The ripple effects of an August attack on the website kernel.org washed up on the Linux Foundation last week, forcing the group to take down its Web site and warn users that their account information may have been compromised.
A message posted on the Foundation’s Web site, linux.com, over the weekend said the Linux Foundation online infrastructure, including Linux.com and LinuxFoundation.org and subdomains are down for maintenance following a breach discovered on September 8. The Foundation said breach was believed to be connected to the intrusion at kernel.org.
“We are in the process of restoring services in a secure manner as quickly as possible,” the Foundation said. Users were told to assume that any passwords and SSH (Secure Shell) keys used on Linux.com and LinuxFoundation.org were compromised. “If you have reused these passwords on other sites, please change them immediately,” the Linux Foundation warned.
However, the Foundation said that it did not host either the Linux kernel or any Linux code repositories, so users should not assume those had been affected by the attack.
As Threatpost reported, attackers compromised servers at kernel.org on August 12. The servers compromised housed source code for the linux kernel, and attackers were able to modify files and log user activity on the machines. It was assumed that the Linux code repositories were not affected by the attack.
Though the compromise of systems holding the source code for the linux operating system could have serious consequences for the countless organizations that use Linux to power their servers and desktop systems, security experts inside and outside the Linux Foundation have expressed skepticism that the attack on kernel.org was designed to gain access to the code repositories. The behavior of the attackers instead suggests that the attack that compromised the source code repositories may have been carried out by low level attackers who weren’t aware of the value of the systems they compromised.