4chan finds Linux kernel flaw for attacks

Online activists have said that they have unearthed a zero-day Linux kernel vulnerability which they intend on using in pending attacks against anti-pirate organisations.

update Online activists have claimed that they have unearthed a zero-day Linux kernel vulnerability which they intend on using in pending attacks against anti-pirate organisations.

ACAPOR, hacked

The ACAPOR site after the hack (Screenshot by Darren Pauli/ZDNet Australia)

One activist speaking to ZDNet Australia over Internet Relay Chat said that the exploit provides hackers with root administration access to Linux servers.

According to the activists, the new kernel vulnerability has already been used to hack and deface the website of the ACAPOR, a Portuguese anti-piracy agency that had become a target of the group's Operation Payback campaign in which the group had launched coordinated Distributed Denial of Service (DDoS) attacks against several copyright enforcement agencies.

The activists said that they had stolen thousands of emails in the attack and posted them to torrent site The Pirate Bay. A web redirect was also inserted on the ACAPOR website to point visitors to The Pirate Bay.

The activist that ZDNet Australia spoke to said that details of the flaw had been disclosed to Linux founder Linus Torvalds, but added that the group intends to use the vulnerability to hack the websites of anti-piracy organisations in the coming days before Torvalds can release a patch.

ZDNet Australia contacted Torvalds for confirmation of the flaw. He had not responded at the time of writing.

The activist said that the group will not disclose the kernel flaw to avoid the risk of websites being hacked and asked ZDNet Australia to withhold technical specifications.

The claimed exploit pertains to the way Linux implements the TCP/IP stack and Internet Protocol Version 6.

KISS frontman Gene Simmons has been the latest victim to have his website attacked by a DDoS attack under the Operation Payback campaign, following his statements at a media event that users who infringe copyright should be sued.

"Make sure your brand is protected … make sure there are no incursions. Be litigious. Sue everybody. Take their homes, their cars. Don't let anybody cross that line," Simmons said.

The KISS fan site reported that Simmons had warned the hackers after the attacks that the FBI has identified some culprits and will publicly list their details and "sue their pants off".

"First, they will be punished. Second, they might find their little butts in jail, right next to someone who's been there for years and is looking for a new girlfriend. We will soon be printing their names and pictures," he reportedly said.

UK pop singer Lily Allen was previously targeted and her website attacked after criticising illegal file sharing for the financial loss it visited on small artists.

Updated at 9:01am, 19 October 2010: the article had included claims that Andrew Auernheimer, otherwise known as weev, was involved in discovering the exploit. He has since denied any involvement.