Monday, 05 September 2016 06:24

Linux project mum after man indicted for 2011 breach Featured


The Linux Kernel Organisation, the non-profit that manages development of the kernel, is still reluctant to make any statement about a breach of its servers that took place more than five years ago, despite the fact that a man from South Florida has been charged with being responsible for the intrusion.

The same man, named as Donald Ryan Austin by the US Attorney's Office in the Northern District of California, was also charged with gaining unauthorised access to the servers of the Linux Foundation, an organisation that employs Linux creator Linus Torvalds.

Asked for a response to the development, senior kernel developer Greg Kroah-Hartman told iTWire: "The process is not complete yet, so sorry, I do not have any comment at this point in time."

The breach of the kernel servers was noticed on 28 August 2011. The Foundation break-in was noticed on 8 September the same year.

Austin made an initial appearance in federal court in Miami on 29 August. He was released on bond on 1 September and his next court appearance is scheduled for 21 September in San Francisco.

According to an official statement, Austin could face up to 40 years in jail, on four separate charges.

It said Austin, 27, was taken into custody during a traffic stop on 28 August following a four-count indictment returned by a federal grand jury in the Northern District of California on 23 June and unsealed on 30 August.

The statement said: "Austin is charged with causing damage to four servers located in the Bay Area by installing malicious software. Specifically, he is alleged to have gained unauthorised access to the four servers by using the credentials of an individual associated with the Linux Kernel Organisation.

"According to the indictment, Austin used that access to install rootkit and trojan software, as well as to make other changes to the servers. Austin is charged with four counts of intentional transmission causing damage to a protected computer..."

The indictment says Austin managed to steal the credentials of Linux kernel project chief systems administrator John Hawley and installed a rootkit and a trojan on servers which would send the credentials of anyone who logged in via SSH to him.

It lists three servers known as Odin1, Zeus1 and Pub3, all of which Austin is accused of breaching. When the Linux kernel project announced the breach, it said this had been through a server known as Hera which is not mentioned in the indictment.

The indictment also charges Austin with having connected to the personal mail server of Peter Anvin, a senior developer and a member of the Linux Foundation Technical Advisory Board.

It appears that Austin would probably have gained access to the Linux Foundation servers from Anvin's machine, though the indictment does not mention this.

It says that the breach of the Linux kernel project servers would have occurred beginning on 11 August. The project took 17 days to notice this, a fact that has been made public.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments