Main Linux Kernel Site Hacked

At the core of all Linux based operating systems is the Linux kernel, which is developed by a global community of developers, with the website as a key piece of infrastructure. maintainers admitted on Wednesday that their infrastructure had been hacked via a compromised user credential. According to’s disclosure, the attackers were able to modify files as well as add a Trojan startup file. isn’t pushing the panic button, however, thanks to the inherent security of the overall Linux kernel development process.

“The Linux community and take the security of the domain extremely seriously, and are pursuing all avenues to investigate this attack and prevent future ones,” stated. “However, it’s also useful to note that the potential damage of cracking is far less than typical software repositories.”

The Linux kernel is developed with the git distributed version control system which includes a SHA-1 cryptographic for each file in the kernel. Since the system is also distributed across the global community of kernel contributors, any changes are supposed to be easily identified.

“Any tampering with any file in the repository would immediately be noticed by each developer as they updated their personal repository, which most do daily,” stated.

While the impact of the attack is limited, developers did not immediately discover the attack. The attack was uncovered on August 28th by maintainers but, in an email sent by maintainer John ‘Warthog9’ Hawley to users, he admitted the break-in occurred no later than August 12th. That means that community was unaware of the attack for at least 17 days.

Hawley noted that as many as five servers including their hera, odin1, demeter2, zeus1 and zeus2 boxes were hit by the exploit.

“At this time we do not know the vector that was used to get into the systems, but the attackers had gained root access level privileges,” Hawley wrote. is now working with their users to issue new SSH keys and credentials. They are also working on auditing the overall system to see how to make more secure overall.

The breach isn’t the first time Linux infrastructure has been attacked. Back in 2008, there was breach in the Fedora Linux infrastructure that delayed the release of Fedora 10. Going back even further, Debian Linux was hacked in 2003.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Latest articles

XDR Emerges as a Key Next-Generation Security Tool

Corporate networks are complex, and so is the myriad of cybersecurity solutions that protect them. Trying to manage all the security tools in a...

Best Encryption Tools & Software for 2020

Enterprises can invest in state of the art threat defenses like next-gen firewalls, microsegmentation and zero trust tools, but even the very best tools...

SASE: Securing the Network Edge

Dramatic growth in Internet of Things (IoT) devices and external users have forced IT departments to move storage and processing functions closer to the...

Kaspersky vs. Bitdefender: EDR Solutions Compared

Kaspersky and Bitdefender have very good endpoint security products for both business and consumer users, so they made both our top EDR and top...

Related articles


Please enter your comment!
Please enter your name here