Attackers changed the defacement page a few times, they protested against the new Linux kernel developer code of conduct in a regrettable way with
racial slurs and the image of an individual showing the anus.
The defacement page also includes links and a Twitter account (@kitlol5) believed to be under the control of the attacker.
The person who was operating the Twitter account posted a screenshot showing that they had access to the Network Solutions account of Michelle McLagan, who evidently owns linux.org, and modified the DNS
“This evening someone got into my partner’s
one of the Linux.org admins wrote on Reddit.
“She’s working with
The hacker did not access the servers hosting Linux.org and user data were not compromised.
How to prevent this kind of incident?
Administrators should enable multi-factor authentication (MFA) for their account.
“I think it was a combination of public whois info and no MFA that lead to this,” added the Linux.org admin.
“There’s always one thing – they found the weakest link and exploited it.”
After the incident, admins have enabled MFA on all accounts.
(Security Affairs – DNS hijack, hacking)