Linux.org Redirected to NSFW Page Spewing Racial Epithets

linux.org dns hijacking

Administrators lost control of the domain for several hours in a DNS hijacking incident.

The Linux organization said late Friday that its main domain, Linux.org, was hacked and defaced in a DNS hijacking incident.

The group said that someone was able to compromise the registrar account for the domain and point its DNS to another server — as well as lock administrators out from changing it back for several hours.

The hackers “pointed the domain name to a pretty rude page [NSFW] for most of the evening,” a Linux admin said in a posting.

That page was clearly built with someone with an axe to grind against Linux, declaring “G3T 0WNED L1NUX N3RDZ” along with a picture of a naked sphincter, abusive language containing a racial epithet (the “N-word”), a link to an article about Linus Torvalds’ controversial apology for his anger-management issues, a shout-out to late programmer Terry Davis, and a link to a Twitter page where the attackers took responsibility, showing screenshots of the hack.

“Yep ‘reregistered’ the domain,” one tweet noted.

The responsible party also apparently has an issue with transgender Linux developer Coraline Ada Ehmke. The Register reported that at some point during the incident, the attackers doxed her using the redirected page, and posted her email and home address along with other details.

Cloudflare eventually blocked the rogue server and returned Linux.org control to its proper owners.

“After a lot of back and forth with our registrar, we were able to get things back under our control,” the admin said. “I’d like to point out that our server environment was not touched so there are no worries about your data. We’ve gone over security protocols and are tightening things up that may have slipped through in the past.”

The compromise reportedly stemmed from the attackers brute-forcing a publicly available Yahoo email address that was displayed by the site’s WHOIS page as the administrator contact. That address was for Linux admin Mike McLagan’s partner, McLagan said on Reddit. He also admitted that multifactor authentication would have thwarted the attackers.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.