nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Bloke accused of Linux kernel.org hack nabbed during traffic stop

Possible 40 years in the Big House for 2011 infiltration of open-source world's servers

By Iain Thomson, 2 Sep 2016

A man who allegedly hacked the Linux Kernel Organization's kernel.org and the Linux Foundation's servers has been collared by cops.

Donald Ryan Austin, 27, of El Portal, Florida, will appear in court in San Francisco later this month. He is accused of four counts of "intentional transmission causing damage to a protected computer." The charges were filed in absentia against Austin.

It is alleged his hacking spree forced the two Linux groups to shut down completely to clean up a malware infection. Austin was stopped on Thursday this week by police in Miami Shores for a traffic offense – and was arrested when he identified himself.

Court documents [PDF] claim that in 2011, Austin managed to steal the credentials of one of the Linux server admins and used these to install the Phalanx malware, a self-injecting kernel rootkit designed for the Linux 2.6 branch that hides files, processes and sockets and includes tools for sniffing a TTY program.

Using Phalanx, he is also accused of installing the Ebury trojan, which is designed for Linux, FreeBSD or Solaris hacking, onto numerous servers run by the groups. This harvested login credentials of people using the servers and forwarded them to the attacker.

Austin's goal, according to the prosecution, was to "gain access to the software distributed through the www.kernel.org website," presumably to tamper with it. He is also accused of leaving messages on the system for others to find, and of hacking the personal email server of one member of the Linux Foundation.

Some of the Linux servers were offline for almost a month, while administrators picked over files to make sure that the attacker hadn't left any more nasty surprises in there. It took over five years of sleuthing to find out who could have been responsible, and now the Feds think they have their man.

Austin was released from jail on payment of $50,000 in bail money, and will have to appear in court in San Francisco at 0930 on September 21 before the Honorable Sallie Kim. If found guilty, he faces a possible sentence of 40 years in prison and $2m in fines. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing