Linux repository attacked by cyber criminals

By Stuart Sumner
01 Sep 2011 View Comments
Linux penguin logo

Cyber attackers have breached several servers that house the Linux source code, modifying files, monitoring user activity and uploading their own malware.

Despite the breach at, administrators of the site have said that the source code will ultimately be unaffected due to the unusual way in which the code is referenced.

Further reading

"Cracking is likely to cause far less damage than the cracking of typical software repositories. That's because kernel development takes place using the git distributed revision control system, designed by Linus Torvalds," administrators wrote on the site.

"[This means that] for each of the nearly 40,000 files in the Linux kernel, a cryptographically secure SHA-1 hash is calculated to uniquely define the exact contents of that file. Git is designed so that the name of each version of the kernel depends upon the complete development history leading up to that version. Once it is published, it is not possible to change the old versions without it being noticed."

They added that the fact that the files are also distributed among many external kernel developers and users means that any malicious change would be noticed as they performed updates.

"Those files and the corresponding hashes exist not just on the machine and its mirrors, but on the hard drives of each several thousand kernel developers, distribution maintainers, and other users of

"Any tampering with any file in the repository would immediately be noticed by each developer as they updated their personal repository, which most do daily."

The attackers also added a trojan startup file to the system startup scripts, in an effort to distribute malicious software to the site's users.

System administrators have taken the compromised servers offline and are creating backups and performing reinstalls. They have also launched an investigation into the attack to find out how it happened.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %