Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Security Linux Attackers Didn't Know What They Had 183

Trailrunner7 writes "The attack that compromised some high-value servers belonging to — but not the Linux kernel source code — may have been the work of hackers who simply got lucky and didn't realize the value of the servers that they had gotten their hands on. The attackers made a couple of mistakes that enabled the administrators at to discover the breach and stop it before any major damage occurred. First, they used a known Linux rootkit called Phalanx that the admins were able to detect. And second, the attackers set up SSH backdoors on the compromised servers, which the admins also discovered. Had the hackers been specifically targeting the servers, the attack probably would've looked quite different." A few blog posts in the wake of the attack have agreed with the initial announcement; while it was embarrassing, the integrity of the kernel source is not in question.
This discussion has been archived. No new comments can be posted. Attackers Didn't Know What They Had

Comments Filter:
  • Wishful thinking? (Score:0, Interesting)

    by Anonymous Coward on Saturday September 03, 2011 @03:25PM (#37297686)

    My philosophy has always been: once a machine has been compromised, all bets are off. Let's say you're paranoid enough: couldn't you just as easily argue that the "mistakes" that have been detected are simply misdirection, drawing attention away from the real hack (eg. backdoor inserted in the kernel)? How sure can you really be that the kernel source integrity is intact?

  • Re:Or maybe (Score:2, Interesting)

    by Anonymous Coward on Saturday September 03, 2011 @03:34PM (#37297738)

    Or maybe, just maybe, the hackers wanted to appear that they didn't realize what they had gotten their hands on. I'm not trying to cause any tinfoil hats to come out, but I would still check everything.

  • Re:Spin (Score:5, Interesting)

    by Rogerborg (306625) on Saturday September 03, 2011 @04:35PM (#37298048) Homepage

    We totally hadn't detected any intrusion!

    Uh... then we did.

    But we totally haven't detect any meddling with the sources


  • by Anonymous Coward on Saturday September 03, 2011 @06:05PM (#37298658)

    You should read this article: []

    If that description from late 2010 (less than a year ago!) is still accurate, there is almost no infrastructure at all. In case you refuse to read it for yourself, let me quote to you from it:

    In total the infrastructure uses 12 servers worldwide.

    Unless you're a high school kid who has only ever managed a VPS instance running Linux for some shitty Ruby on Rails site, a mere 12 servers should seem like absolutely nothing to you. Most professional sysadmins will manage hundreds to even thousands of times that number of servers.

  • Detection?? (Score:2, Interesting)

    by Anonymous Coward on Sunday September 04, 2011 @08:07AM (#37301846)

    With Chkrootkit having seen its last update sometime 2009 and RK Hunter also being on the backburner, how does one even check these days for rootkits and other nasties like it? Suggestions?

Dinosaurs aren't extinct. They've just learned to hide in the trees.