Monday, 05 September 2016 06:24

Linux project mum after man indicted for 2011 breach Featured

By

The Linux Kernel Organisation, the non-profit that manages development of the kernel, is still reluctant to make any statement about a breach of its servers that took place more than five years ago, despite the fact that a man from South Florida has been charged with being responsible for the intrusion.

The same man, named as Donald Ryan Austin by the US Attorney's Office in the Northern District of California, was also charged with gaining unauthorised access to the servers of the Linux Foundation, an organisation that employs Linux creator Linus Torvalds.

Asked for a response to the development, senior kernel developer Greg Kroah-Hartman told iTWire: "The process is not complete yet, so sorry, I do not have any comment at this point in time."

The breach of the kernel servers was noticed on 28 August 2011. The Foundation break-in was noticed on 8 September the same year.

Austin made an initial appearance in federal court in Miami on 29 August. He was released on bond on 1 September and his next court appearance is scheduled for 21 September in San Francisco.

According to an official statement, Austin could face up to 40 years in jail, on four separate charges.

It said Austin, 27, was taken into custody during a traffic stop on 28 August following a four-count indictment returned by a federal grand jury in the Northern District of California on 23 June and unsealed on 30 August.

The statement said: "Austin is charged with causing damage to four servers located in the Bay Area by installing malicious software. Specifically, he is alleged to have gained unauthorised access to the four servers by using the credentials of an individual associated with the Linux Kernel Organisation.

"According to the indictment, Austin used that access to install rootkit and trojan software, as well as to make other changes to the servers. Austin is charged with four counts of intentional transmission causing damage to a protected computer..."

The indictment says Austin managed to steal the credentials of Linux kernel project chief systems administrator John Hawley and installed a rootkit and a trojan on servers which would send the credentials of anyone who logged in via SSH to him.

It lists three servers known as Odin1, Zeus1 and Pub3, all of which Austin is accused of breaching. When the Linux kernel project announced the breach, it said this had been through a server known as Hera which is not mentioned in the indictment.

The indictment also charges Austin with having connected to the personal mail server of Peter Anvin, a senior developer and a member of the Linux Foundation Technical Advisory Board.

It appears that Austin would probably have gained access to the Linux Foundation servers from Anvin's machine, though the indictment does not mention this.

It says that the breach of the Linux kernel project servers would have occurred beginning on 11 August. The project took 17 days to notice this, a fact that has been made public.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments