It is around five years since unidentified hackers gained unauthorized access to some kernel.org servers that are used to distribute and maintain the Linux operating system.
This hacking case is one of the high profile hacks in the world. It is reported that anybody who downloaded the kernel files during the period could have been compromised.
The Linux Foundation is a nonprofit organization that aids the kernel.org website. The primary purpose of kernel.org website is to host the repositories used by Linux kernel maintainers and developers of different Linux distributors.
The good news is that the hacker has finally been arrested! The authorities are convinced that they have their man (the person responsible for the hacking) after five years.
The 2011 hacking attack
In August 2011, the developers and maintainers at kernel.org noted a huge security breach. The Intruders gained root access by hacking the system and adding a Trojan to the startup scripts.
Allegedly, the hacking attempt forced the developers to shut down kernel.org, reinstall all the servers and launched a prompt investigation to determine the origin of this attack.
Needless to say, the Linux servers that were compromised stayed offline for almost one month, while the server administrators worked hard to ensure that the attacker hadn’t left big surprises in the system.
Reportedly, the hacker’s primary objective was to gain access and seemingly tamper with the software distributed through the www.kernel.org.
The arrest
On August 28, 2016, 27-year old Donald Ryan Austin, a South Florida-based computer programmer, was arrested by the police officers of the Miami Shores Police Department for allegedly hacking into the servers relating to Linux OS, the justice department announced.
The police arrested Donald during a traffic stop for violation of traffic rules. The hacking case reminds us that even the official websites that host the operating systems we use on our devices can be a target for hackers.
Ryan Donald is charged with hacking and causing damage to four servers belonging to kernel.org and the Linux Foundation.
More specifically, the hacker is alleged to have stolen the login credentials of one of the administrators of the Linux Kernel Organization and used them to install malicious software on the servers, dubbed Phalanx, which is otherwise hard to detect.
Further, he installed a rootkit on the servers and made other unauthorized changes. He also used his hacking skills to insert spam messages that would display anytime the servers restarted.
He is charged with causing damage to a protected computer system, in violation of 18 U.S.C. § 1030(a)(5)(A). Austin appeared in the federal court in Miami, FL on 29th August 2016 but he was released on a cash bail of $50,000 which was provided by the family of Ryan’s girlfriend.
Meanwhile, the judge ordered that the hacker should stay away from all computers, the Internet, email services, and social media, due to what is termed as, “substance abuse history.”
The hacking geek will appear in court (San Francisco federal court) this September on 21st. Honorable Salim Kim will preside over the hacking case and if Austin is found guilty, he may face the following sentence;
- A possible jail term of 40 years.
- A fine of $2 million.
In the United States of America and virtually in any state, all defendants are innocent until proven guilty. The prosecution of this case will be a result of an investigation carried by the federal bureau of investigation.
However, the court documents do not show clearly the extent of the damage Austin Ryan caused on the Linux Kernel. It is not clear whether he managed to change the source code.
The court documents only show that the hacker stole the credentials of one of the Linux servers’ admin and installed the Phalanx malware. With the help of the Phalanx, he installed the Ebury Trojan, which is specifically designed for Linux, Solaris Hacking or FreeBSD, onto the servers run by Linux.org.
Consequently, he managed to harvest numerous login credentials of individuals using these servers.
The world will have to wait until 21, September 2016 to know where the fate of Donald Ryan Austin lies.
Is he the man responsible for the 2011 Linux Kernel hacking? Is he going to serve a 40-year sentence in prison, pay a $2 million fine or both? We will have to wait and see what happens.
The bottom line
Hacking cases have made the headlines in the past decade. Computer systems are now vulnerable to hacking attack than ever.
Appropriate measures should be taken to ensure that greater security is achieved, and sensitive data is protected.