This follows, and is believed to be related to, the hack on a number of servers in the Kernel.org infrastructure back in August. This site was also strategically taken offline “in the interest of extreme caution and security best practices” according to a note left on all the affected websites by the Linux Foundation.
The Hacker News believes that the Phalanx rootkit was used to gain root access to Kernel.org systems. The Linux Foundation says that “while we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure”. They also advise users to take precautions as with any intrusion and “should consider the passwords and SSH keys that you have used on these sites compromised.”
The team at Linux is working hard to get all the sites back online but their approach is understandably cautious. In FAQ’s added to the holding page note the Foundation says that “services will begin coming back online in the coming days.”
It seems that Linux has learnt a lot from Sony’s mishandling of their hack – delays in releasing information and then the revelation that passwords were stored in plaintext. The FAQ’s specifically answer this latter point reassuring users that they did not store passwords in plaintext. However, they also warn that this does not mean the passwords cannot be cracked using a “brute force attack” and echo earlier comments that if those passwords are used by its users elsewhere they should be changed
While investigations are still ongoing, the Linux Foundation is currently not revealing any information on what they have found out about the source of the attack.
Linux will by no means be the last high profile company to suffer a security breach, though the way they have handled it sets a great benchmark.