​Florida Man Arrested for Allegedly Hacking Key Linux Servers

He's charged with breaking into servers belonging to the Linux Kernel Organization and the Linux Foundation
September 2, 2016, 12:25pm
Image: Shutterstock

A computer programmer from South Florida was arrested last week for allegedly hacking into servers related to the Linux operating system, the Department of Justice announced on Thursday. The case acts as a reminder that even the websites that host and distribute the operating systems our devices run on can be targeted by hackers.

Donald Ryan Austin, 27, is charged with four counts of "intentional transmission causing damage to a protected computer" after allegedly hacking the Linux Kernel Organization and the Linux Foundation in 2011. The Linux Kernel Organization runs the site kernel.org, which distributes the Linux kernel; the heart of the operating system. The Linux Foundation is another group that supports kernel.org.

Advertisement

"Specifically, he is alleged to have gained unauthorized access to the four servers by using the credentials of an individual associated with the Linux Kernel Organization," the DOJ press release reads.

One of Austin's goals, according to the government, "was to gain access to the software distributed through the www.kernel.org website"—namely, the Linux kernel

According to the indictment, in around August 2011 Austin used credentials belonging to "J.H.," a system administrator likely referring to John Hawley, to gain access to servers belonging to the Linux Foundation and Linux Kernel Organization.

Austin allegedly broke into several named servers, including "Odin1," "Zeus1," and "Pub3," as well as Linux Kernel Organization founder Peter Anvin's private email server, and installed the "Phalanx" rootkit—a backdoor that would allow him to connect to the infected computer and install additional software on the target—and the "Ebury" trojan, which harvested credentials of those logging into the infected computer. He also allegedly used his unauthorized administrative privileges to insert messages that would display when the servers restarted.

Image: screenshot of the indictment filed against Austin

One of Austin's goals, according to the government, "was to gain access to the software distributed through the www.kernel.org website"—namely, the Linux kernel, which is used in computers and other devices all over the world.

Back at the time of the attack, The Register reported that the administrators believed the repositories used to store Linux source code were unaffected by the hack.

From the court documents, it is not clear how much actual damage Austin allegedly caused, or whether he managed to tamper with any of that code.

Read More: Hackers Distributed a Backdoored Version of Linux Through an Official Site

A more recent case shows that hackers have had some success at manipulating Linux downloads, leading to victims inadvertently compromise their own computers: In February, a hacker broke into the website for Linux Mint, a particularly popular distribution of Linux, and replaced the download for the operating system with their own. The hacker had modified this version of Linux Mint to turn victims' computers into part of a botnet under his control.