Some of the regional servers used by Ubuntu advocate teams were compromised and made to launch attacks against other systems. As a result, five of the servers were taken offline while steps were taken to secure them. The intrusions were discovered on August 13.
Ubuntu development is led by Canonical. The operating system is a rapidly growing Linux distribution favored for its excellent hardware support, its well-rounded desktops, and its extensive 'out-of-the-box' suite of tools.
Countless individuals advocate Ubuntu and many of those individuals group together in local teams (referred to as LoCo teams). Some of those teams establish their own sites, and some of the servers that host those sites are sponsored by Canonical even though the servers are run by team members.
Five team servers were shut down when it was discovered that those systems were being used to attack other systems. Intruders apparently gained access to the servers due to outdated operating system and application software, missing security patches, and possibly a failure of server operators to use secure connectivity methods as opposed to insecure methods that cause logon credentials to be transmitted in clear text over untrusted networks.
According to Jono Bacon, community manager at Canonical, because the servers had so many outdated software packages, "an attacker could have gotten a shell through almost any of \[those servers\]." Bacon wrote this in an email message to LoCo community teams.
The LoCo teams affected by the intrusions are being offered the opportunity to move their sites to Canonical's data center. Those who opt to continue to operate their own servers will have to come up to speed on software updates and thereafter continue handling their own day-to-day server administration tasks (such as patching, making backups, etc.) and agree to direct Canonical oversight; otherwise Canonical will not continue to sponsor those independently operated team sites.