Cops arrest Florida man accused of hacking Linux servers in 2011
Austin allegedly stole the credentials of a Linux system administrator and used them to infect servers with the Phalanx malware Reuters

Police officers in the US have arrested a man from Florida for allegedly hacking the Linux Kernel Organisation's kernel.org website and the servers of the Linux Foundation. The US Department of Justice (DOJ) issued an announcement of the arrest of computer programmer Donald Ryan Austin of El Portal, Florida.

Austin, 27, has been charged with four counts of "intentional transmission causing damage to a protected computer" after his alleged hacking spree in 2011 saw several malware-infected servers taken offline for over a month, according to a report by the Register. Austin was arrested in Miami Shores on 28 August, after he identified himself when stopped for a traffic offence.

The DOJ press announcement stated: "Austin was arrested pursuant to a four-count indictment returned by a federal grand jury in the Northern District of California on June 23, 2016, and unsealed Tuesday.

"Austin is charged with causing damage to four servers located in the Bay Area by installing malicious software. Specifically, he is alleged to have gained unauthorised access to the four servers by using the credentials of an individual associated with the Linux Kernel Organization.

"According to the indictment, Austin used that access to install rootkit and trojan software, as well as to make other changes to the servers."

According to the indictment, Austin allegedly stole the credentials of a Linux system administrator, with the initials "J.H." and used them to infect the servers with the Phalanx malware. This rootkit stealthily installs itself on servers, and allows files to be hidden and the server to be remotely accessed by bypassing normal login procedures and security checks.

Austin allegedly used the Phalanx malware to install the Ebury Trojan, which allowed him to gain access to the login credentials of those using the servers. The Germany cybersecurity agency CERT-Bund, estimates that a third of Linux computers in the US, and a tenth of those elsewhere in the world, that were checked were infected by Ebury.

Austin also allegedly used the credentials to make "unauthorised changes" to the Linux servers, including adding messages which would automatically appear when the servers were rebooted.

He was also accused of breaking into private email server of the Linux Kernel Organisation's founder Peter Anvin, in addition to hacking the Odin1, Zeus1 and Pub3 servers.

Worldwide infection

According to US officials, one of Austin's goals was to "gain access to the software distributed through the www.kernel.org website".

Access to these servers would have allowed Austin to distribute malicious code hidden in updates to Linux's kernel – its core code – which are downloaded from the servers and installed by users. As these updates are widely trusted by users as safe, computers across the world were infected.

Around 1.5% of desktop computers around the world use Linux as their operating system, as it is free, highly customisable and secure. It is also widely used in supercomputers and mainframes, including ones that control critical infrastructure and military systems.

Austin first appeared in the Miami federal court on 29 August and was released on $50,000 bail. He is scheduled to appear in court again on 21 September in San Francisco.

If found guilty, Austin could face up to 40 years in prison and a fine of about $2m (£1.5m).