Linux repository attacked by cyber criminals

Kernel.org has suffered a security breach, and a trojan was added to the system startup scripts

Cyber attackers have breached several servers that house the Linux source code, modifying files, monitoring user activity and uploading their own malware.

Despite the breach at Kernel.org, administrators of the site have said that the source code will ultimately be unaffected due to the unusual way in which the code is referenced.

"Cracking kernel.org is likely to cause far less damage than the cracking of typical software repositories. That's because kernel development takes place using the git distributed revision control system, designed by Linus Torvalds," administrators wrote on the Kernel.org site.

"[This means that] for each of the nearly 40,000 files in the Linux kernel, a cryptographically secure SHA-1 hash is calculated to uniquely define the exact contents of that file. Git is designed so that the name of each version of the kernel depends upon the complete development history leading up to that version. Once it is published, it is not possible to change the old versions without it being noticed."

They added that the fact that the files are also distributed among many external kernel developers and users means that any malicious change would be noticed as they performed updates.

"Those files and the corresponding hashes exist not just on the kernel.org machine and its mirrors, but on the hard drives of each several thousand kernel developers, distribution maintainers, and other users of kernel.org.

"Any tampering with any file in the kernel.org repository would immediately be noticed by each developer as they updated their personal repository, which most do daily."

The attackers also added a trojan startup file to the system startup scripts, in an effort to distribute malicious software to the site's users.

System administrators have taken the compromised servers offline and are creating backups and performing reinstalls. They have also launched an investigation into the attack to find out how it happened.