In August 2011, multiple servers used to maintain and distribute the Linux operating system kernel were infected with malware that gave an unknown intruder almost unfettered access. Earlier this week, the five-year-old breach investigation got its first big break when federal prosecutors unsealed an indictment accusing a South Florida computer programmer of carrying out the attack.
Donald Ryan Austin, 27, of El Portal, Florida, used login credentials belonging to a Linux Kernel Organization system administrator to install a hard-to-detect backdoor on servers belonging to the organization, according to the document that was unsealed on Monday. The breach was significant because the group manages the network and the website that maintain and distribute the open source OS that’s used by millions of corporate and government networks around the world. One of Austin’s motives for the intrusion, prosecutors allege, was to “gain access to the software distributed through the www.kernel.org website.”
The indictment refers to kernel.org officials P.A. and J.H., who are presumed to be Linux kernel developer H. Peter Anvin and kernel.org Chief System Administrator John “‘Warthog9” Hawley, respectively. It went on to say that Austin used the credentials to install a class of extremely hard-to-detect malware known as a rootkit and a Trojan that logs the credentials of authorized users who use the secure shell protocol to access an infected computer.
According to the indictment:
The defendant, DONALD RYAN AUSTIN (“AUSTIN”), used credentials belonging to an individual, J.H., to gain unauthorized access to servers belonging to the Linux Foundation, the Linux …