had what many would consider a “good” day.”
“Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified and running live. These have been uninstalled and removed, all processes were killed and known good copies were reinstalled. That said all users may wish to consider taking this opportunity to change their passwords,” he added.
Notes on kernel.org homepage itself specify that the group is taking steps to enhance security across the kernel.org infrastructure. Notes also detail the following, “Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.”
As the title of this blog suggests, this type of action sorts the script kiddies from the developers and thankfully, the collective expertise of the open source community at this level (and the distributed nature of the kernel) will almost certainly keep the cyber rioters down in the gutter where they belong.