A Microsoft worker accidentally prevented a global Linux cyberattack

While you were celebrating (or not celebrating) Easter, a German developer was busy stopping a potentially catastrophic cyber attack on the most widely used open-source operating system — Linux. 

A Microsoft employee by day, Andres Freund volunteers as a Linux maintainer in his spare time. He essentially helps the Internet keep working as it does, seeing as Linux is used everywhere, from Android smartphones to the world’s top million servers.

Here’s how disaster was just about avoided.

Discovering a backdoor in XZ Utils

Freund became aware of a potential issue when logging into SSH and noticed it was using an abnormal amount of processing power. He traced the problem to XZ Utils, a Linux tool that compresses large files to transfer more easily. When he examined the source code for XZ Utils he discovered that someone had added a backdoor — a type of malicious code that allows hackers to access computers remotely. 

Once Freund was sure of his findings, he spread the word to fellow open-source developers, and a fix was found within a few hours. To put into perspective how difficult it would typically be to accidentally stumble upon a Linux backdoor like this, The New York Times used an apt analogy, comparing it to a bakery worker who “smells a freshly baked loaf of bread, senses something is off and correctly deduces that someone has tampered with the entire global yeast supply.”

How the backdoor was added

Following the discovery of the backdoor, researchers investigated who could have been responsible and made a timeline of events. They believe someone working under the pseudonym “Jia Tan” is responsible. This volunteer developer has been suggesting changes to XZ Utils since 2022.

Jia Tan spent the past few years attempting to gain the trust of other XZ Utils developers and eventually becoming a maintainer themself. After that, they added the backdoor in early 2024. 

Crisis avoided

Because the backdoor was discovered before being added to production versions of Linux, there will be no widespread impact. According to Will Dormann, a senior vulnerability analyst at security firm Analygence, if it hadn’t been found early “it would have been catastrophic to the world.”

Indeed, had the backdoor not been found, the bad actors responsible may have been able to access machines worldwide.

For many, the event has served to highlight the issue and potential vulnerabilities of being so reliant on open-source software with volunteers working for free.

On Twitter, FFmpeg an open-source tool for processing multimedia files, pointed out:

“The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion-dollar corporations expect free and urgent support from volunteers.”

Share on Twitter, Facebook, Google+