Linux "kernel.org" 2 years since the cracking incident occurred, the survey report was unpublished

ByKenneth Rougeau

Going back now Two years ago on September 2, 2011, I released an archive of the Linux kernel "Kernel.orgThe server ofIt suffered from invasion of Trojan horseIt was announced. In this case that the server providing the Linux code source was contaminated, the investigation report has not been released yet in 2013 after 2 years since the incident occurred.

Who rooted kernel.org servers two years ago, how did it happen, and why? | Ars Technica
http://arstechnica.com/security/2013/09/who-rooted-kernel-org-servers-two-years-ago-how-did-it-happen-and-why/


The incident on August 28, 2011,One mailIt was discovered from multiple testimonies and was published on the Web site on September 2. The infection occurred somewhere before August 12 and it is clear that the infection status continued for more than 16 days. With this attack, it became apparent that multiple machines including "Hera" and "Odin 1" of kernel.org were infected, kernel.org stopped the corresponding server and installed all clean installations became.

ByTorkild Retvedt

After that, the site was reopened on 5th October of the same year and restored .... In this case, it is still this case that "Who", "How" "How many machines have entered" and "What did it" clearly It is not done.

Azimuth securityDan Rosenberg, senior security researcher at the company, said, "I think that users are a bit disappointed that transparency is not seen in the aftermath measures, I think as one of the users. It is impossible to say that it is impossible to clarify the extent of negligence in the cause of this incident unless it is not possible. "

Be a developer of the Linux kernelGreg Crow-Hartman"We have not completed the investigation yet and we are not yet planning to publish the report yet." At the same time, "Since the intruder could not tamper with the source code, Linux was compiled Tens of thousands of systems will not be affected "Preliminary research reportIt also makes clear that there is absolutely confidence in the content of.

The change record of the system is managed by the tracking system called "Git", and it is recorded in the log file which is distributed and stored around the world when the change is made. Therefore, even if the log modification is done in a specific place, it is understood that it is illegal tampering. "After the incident, kernel.org's system has been rebuilt from scratch and new tools and methods are introduced," while Claust-Hartman avoided commenting on details.

ByDan Anderson.

However, the evidence that the backdoor "backdoor" to the system and the evidence that a malicious code was secretly written has not been found, and this case that the security of the world's leading software development organization broke through is a major concern I am dropping it.Large scale hacking by national levelAndAn unknown backdoor capable of cyber attack on a silicon chip is discoveredIt is said that it is necessary to clarify what has been done, having high transparency, because it is an era in which the unique case of the cyber era dominates the world.

ByMartin Eckert