ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Hackers break into Linux Foundation

By | September 11, 2011, 5:23am PDT

Summary: LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

Just weeks after the kernel.org Linux archive site suffered a hacker attack, the Linux Foundation has pulled its websites from the web to clean up from a “security breach.”

A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

“The LinuxFoundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org,” the group said.

More from the Linux Foundation announcement:

We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.

We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.

The kernel.org site is still offline after that compromise which was discovered on August 28th.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Hacker, Linux, UNIX, Operating Systems, Open Source, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
87
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Hackers break into Linux Foundation
techadmin.cc@... 18th Sep
@facebook@...

After a little Googling, I found an article dated September 1, 2010 regarding the original kernel.org breech that states: "Investigations into the breach have determined that the attacker penetrated the site using a compromised user account."

The recent linux.org breeches are believed to be due to the original kernel.org breech. Do you expect Linux should be secure against authenticated logins?
View in thread
0 Votes
+ -
That can't be right
facebook@... 11th Sep
Those were Linux Servers. The Safest OS in the world -- someone staked their reputation on it, in fact.
0 Votes
+ -
RE: Hackers break into Linux Foundation
Peter Perry 11th Sep
@facebook@... Seriously? Windows Servers were hacked repeatedly for years, Apple themselves had been compromised in the past... This is just normal growing pains of any OS.

If you honestly believe that something is incapable of hatching then you're the one not dealing in reality.

And for the Record, I like Android but typically run Windows and OS X.
0 Votes
+ -
And his point went right over your head.
ye Updated - 11th Sep
@Peter Perry: Seriously? Windows Servers were hacked repeatedly for years, Apple themselves had been compromised in the past... This is just normal growing pains of any OS.

We know this. However the way the Linux fanboys tell it, one in particular, you get the opposite impression. Hence facebooks post.
0 Votes
+ -
RE: Hackers break into Linux Foundation
Rabid Howler Monkey Updated - 11th Sep
@Peter Perry wrote:
"This is just normal growing pains of any OS.

What're you talking about?! Linux just had it's 20-year birthday party this past year. And it's said to be the market share leader in the server market (at least by the Linux fans).

hatching?
0 Votes
+ -
RE: Hackers break into Linux Foundation
kethler 12th Sep
@Peter Perry
I've got a computer in my office that is UnHackable. It is turned off, unplugged, and sitting in a box. - lol
0 Votes
+ -
No, they couldn't have been Linux Servers
toddybottom 11th Sep
@facebook@...
The fact that they were hacked proves something far more serious:
The Linux Foundation is hosted on Windows IIS.
0 Votes
+ -
RE: Hackers break into Linux Foundation
facebook@... 11th Sep
@toddybottom I hear what you are saying, but I checked netcraft. Alas, their front end servers were running Linux. I am truly aghast -- Shocked, Shocked I tell you that this could have occurred.
0 Votes
+ -
RE: Hackers break into Linux Foundation
sjaak327 12th Sep
@toddybottom

They should have ran Iis, nowadays it's safe, rock solid and modular, who needs Apache ?
0 Votes
+ -
RE: Hackers break into Linux Foundation
Pete "athynz" Athens 11th Sep
@facebook@... Ahh yes, where IS Dietrich? Where IS my Linux Advocate? Because I was told that this sort of thing could never ever happen with a Linux system.
0 Votes
+ -
RE: Hackers break into Linux Foundation
belli_bettens@... 12th Sep
@Pete "athynz" Athens
The same thing popped my mind the moment I read the title :-p +1
0 Votes
+ -
RE: Hackers break into Linux Foundation
spicycheeks 11th Sep
@facebook@...
Hey lets not turn against one guy about what happened...

It *will* look like you were waiting for something this to happen to a linux server to make fun of him, which you do not intend though.
0 Votes
+ -
RE: Hackers break into Linux Foundation
rick@... 12th Sep
@spicycheeks I think everyone WAS waiting for this to happen. There are too many Linux Dorks here (DTS, Linux Geek, etc.) who are constantly spouting off about how this kind of thing is IMPOSSIBLE with Linux. They insist that only Windows is suceptible to attack. They flat out deny reality every single day.

Now it is time for the more sensible folks around here to have a laugh and make fun of the Linux Dorks who have "staked their reputation" on claims that this sort of thing could NEVER happen with Linux.

Rick
0 Votes
+ -
RE: Hackers break into Linux Foundation
linuxforhumanbeing 12th Sep
@facebook@...
It seems ur a facebook fan.. but linux hater.. but u know facebook also runs on linux server??
0 Votes
+ -
RE: Hackers break into Linux Foundation
Pete "athynz" Athens 12th Sep
@linuxforhumanbeing ...but u know facebook also runs on linux server??...

Classic misdirection attempt. We are not discussing Facebook servers but the servers at The Linux Foundation - a place where the Linux servers should be invulnerable to this sort of attack... provided that the hype spread here by Linux Advocates, Geeks, and fanboys was accurate.

There is a claim - or an allegation - that the "front door" was left open. Can you honestly tell me that The Linux Foundation - the mecca of Linux - actually left themselves vulnerable to hacking? Like I said to DTS someone at The Linux Foundation is an idiot for leaving the front door open or Linux is just as vulnerable as any other OS out there - and again I'm choosing the latter theory as nothing made by man is perfect or invulnerable. No, not even Linux.
0 Votes
+ -
RE: Hackers break into Linux Foundation
The Linux Geek 12th Sep
@facebook@...
that was an inside job sponsored by the axis of evil software. Main suspect is M$.
0 Votes
+ -
RE: Hackers break into Linux Foundation
BrewmanNH 12th Sep
@The Linux Geek
Can you link me to the company that goes by the name of M$ I searched and searched and could not find a single entity that uses that abbreviation.
0 Votes
+ -
RE: Hackers break into Linux Foundation
ItsTheBottomLine 12th Sep
@The Linux Geek - Smoke break is over, back to work, the fry buzzer is going off.
0 Votes
+ -
RE: Hackers break into Linux Foundation
Li1t 12th Sep
@facebook@... Someone could have re-used a password elsewhere, fallen foul to phishing, or stored an SSH key on another machine that was compramised. The servers were compramised, but the OS can only do so much before human error becomes the vector of choice for hackers.
0 Votes
+ -
This has never been an acceptable reason wrt Windows.
ye 12th Sep
@Li1t: The servers were compramised, but the OS can only do so much before human error becomes the vector of choice for hackers.

Why should it be acceptable wrt Linux?
0 Votes
+ -
RE: Hackers break into Linux Foundation
DevGuy_z 12th Sep
@facebook@... *nix servers (including linux) have been hacked for years. Nothing new here. If you look at security sites that list attacks you will find that Linux has been hacked many times. So has every other OS. It is just that Linux isn't vulnerable to the 100,000+ Windows malwares floating around.
0 Votes
+ -
RE: Hackers break into Linux Foundation
audidiablo 12th Sep
@DevGuy_z

Actually the only thing that is vulnerable to the "100,000+ Windows malwares" is a totally unpatched Windows XP machine without service packs. Seems you're not quite up to speed on Windows 7 or Windows Server 2008 R2... Come back to me with the number of vulnerabilities on that and we can talk.

Ktnxbai!
0 Votes
+ -
re: That can't be right
Tsingi 12th Sep
@facebook@... '''Those were Linux Servers. The Safest OS in the world -- someone staked their reputation on it, in fact.'''

They are the safest servers in the world. That doesn't mean they can't be hacked, anything can be hacked. Get back to me when you can buy time on a Linux Botnet.
0 Votes
+ -
RE: Hackers break into Linux Foundation
Rabid Howler Monkey 12th Sep
@Tsingi Here's some links to articles relating to Linux botnets (or, more accurately, botnet members) for your reading pleasure:

http://ask.metafilter.com/186778/Help-me-perform-forensics-on-a-Linux-botnet-member

This article is recent, from May, 2011, and the title says it all. A Linux botnet member?

http://www.techrepublic.com/blog/opensource/linux-botnet-discovery-points-to-lazy-administrators/917

This article (2009) proposes that when a Linux server is recruited into botnet service, it's the fault of a lazy sysadmin. Really? Perhaps, perhaps not, but it's probably best not to universally give users, DBAs and devs (web, app, OS, etc.) a bye. And what about an organizational security policy? And adequate funding to support it? Management?

"Linux botnets
http://lwn.net/Articles/222153/

In this article (2007), it is described how Linux [server] members of botnets (along with other varieties of *Nix) are recruited into the officer class (i.e., Command & Control).
0 Votes
+ -
RE: Hackers break into Linux Foundation
techadmin.cc@... 17th Sep
@all-the-idiots@...

You know... All the idiot fanboyism never ceases to amaze me. Not only from the commentators but from the editors themselves. I do appreciate the heads up on breaking technology news from my ZDNet subscription but it is so often reported with such outright deceptive and inflammatory bias that I find myself spending an undue amount of my time trying to set the record straight for those people who don't know any better. I could actually give a rats ass about trying to use facts or reason to sway some overzealous fanboy's preferred opinions. Facts and reason never stands a chance against zealotry.

I could easily predict what type of lunacy would spawn from this article and who the participants would be and what their positions would be. When addressing the idiots I don't need to name names. If the shoe fits...

As DTS has pointed out, and none of you idiots will acknowledge, there has been no reporting of facts on the attack vector used to breach the Linux Foundation. Even if the attack vector is one that reveals an inherent flaw in the Linux server OS it does not speak, in and of itself, as to the security or insecurity of the OS but you idiots are quick to start running off at the mouth about how Linux is not more secure than other OSes when this article offers absolutely no substantiating evidence that this security breach is even indicative of a flaw in the OS. For all we know it could be due a compromised password which is tantamount to a lost key to an otherwise secure lock and you idiots ignore this even when its pointed out to you and laugh and revel in the wishful thinking that this article backs up your bias. It doesn't.

I have spent twenty years in the IT industry supporting small businesses and end users on mostly MS platforms. Computer security to me means securing the OS and the data, not just from malicious activity by hackers but from the end users own computer illiteracy and from inevitable disaster due to component failure. That means that my job is to provide functional, affordable, systems that guarantee maximum productivity and uptime at minimal expense. A secure system is not just one that is secure from intrusion and malicious interference, it is one that is secure from data loss and OS corruption or can be restored to functionality quickly in the event that there is a problem. Windows is no match at all to Linux when it comes to these features. It is unfortunate that Windows use is so ubiquitous that it is difficult to impossible to convince a client to break out of that mono-culture even when there is a superior solution that can fulfill their needs. (I am not a fanboy and realize Linux and even windows does not and cannot fulfill every customers unique needs.) It does not help at all to have idiot editors, commentators and fanboys everywhere disseminating false and misleading information.

Linux is more secure in every sense of the term than Windows. Does that mean that it is completely secure? NO. But it is more secure by a demonstrably immense margin. Does that mean that everyone can and should use only Linux? NO. But if you idiots would stop spreading the FUD around that Linux is no more secure than Windows maybe more people would consider it as an alternative to the MS mono-culture that is unquestionably lacking in security in very sense of the term. And just maybe if MS had an actual competitor, you fanboys would get a better product out of them. Your attacks on the reputation of competing products hurts yourselves. Isn't hurting yourself the very definition of idiocy?
0 Votes
+ -
RE: Hackers break into Linux Foundation
techadmin.cc@... 18th Sep
@facebook@...

After a little Googling, I found an article dated September 1, 2010 regarding the original kernel.org breech that states: "Investigations into the breach have determined that the attacker penetrated the site using a compromised user account."

The recent linux.org breeches are believed to be due to the original kernel.org breech. Do you expect Linux should be secure against authenticated logins?
0 Votes
+ -
Security is a Process, Not a thing.
Dietrich T. Schmitz * Your Linux Advocate 11th Sep
You can leave a door unlocked at Fort Knox and they'll come in.

Good story Ryan.
0 Votes
+ -
RE: Hackers break into Linux Foundation
1773 11th Sep
@Dietrich T. Schmitz * Your Linux Advocate Where is your tagline Grandpa ???
0 Votes
+ -
Where were you when ..
thx-1138_@... 11th Sep
@1773 .. Microsoft was mass-breached a few years back?? When the Pentagon was hacked (count: various occasions)? When the White House was hacked (again, various occasions)?

The point is simple: any system that is built upon a man-made, computer-based code can be undone by a man-made, computer-based coded, bypass (aka hack).

Come back here with the smug, sanctimonious attitude when *you've* designed a 100%, hack-proof, foolproof, computer system.

Can you do that? No? Just what i thought ... and by the way, where's your tagline, wise@ss??
0 Votes
+ -
RE: Hackers break into Linux Foundation
1773 11th Sep
@thx-1138_@... Thanks for making my point. Just direct your reply to our Linux Advocate. I have never claimed and will never claim that any particular OS is secure (unlike our Linux Advocate). I was just pointing to DTS' hypocrisy. It's a security process when it comes to Linux but for all others it's an insecure OS. And when I called him Grandpa, he is of my grandfather's age and from where I come its a sign of extreme respect (unlike you where you resort to name calling).

PS: I don't have any tagline. You seem to be new here.
0 Votes
+ -
Doesn't change that Linux is a very secure OS
LiquidLearner 11th Sep
@1773

Plus, many comments relate to the desktop OSes. Linux gets hacked on a somewhat regular basis on the server side, although it's usually caused by lax update policies and Linux Admins under the impression that everything is safe. Although Windows usually deals with the same issues, easily the majority of security breaches by an modern OS are related to the users of the system. Until humans are removed from the equation (which is a very scary thought, btw) then there will always be some way for a breach.
0 Votes
+ -
Microsoft mass-breached??
honeymonster 11th Sep
@thx-1138_@...
When was that? Microsofts infrastructure has *never* been mass-breaches, much less totally and utterly root'ed like kernel.org and linux.com.

There was an incident some years back where a hcker claimed to have compromised microsoft. As proof he offered some age-old Windows 2000 source code. However, there was never anything to suggest he did actually compromise microsofts network.
0 Votes
+ -
Nor does the fact Windows gets hacked indicate it's an insecure OS.
ye Updated - 11th Sep
@LiquidLearner: Doesn't change that Linux is a very secure OS

You don't need to convince the Windows users that any OS, secure or not, can be hacked. It's the alternative operating system fanboys which haven't realized this.

Sadly, despite this example, we'll continue to see them recommend their alternatives the next time we see a hack on the Windows platform.
0 Votes
+ -
Microsoft Has Been Broken Into
CFWhitman 12th Sep
@honeymonster
I remember some hackers getting their hands on some source code for Windows a few years ago after hacking into Microsoft. It was a pretty well covered story. (Still, Microsoft will generally be tight-lipped about any breaches whereas kernel.org makes an announcement, so it's hard to know exactly to what extent any Microsoft breach went.) Any system can be broken into as soon as someone with access gets careless with a password. That's how the kernel.org breach happened, and this breach seems to be a result of that one.
0 Votes
+ -
Partner, not Microsoft.
ye 12th Sep
@CFWhitman: I remember some hackers getting their hands on some source code for Windows a few years ago after hacking into Microsoft.
0 Votes
+ -
RE: Hackers break into Linux Foundation
facebook@... 11th Sep
@Dietrich T. Schmitz * Your Linux Advocate

So, if anyone were to say, hypothetically, that "X" was the safest OS on the planet they would be an uninformed noob not worthy of being taken seriously then, right?
0 Votes
+ -
I'll put my PC up in the DMZ. Hack at it all day long.
Dietrich T. Schmitz * Your Linux Advocate 11th Sep
@facebook@...
Let's find out what the attack vector was before we get our trousers bunched up.
0 Votes
+ -
RE: Hackers break into Linux Foundation
facebook@... 12th Sep
@Dietrich T. Schmitz * Your Linux Advocate

Now you are just trolling for hits on your web site.
0 Votes
+ -
Who said the door was unlocked?
ye 11th Sep
@Dietrich T. Schmitz * Your Linux Advocate: You can leave a door unlocked at Fort Knox and they'll come in.

And I agree...leave it unlocked, as many Windows users / admins do, and you'll get hacked. Yet you've never recognize as much when it comes to Windows.
0 Votes
+ -
That is the beauty of coming up with your own analogy
facebook@... 11th Sep
@ye I could have just as easily stated that the only security for the bicycle was a twist tie.
0 Votes
+ -
We don't have confirmation of the attack vector
Dietrich T. Schmitz * Your Linux Advocate 11th Sep
@ye
There are various kinds--you know that of course.
Some are quite serious and belong mostly to Windows.

But you know, let's get some facts first--did someone make a mistake, or was there an actual hack--the devil is in the details.
0 Votes
+ -
See, there you go again.
ye 12th Sep
@Dietrich T. Schmitz * Your Linux Advocate: Some are quite serious and belong mostly to Windows.

This is the exact reason you're being addressed in this talk back.

But you know, let's get some facts first--did someone make a mistake, or was there an actual hack--the devil is in the details.

Now you want facts. When it comes to Windows you could care less about the facts. Instead you make statements to the effect of:

"Some are quite serious and belong mostly to Windows."
0 Votes
+ -
RE: Hackers break into Linux Foundation
ItsTheBottomLine 12th Sep
@ye OUCH!
0 Votes
+ -
RE: Hackers break into Linux Foundation
bitcrazed 11th Sep
@Dietrich T. Schmitz * Your Linux Advocate

Thank goodness this happened. At least now we won't be hearing any more of DTS' ridiculous and facetious claims about Linux being impenetrable.
0 Votes
+ -
I wouldn't count on it.
ye 11th Sep
@bitcrazed: At least now we won't be hearing any more of DTS' ridiculous and facetious claims about Linux being impenetrable.
0 Votes
+ -
Details are lacking here.
Dietrich T. Schmitz * Your Linux Advocate 11th Sep
@bitcrazed
If I can reach some reasonable conclusion as to how the attack occurred, I might be able to take a position.

Stupid is as stupid does.
0 Votes
+ -
RE: Hackers break into Linux Foundation
facebook@... 12th Sep
@Dietrich T. Schmitz * Your Linux Advocate

So why is it taking so long to get a post-mortem analysis on this? *That* sounds like a problem. "We don't know how this premier linux site was hacked, but you know - trust us, this is the safest OS in the world. I stake my reputation on it."
0 Votes
+ -
RE: Hackers break into Linux Foundation
Rabid Howler Monkey 11th Sep
@Dietrich T. Schmitz * Your Linux Advocate wrote:
"Security is a Process, Not a thing.

Good to know as many here say that Windows XP/2003 can't be secured.
0 Votes
+ -
But the door was locked and they still came in
John Zern 11th Sep
@Dietrich T. Schmitz * Your Linux Advocate
0 Votes
+ -
If the experts can't secure Linux, what hope do the rest of us have?
toddybottom 11th Sep
@Dietrich T. Schmitz * Your Linux Advocate
What you are saying is that the process of securing Linux is so complicated that not even the Linux experts are able to secure Linux against hackers?

Good to know. Since you've just admitted that not even the experts are good enough to secure Linux, people with lesser skills should definitely stay away.
0 Votes
+ -
Let's wait and see if Ryan can dig deeper for the details
Dietrich T. Schmitz * Your Linux Advocate 11th Sep
@toddybottom
of the attack vector. When we have that, I'll respond about why security is a process.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix