"A remote access tool was installed, and the server was rebooted to load this software into memory." "A botnet command and control was subsequently installed and started. During the period the individual had access to the Zookeepr server, a number of Linux Australia's automated backup processes ran, which included the dumping of conference databases to disk."





Linux Australia had also asked Computer Emergency Response Teams for the help in identifying the exploited unknown vulnerability. Delegates are urged to change their passwords.

An Open Source organization - Linux Australia reveals that one of its server had been hacked back in March, where only personal details were exposed. Organization have admitted that personal details which includes names, phone numbers and street and email addresses of delegates for Linux Australia conferences and PyCon have been exposed in a server breach.A server had been attacked on March 22, but the Linux Australia discovered the breach on March 24, after conference management software Zookeeper started sending a large number of error reporting emails. Organization also mentioned that no financial data have been exposed because they use a third party payment system.Linux Australia president Joshua Hesketh, who has led the organization since 2013, said - Hacker have leveraged an unknown vulnerability in its system to trigger a remote buffer overflow and gain root level access to its server.The organization has also deployed a new secure host has been deployed and said system user accounts will be expired three months after the conference ends. Linux Australia notified Australia's Privacy Commissioner about the breach and has tightened the screws on the rebuilt server.