Around five years after unknown hackers gained unauthorized access to multiple kernel.org servers used to maintain and distribute the Linux operating system kernel, police have arrested a South Florida computer programmer for carrying out the attack.
Donald Ryan Austin, a 27-year-old programmer from of El Portal, Florida, was charged Thursday with hacking servers belonging to the Linux Kernel Organization (kernel.org) and the Linux Foundation in 2011, the Department of Justice announced on Thursday.
The Linux Kernel Organization runs kernel.org servers for distributing the Linux operating system kernel, which is the heart of the operating system, whereas the Linux Foundation is a separate group that supports kernel.org.
According to an indictment [PDF] unsealed by federal prosecutors on Monday, Austin managed to steal login credentials of one of the Linux Kernel Organization system administrators in 2011 and used them to install a hard-to-detect malware backdoor, dubbed Phalanx, on servers belonging to the organization.
But what made the breach much significant? It’s the open-source operating system that’s being used by Millions of corporate and government networks worldwide.
Using the Phalanx malware, Austin allegedly installed Ebury – a Trojan designed for Linux, FreeBSD or Solaris hacking – on a number of servers run by the Linux groups, which helped him gain access to the login credentials of people using the servers.
Austin allegedly infected Linux servers, including "Odin1," "Zeus1," and "Pub3," which were leased by the Linux Foundation for operating kernel.org. He also hacked the personal email server of Linux Kernel Organization’s founder Peter Anvin.
Austin is also accused of allegedly using his unauthorized admin privileges to insert messages into the system that would display when the servers restarted.
According to prosecutors, Austin’s motive for the intrusion was to gain early access to Linux software builds distributed through the www.kernel.org website.
Bad Luck! Hacker Arrested while Breaking Traffic Rules
This security breach forced the Linux Foundation to shut down kernel.org completely while a malware infection was cleared up, and rebuild several of its servers. Miami Shores Police stopped Austin while breaking traffic rules on August 28 and then arrested after identified as a suspect in 2011 case.
Austin is charged with 4 counts of "intentional transmission causing damage to a protected computer." He was released from jail on a bond of $50,000 provided by the family of his girlfriend.
Judge has ordered Austin to stay away from the Internet, computers, and every type of social media or e-mail services, due to his "substance abuse history."
Austin is scheduled to appear in San Francisco federal court on September 21 before the Honorable Sallie Kim, and if found guilty, he faces a possible sentence of 40 years in prison as well as $2 Million in fines.