Hackers cracked kernel.org
01.09.11, 11:55, Msk
Hackers attacked the main website of developers of operating system kernel Linux and managed to make harmful changes to files. At the same time there was one more loud event: the Dutch company allowed penetration of malefactors into the network and could not prevent leak of 200 digital certificates.
As you know to fans of Linux, there are two types of hackers: good guys – they develop the free software, such as Linux kernel, and bad guys – the cracking softwares of computers.
At the beginning of this month bad guys paid back with a good undesirable visit. They got on the website Kernel.org, the main website supporting existence of the Linux project. They managed to get the root-ovy access to the server known as Hera and to compromise "a number of servers in infrastructure of kernel.org". The message about cracking appeared on Wednesday on the website kernel.org.
Site administrators knew of the arisen problem on Sunday, and soon they detected a set of traces of cracking on servers. Some files were changed, the malware is added to the scenario of start of the server, some user data are stolen.
Owners of Kernel.org contacted law enforcement agencies in the USA and Europe. Now there is a reinstallation of infrastructure of the website and clarification of the reasons of an event.
For cracking of a system hackers probably stole the user credentials. Now the website does replacement of passwords and the SSH keys (Secure Shell) for each of 448 project participants.
Kernel.org is the place where distributors of Linux load the source code for widely used operating system kernel. It is said in the statement of kernel.org that even with root-ovy access to the hacker it will be difficult imperceptible to implement a malicious code in Linux kernel: the mechanism of change control of the Linux system creates a cryptographic hash of each file at the time of its publication. Therefore as soon as the component of a core Linux was written and published in Kernel.org, "it is impossible to change imperceptibly old versions", says Kernel.org.
Such method of a compromise – disturbing sign. In January the servers used within the Fedora project (community of developers of the version of Red Hat Enterprise Linux) were cracked. Approximately in the same time the website of other software developer open source – SourceForge was cracked.
Continuing the list of similar events, it should be noted one more which the Dutch company with reference to a confidential source announced: in the middle of July hackers got access to network of DigiNotar company (certificate authority) where they could catch more than 200 digital certificates SSL, including for the websites Mozilla, Yahoo and the Tor project.
Google reported on Tuesday that the false certificate issued by DigiNotar company was used for tracking the people who are in Iran during visit of Gmail. Counterfeit credentials for "a number of domains" were made owing to cracking of security of systems, DigiNotar upon an incident noted. The fraudulent certificate was received on July 10, but it became clear only on Monday. Google did not report how these certificates were long used.
Johnathan Nightingale, the development director of Firefox of Mozilla company, noted that release of fraudulent certificates for the website addons.mozilla.org DigiNotar announced in July and also their canceling in several days. "In the absence of complete data on incorrectly issued certificates from DigiNotar, the Mozilla command reacted quickly and to protect our users, deleted DigiNotar from a root of the considered certificates", - Nightingale emphasized.
According to Van de Lu (Van de Looy), the chief consultant of Madison Gurkha company, now analysts of Fox-IT company study the DigiNotar servers. The company attracted Fox-IT to carrying out audit of the systems and investigation of July cracking.