The Kernel.org website – home to the Linux project and the primary repository for the Linux kernel source code – sports a warning notifying its users of a security breach that resulted in the compromise of several servers in its infrastructure.
The discovery was made on August 28th, but according to the current results of the investigation mounted by the site’s team, the break-in seems to date back to August 12 or even earlier.
The attackers are thought to have gained root access on a server via a compromised user credential, and to have escalated their privileges from there. How did they managed to do that, it is still unknown.
After having done that, they proceeded to modify files belonging to ssh (openssh, openssh-server and openssh-clients) and add a Trojan to the system start up scripts so that it would run every time the machine was rebooted.
Luckily for everyone, the Linux kernel source code is unlikely to have been tampered with.
The 448 users of the site have been notified of the breach and have been advised to change their login credentials and SSH keys.
According to the notice, US and Europe authorities have been notified about the breach and asked to help with the investigation. The administrators have, in the meantime, proceeded to take the servers offline and reinstall them, and to make a thorough analysis of the code within Git (the distributed revision control system) in order to make absolutely sure that nothing was modified.