Main Linux Kernel Site Hacked

At the core of all Linux based operating systems is the Linux kernel, which is developed by a global community of developers, with the website as a key piece of infrastructure. maintainers admitted on Wednesday that their infrastructure had been hacked via a compromised user credential. According to’s disclosure, the attackers were able to modify files as well as add a Trojan startup file. isn’t pushing the panic button, however, thanks to the inherent security of the overall Linux kernel development process.

“The Linux community and take the security of the domain extremely seriously, and are pursuing all avenues to investigate this attack and prevent future ones,” stated. “However, it’s also useful to note that the potential damage of cracking is far less than typical software repositories.”

The Linux kernel is developed with the git distributed version control system which includes a SHA-1 cryptographic for each file in the kernel. Since the system is also distributed across the global community of kernel contributors, any changes are supposed to be easily identified.

“Any tampering with any file in the repository would immediately be noticed by each developer as they updated their personal repository, which most do daily,” stated.

While the impact of the attack is limited, developers did not immediately discover the attack. The attack was uncovered on August 28th by maintainers but, in an email sent by maintainer John ‘Warthog9’ Hawley to users, he admitted the break-in occurred no later than August 12th. That means that community was unaware of the attack for at least 17 days.

Hawley noted that as many as five servers including their hera, odin1, demeter2, zeus1 and zeus2 boxes were hit by the exploit.

“At this time we do not know the vector that was used to get into the systems, but the attackers had gained root access level privileges,” Hawley wrote. is now working with their users to issue new SSH keys and credentials. They are also working on auditing the overall system to see how to make more secure overall.

The breach isn’t the first time Linux infrastructure has been attacked. Back in 2008, there was breach in the Fedora Linux infrastructure that delayed the release of Fedora 10. Going back even further, Debian Linux was hacked in 2003.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Related articles