The Gentoo Linux GitHub Account Cybersecurity Failure
While one may expect software developers to usually have better-than-average security systems in place, the team behind Gentoo Linux’s GitHub account were the victims of an unfortunate event in June 2018. Hackers gained control of the account’s code repository, made changes to its content, and locked out its developers, preventing them from using GitHub for five days. Gentoo has still not been able to discover who was behind the attack.
How Did the Attackers Gain Access to the Gentoo GitHub Account?
Gentoo suffered from several deficiencies that made it easier for the attack to be perpetrated. Evidence collected in the investigation of the incident led the Gentoo security team to the understanding that the hackers gained access using a password scheme that enabled them to obtain the administrator’s password and thus to simply guess the passwords for other sites. The Gentoo developers did not have a backup copy of the GitHub organization detail and the system repository was not mirrored from Gentoo, rather it was stored directly on GitHub.
The attack did cause all the other developers to received email alerts, as they were systematically locked out of the GitHub account, which spurred them to take action and stop the attack in just over an hour. The private keys of the account were also not stolen, which helped keep the attackers from completely deleting and removing all files.
How the Attack Could Have Been Avoided
Attention to the simplest fundamentals of cybersecurity could have prevented the attack from ever happening in the first place. Two-factor authentication for access to a website is an essential aspect of any cybersecurity plan and makes sure that an authorized individual must authenticate access. On a practical level, this usually means that when a password is entered on a website, a message is sent to a mobile phone or secondary email address with a token (another password) that has to be entered to gain access. Even if hackers could gain access to the first password with relative ease, it would be harder to obtain the second term or to access the email account as well.
Lessons That Can Be Drawn From the Attack and Applied Universally
Gentoo has released a list of their new implementations to help reinforce their security protocols. Anyone who has access to or control over sensitive or proprietary information would do well to learn from this attack and apply these simple security measures to their own organizations:
• Back up everything regularly in case of an attack or even a system failure. Backups should be stored offsite and should have the capability of being reached easily in case of an emergency.
• Enable two-factor authentication by default on all accounts where access is available to a group of people.
• Have an incident-response plan along assigning designated users to act immediately upon notification of a security breach.
• Ensure that former employees and group members have their access completely revoked if they are no longer working on a specific project.