"Paul Frields's Update and Report on Fedora August 2008 Intrusion on the fedora-announce-list reads like a detective novel. It all started on August 12, 2008, when a cron job on a Fedora host reported an error. While reviewing the logs, Fedora admins found a change in the package complement that no one could explain. On short notice, the changes turned out to be tampering by an intruder. The project notified the community of the break-in and promptly pulled the server off the net.
"It's now become clear how the rogue entered the server structure: he used no hacker tools, but simply authenticated himself using a copy of an SSH private key that was not passphrase-protected. The key belonged to a Fedora admin and in the log entries it showed that the intruder also cracked or knew the admin's password. How the intruder got to the SSH private key, however, nobody knows."
