Categories: Breaking NewsCyber CrimeHacking

Data Breach – Hackers violated a server at Linux Australia

The organization Linux Australia revealed that one of its servers was hacked. The personal data of conference attendees might have been exposed.

Linux Australia revealed a data breach occurred on March 22, according to the organization attackers may have accessed personal details of conference attendees.

Linux Australia is an organization that represents nearly 5,000 Australian users and developers of free and open source software. The experts discovered the data breach a couple of days later, on March 24, following the investigation on a number of error reporting emails sent by a Conference Management (Zookeepr) hosting server.

According to the investigators, the hackers have exploited an unknown vulnerability to trigger a remote buffer overflow and obtain full control of the server hosting the information.

The server compromised by attackers hosts data related previous editions of the PyCon Australia and linux.conf.au conferences organized by the Linux Australia.

“It is the assessment of Linux Australia that the individual utilised a currently unknown vulnerability to trigger a remote buffer overflow and gain root level access to the server. A remote access tool was installed, and the server was rebooted to load this software into memory. A botnet command and control was subsequently installed and started. During the period the individual had access to the Zookeepr server, a number of Linux Australia’s automated backup processes ran, which included the dumping of conference databases to disk.” wrote Joshua Hesketh, president of Linux Australia.

The president of Linux Australia highlighted that there is no clear evidence that the hackers have stolen personal information, the records available in the archive of the organization include name, physical addresses, email addresses, phone numbers, and hashed passwords.

The organization clarified that no financial information was exposed in the data breach because the Linux Australia uses a third party payment system.

“The payment processing process on the Zookeepr system was specifically designed to send minimal information to the payment gateway, and as a result only receive back a payment success or failure code. All other payment details are handled by the payment provider’s systems. Therefore, credit card information was not disclosed,” Hesketh noted.

The experts suspect that the attackers were interested in the personal information of attendees to conduct further targeted attacks.

Linux Australia has immediately started its incident response procedures and announced improvements to its architecture.

The compromised server hosted data related to the 2013, 2014 and 2015 editions of the conferences, for this reason Linux Australia urges PyCon and linux.conf.au attendees to change their passwords, especially if the users share the same credentials with multiple web services.

Pierluigi Paganini

(Security Affairs – Linux Australia, data breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.