Hackers defaced Linux.org with DNS hijack

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings.

Attackers changed the defacement page a few times, they protested against the new Linux kernel developer code of conduct in a regrettable way with 
racial slurs and the image of an individual showing the anus.

The defacement page also includes links and a Twitter account (@kitlol5) believed to be under the control of the attacker.

The person who was operating the Twitter account posted a screenshot showing that they had access to the Network Solutions account of Michelle McLagan, who evidently owns linux.org, and modified the DNS settings.

“This evening someone got into my partner’s netsol account and pointed linux.org DNS to their own cloudflare account. The production env (web / db) wasn’t touched. DNS was simply pointing to another box.” 
one of the Linux.org admins wrote on Reddit.

“She’s working with netsol to prove ownership, etc.. and we’re hoping things will be cleared up in the morning.”

The hacker did not access the servers hosting Linux.org and user data were not compromised.

How to prevent this kind of incident?

Administrators should enable multi-factor authentication (MFA) for their account.

“I think it was a combination of public whois info and no MFA that lead to this,” added the Linux.org admin.

“There’s always one thing – they found the weakest link and exploited it.”

After the incident, admins have enabled MFA on all accounts.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – DNS hijack, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]