A man from El Portal, Florida was arrested for gaining unauthorized access to the kernel.org (Linux Kernel) servers. According to the court, the hacker Ryan Austin used credentials to the servers of what appears to be an employee associated with the Linux Organization.
The organization’s network administrators have detected the unauthorized login and have notified the authorities. The FBI took over this investigation, and they have eventually discovered that there were also attempts by Austin to modify the configuration files of the servers and have had installed malware such as rootkits and Trojan horses on a server based in Bay Area.
The agents behind the investigation eventually tracked down the tracks of the intrusion, and they let to Ryan Austin, who was arrested on August 28, 2016.
The suspect Ryan Austin was indicted to possibly face a 10-year solitary confinement as well as a fine of $250000.
Is This The Same Hacker Behind the 2011 Attack?
This is similar to the 2011 kernel.org hack which resulted in the successful installation of the Phalanx Rootkit infection with other Trojans able to steal passwords as well as perform other malicious activities. This time, the hack was relatively the same and the cyber-criminal attempted the same actions, suggesting that it may have been Austin who did the hack.
There hasn’t been much fuzz since this accident has happened, besides that the hack was found half a month later.
What is known from back then is that during that time, there was access to several machines that were used to distribute the Linux OS, according to officials. The consequences of the hack were that the attackers were able to track down anyone using these servers and what they do. Not only this but besides the servers Hera and Odin1 the hackers were able to access a senior developer’s personal machines as well. It is not disclosed as to what extent the data was stolen, but other computers within the kernel.org network may have also become victims of this attack.
What About The Future?
The good news for this situation is that Linux Kernel has learned from their mistakes and this time they have caught the attacker. However, it remains a mystery whether this was just Austin or there were other attackers as well since multiple computers were attacked. So far the big question remains is whether or not this is going to be the end of those type of trojan and rootkit attacks against Linux Kernel. The reality is with this attack and other attacks, like the Fairware ransomware, Linux becomes increasingly bigger target for malware writers espeicially when it comes to servers.