Linux Conference Attendees Hacked

The attacker found an unknown vulnerability in a server housing the names of participants at popular events hosted by Linux Australia, an open-source and free software user group.

The breach affects those who registered for the consortium’s Linux conference over the past three years and for the python programming conference Pycon Australia in 2013 and 2014.

Organizers noticed the intrusion soon after conference management software it uses called Zookeepr started sending a large number of error reporting emails.

“Linux Australia developed the system for themselves, so on March 22, when the server began spitting out a large number of error emails, developers didn’t think much of it,” Kaspersky Lab explains. “Two days later however, upon further examination, the group’s administrative team was able to deduce that the server had fallen victim to a malicious attack.”

The affected data includes first and last names, postal and email addresses, phone numbers and hashed passwords.

“The attacker implemented a remote access tool and rebooted the system to load their software into memory. From there the attacker was able to configure a botnet command and control server to parse data,” according to Kaspersky.

Linux Australia, comprising more than 5,000 Aussies, also lobbies government on behalf of all open source software.