Linux repository Infiltrated by Hackers

Linux repository Infiltrated by Hackers, a site that distributes Linux source kernels, has suffered a breach of security according to a leaked email by Chief Administrator John Hawley. It is believed multiple infected servers were compromised as early as 12th Aug 2011 and the breaches were discovered on 28th Aug 2011. released a statement confirming intruders had gained root access to at least one server. The intruders reportedly gained access to the server with compromised user credentials, but it is not known how they obtained root access from there.

Files belonging to SSH were modified and running live. A Trojan was also added to the start-up scripts and all user interactions were logged, possibly compromising usernames and passwords.

The infected servers have been taken offline with backups made pending further investigation and full analysis on the code in Git. All servers will have full reinstalls and the respective authorities in Europe and the United States have been notified.

One major advantage in the case of vis-a-vis typical software repositories is that the Git version control system is used to manage the entire development lifecycle of kernel packages. Each version of every package has its own cryptographically secure SHA-1 hash calculated, which changes as the package does. This creates a development history for each package, making it impossible to introduce changes without them being noticed. is working with the 448 users of to change their credentials and change their SSH keys. They are also carrying out a full audit on security policies to make more secure. has assured their users and the public that they are pursuing all avenues to find the attackers and prevent future infiltrations.

To read the full announcement from, please click here.

News for Past 12 Months