Ubuntu Tackling Breach That Hit Half Its Servers - InformationWeek
Software // Enterprise Applications
12:24 PM

Ubuntu Tackling Breach That Hit Half Its Servers

Five out of the project's eight servers were compromised and attacking other computers when they were taken offline.

The open-source Ubuntu project is on the mend after shutting down more than half of its servers this past weekend because they had been compromised and were launching attacks.

James Troup, who leads the Canonical sysadmin team, said in an online advisory that one of the hosted community servers that Canonical sponsored had been breached. Once technicians discovered that compromise, he said an investigation found that five of the eight machines had been breached and were actively attacking other machines. Troup's advisory did not note what machines were being attacked.

"Since it was reported that they were actively attacking other machines (and because it's What You Do), the decision was taken to shut the machines down," said Troup, who also is known as Elmo. "We started the procedure of bringing these machines up in a safe state so that we could recover data from them. Unfortunately, this took far longer than we would have hoped or liked due to a combination of having to use remote hands, arbitrary limits imposed by those remote hands, and (relative) lack of bandwidth to copy data off site."

Ubuntu is a community-developed, open-source Linux-based operating system. Canonical is the commercial sponsor of the Ubuntu project.

According to a notice in the Ubuntu newsletter, the servers were suffering from a few problems, such as missing security patches, FTP was being used to access the machines, and no upgrades "past breezy" were made due to problems with the network cards and kernels.

Troup noted that since FTP -- and not SFTP, without SSL -- was being used to access the machines, an attacker could have gotten access to the servers by sniffing the clear-text passwords. And since the servers had not been sufficiently upgraded, that also could allow an attack to gain root access.

"We're obviously working as fast as we can to restore services, however, we need to make sure they won't immediately be compromised again," added Troup.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll