Hacker behind Linux Kernel’s Mass Trojan Infection Arrested in Florida

Florida law Enforcement arrested Donald Ryan Austin for hacking the Linux Kernel Organization’s website and Linux Foundation servers.  Austin is a 27-year-old computer programmer from El Portal, Florida.

Austin was charged with four counts of Intentional Transmission Causing Damage to a Protected Computer. In 2011, Austin infected dozens of servers, causing them to be taken down for months at a time.  He was apprehended on August 28th in Miami Shores after being stopped for a traffic violation.

A statement by the Department of Justice stated:

“Austin was arrested pursuant to a four-count indictment returned by a federal grand jury in the Northern District of California on June 23rd, 2016, and unsealed Tuesday. Austin is charged with causing damage to four servers, and several computers in the Bay Area by installing malicious software. Specifically, he is alleged to have gained unauthorized access to the four servers by using the credentials of an individual associated with the Linux Kernel Organization.”

The statement also said that Austin had used that access to install rootkits, and Trojan software, along with other malicious modifications to the servers. He stole the credentials used by a Linux system administrator with the initials J.H. and used them to infect servers with Phalanx malware. The rootkits were installed on servers, allowing him to hide files and remotely access the servers without the normal login procedure. It also allowed him to bypass any security checks in place.

Austin used the malware he installed, to in turn install Trojan software, which let him gain access to login credentials of people using the same servers.

Cert-Bund, a German cyber security group estimated that a third of Linux computers in the U.S., and a tenth of those in the world that were checked, were in fact infected with the Trojan Austin had uploaded into the servers.

After obtaining the credentials, he used them to make unauthorized changes to those servers by adding messages that automatically appeared when the servers rebooted. He also broke into a private email server of Linux Kernel Founder Peter Anvin, along with the Odin1, Zues1, and Pub3 servers.

“Austin’s goal was to gain access to the software distributed through the www.kernel.org website. Access to these servers would have allowed him to distribute malicious code hidden in updates to Linux’s Kernel-its core code- which are downloaded from the servers and installed by users,” a U.S. government Spokesperson said.

Austin appeared in court on august 29th, and was released on a $50,000 bond. His next court date is September 21st, in San Francisco. He faces up to 40 years in prison and fines up to $2M.

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.