4chan finds Linux kernel flaw for attacks

4chan finds Linux kernel flaw for attacks

Summary: Online activists have said that they have unearthed a zero-day Linux kernel vulnerability which they intend on using in pending attacks against anti-pirate organisations.

SHARE:
TOPICS: Piracy, Legal, Security
5

update Online activists have claimed that they have unearthed a zero-day Linux kernel vulnerability which they intend on using in pending attacks against anti-pirate organisations.

ACAPOR, hacked

The ACAPOR site after the hack (Screenshot by Darren Pauli/ZDNet Australia)

One activist speaking to ZDNet Australia over Internet Relay Chat said that the exploit provides hackers with root administration access to Linux servers.

According to the activists, the new kernel vulnerability has already been used to hack and deface the website of the ACAPOR, a Portuguese anti-piracy agency that had become a target of the group's Operation Payback campaign in which the group had launched coordinated Distributed Denial of Service (DDoS) attacks against several copyright enforcement agencies.

The activists said that they had stolen thousands of emails in the attack and posted them to torrent site The Pirate Bay. A web redirect was also inserted on the ACAPOR website to point visitors to The Pirate Bay.

The activist that ZDNet Australia spoke to said that details of the flaw had been disclosed to Linux founder Linus Torvalds, but added that the group intends to use the vulnerability to hack the websites of anti-piracy organisations in the coming days before Torvalds can release a patch.

ZDNet Australia contacted Torvalds for confirmation of the flaw. He had not responded at the time of writing.

The activist said that the group will not disclose the kernel flaw to avoid the risk of websites being hacked and asked ZDNet Australia to withhold technical specifications.

The claimed exploit pertains to the way Linux implements the TCP/IP stack and Internet Protocol Version 6.

KISS frontman Gene Simmons has been the latest victim to have his website attacked by a DDoS attack under the Operation Payback campaign, following his statements at a media event that users who infringe copyright should be sued.

"Make sure your brand is protected … make sure there are no incursions. Be litigious. Sue everybody. Take their homes, their cars. Don't let anybody cross that line," Simmons said.

The KISS fan site reported that Simmons had warned the hackers after the attacks that the FBI has identified some culprits and will publicly list their details and "sue their pants off".

"First, they will be punished. Second, they might find their little butts in jail, right next to someone who's been there for years and is looking for a new girlfriend. We will soon be printing their names and pictures," he reportedly said.

UK pop singer Lily Allen was previously targeted and her website attacked after criticising illegal file sharing for the financial loss it visited on small artists.

Updated at 9:01am, 19 October 2010: the article had included claims that Andrew Auernheimer, otherwise known as weev, was involved in discovering the exploit. He has since denied any involvement.

Topics: Piracy, Legal, Security

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Did you bother to fact check any of this garbage? I talked to weev, Goatse had nothing to do with this. You're an idiot and fail at journalism. Please retract this dribble before you clean out your desk.
    scatman-d2af4
  • Dude, you should have contacted at least one source before you published this, Weev has already refuted this claim on the Full Disclosure mailing list, see http://seclists.org/fulldisclosure/2010/Oct/251
    Gary Niger
  • Just so you know anything you write is going to be highly scrutinized now so you better watch it. Not only did you cause mass panic by announcing a bug that doesn't exist, you gave the credit to a group made up from a picture board.
    OrderZero
  • Hopefully this is a lesson to never, ever trust anyone from 4chan. They troll because it amuses them. But I've heard that regular journalists check their sources before publishing anyway. That might be a prudent approach for future reference.
    tekhammer
  • OrderZero, you're always involved in bullshit like commenting on things like these, here and on IRC, instead of sharpening your coding skills.

    Great j0b.
    tfaggot