The aftermath of the Gentoo GitHub hack

Gentoo GitHub hack: What happened?

Late last month (June 28), the Gentoo GitHub repository was attacked after someone gained control of an admin account. All access to the repositories was soon removed from Gentoo developers. Repository and page content were altered. But within 10 minutes of the attacker gaining access, someone noticed something was going on, 7 minutes later a report was sent, and within 70 minutes the attack was over. Legitimate Gentoo developers were shut out for 5 days while the dust settled and repairs and analysis were completed.

The attackers also attempted to add “rm -rf” commands to some repositories to cause user data to be recursively removed. As it turns out, this code was unlikely to be run because of technical precautions that were in place, but this wouldn’t have been obvious to the attacker.

One of the things that constrained how big a disaster this break in might have turned out to be was that the attack was “loud.” The removal of developers resulted in them being emailed, and developers quickly discovered they’d been shut out. A stealthier attack might have led to a significant delay in anyone responding to the problem and a significantly bigger problem.

A detailed timeline showing the details of what happened is available at the Gentoo Linux site.