Sign up for our Technology Newsletter 
The Linux Kernel Got Hacked
Servers that are part of the Linux kernel.org infrastructure were affected during a recent intrusion where attackers managed to gain root access and plant Trojan scripts.
According to an email sent out to the community by kernel.org chief administrator John Hawley, known as warthog9, the incident started with the compromise of a server referred to as Hera. The personal colocated machine of Linux developer H Peter Anvin (HPA) and additional kernel.org systems were also affected.
“Upon some investigation there are a couple of kernel.org boxes, specifically hera and odin1, with potential pre-cursors on demeter2, zeus1 and zeus2, that have been hit by this,” Hawley wrote.
The intrusion was discovered on 28 August and according to preliminary findings attackers gained access by using a set of compromised credentials. They then elevated their privileges to root by exploiting a zero-day vulnerability that the kernel.org administrators have yet to identify.
Fortunately, logs and parts of the exploit code were retained and will help the investigation. A Trojan was added to the startup scripts of affected systems, but gave itself away through Xnest /dev/mem error messages.
According to the kernel.org admins, these error messages have been seen on other systems as well, but it’s not clear if those machines are vulnerable or compromised. “If developers see this, and you don’t have Xnest installed, please investigate,” the administrators advised.
The good news is that the exploit failed on systems running the latest Linux kernel version, 3.1-rc2, which was released two weeks ago. This is possibly the fortunate consequence of one of the bugfixes it contains.
Accused Hacker Out On Bail In England
Comments Off on Accused Hacker Out On Bail In England
The accused ‘Topiary’, whose name is Jake Davis, was charged on Sunday and bailed by the courts yesterday. He was charged with five offences: Unauthorised access to a computer system, Encouraging or assisting offences, Conspiracy with others to carry out a Distributed Denial of Service Attack on the website of the Serious and Organised Crime Agency, Conspiracy to commit offences of Section 3 Computer Misuse Act 1990, and Conspiracy with others to commit offences of Section 3 Computer Misuse Act 1990 contrary to Section 1 of the Criminal Law Act 1977.
According to a report at the Guardian, his bail conditions are that Davis must wear an electronic tag, not access the internet, and not leave his house between 10pm and 7am.
Davis, who appeared outside court wearing sunglasses and holding a copy of “Free Radicals: The Secret Anarchy of Science” by Micheal Brooks and who allegedly authored the Rupert Murdoch is dead story that appeared on the hacked web site of the Sun newspaper, has already gained support on the internet in general and especially on Twitter.
SpyEye Poses Risk To Banking Defenses
Financial institutions are facing more trouble from SpyEye, a piece of malicious software that steals money from customers online bank accounts, according to new research from security vendor Trusteer.
SpyEye is a dastardly piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.
In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.
Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.
SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying to mimic — albeit in an automated way — how a real person would navigate a website.