Linux – recently hacked but unlikely the O/S builds were affected

Some time in August, the repository for the Linux kernel, got hacked. The breach was discovered on August 28. Based on what we know now, it appears unlikely that any of the source code was changed, but the admins are doing a thorough review in order to confirm this and to strengthen security.

The attacker appears to have gained access to a standard user account and somehow elevated credentials to root access. How he did this we don’t know yet.  He made several other changes, including modifying some SSH-related files, logging user interactions and adding a trojan to the startup scripts.

As horrible and embarrassing as this sounds, it is highly unlikely that the actual kernel source was changed. The source code is managed by git, a distributed revision control system designed by Linus Torvalds. Git maintains SHA-1 hashes of each of the 40,000 files in the project and names the files based on the complete development history. The hashes are stored in multiple servers. It’s impossible to make changes without being noticed.