Kernel.org Attackers Didn't Know What They Had
First Botnet of Linux Web Servers Discovered
I doubt the attackers even went through the hustle to gain root (no need, anyone can start stuff on (unfiltered) 8080).
Finding a vulnerable .php/cgi for executing commands on the Server under the uid of the Webserver sounds much easier to me.
1. Scan for vulnerable Servers
2. upload trojansite.tgz
3. unpack to some world-writable/executable directory like for e.g. /tmp/.../
4. fire up nginx serving the trojans
5. Profit (5 ?! omg, people really have to work for their monies these days)
DHS To Use Body Odor As a Lie Detector
You can check some facts in RL too:
UK Government Says More Spying Needed
With the speed they loose the data they do have to collect much more just to have some left in their own hands.