If I remember correctly, H Peter Anvin was, at least, an admin for kernel.org services.
That would give easy answer, how root access was possibly gained. I find two possibilities. First if sudo authentication was passwordless on utilities with low security and/or sudo authentication had shortcircuit to ssh-login, a single-sign-on, then the intruder did not need to use any vulnerabilities in software code but just found weak spots in methods to use root priveledges. Secondly, if the ssh-client binary were trojaned at H Peter Anvin's use, typed password for sudo were logged as well.
According to the above article the trojan logged pretty much information, which suggests the above might be, what have happened. Ie. the intruder has found from the logs, how to gain root access and rest is just keeping yourself hidden.
This scenario closes your claims, but does not exclude the possibility that root access has had been available through some vulnerability in some software somewhere in the system, but finding the vulnerability to use had put the intruder to higher exposure to be found sooner.