{"id":3047,"date":"2024-05-07T04:41:55","date_gmt":"2024-05-07T11:41:55","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=3047"},"modified":"2024-05-07T04:41:56","modified_gmt":"2024-05-07T11:41:56","slug":"a-microsoft-worker-accidentally-prevented-a-global-linux-cyberattack","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/a-microsoft-worker-accidentally-prevented-a-global-linux-cyberattack\/","title":{"rendered":"A Microsoft worker accidentally prevented a global Linux&nbsp;cyberattack"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/SSL_Blog_Linux-systems-worldwide.png\" alt=\"\" class=\"wp-image-2327\"\/><\/figure>\n\n\n\n<p>While you were celebrating (or not celebrating) Easter, a German developer was busy stopping a potentially catastrophic cyber attack on the most widely used open-source operating system \u2014 Linux.&nbsp;<br><\/p>\n\n\n\n<!--more-->\n\n\n\n<p>A Microsoft employee by day, Andres Freund volunteers as a Linux maintainer in his spare time. He essentially helps the Internet keep working as it does, seeing as <a href=\"https:\/\/gitnux.org\/linux-statistics\/\">Linux is used everywhere<\/a>, from Android smartphones to the world\u2019s top million servers.<br><\/p>\n\n\n\n<p>Here\u2019s how disaster was just about avoided.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Discovering a backdoor in XZ Utils<\/h2>\n\n\n\n<p>Freund <a href=\"https:\/\/www.nytimes.com\/2024\/04\/03\/technology\/prevent-cyberattack-linux.html\">became aware<\/a> of a potential issue when logging into SSH and noticed it was using an abnormal amount of processing power. He traced the problem to XZ Utils, a Linux tool that compresses large files to transfer more easily. When he examined the source code for XZ Utils he discovered that someone had added a backdoor \u2014 a type of malicious code that allows hackers to access computers remotely.&nbsp;<br><\/p>\n\n\n\n<p>Once Freund was sure of his findings, he spread the word to fellow open-source developers, and a fix was found within a few hours. To put into perspective how difficult it would typically be to accidentally stumble upon a Linux backdoor like this, The New York Times used an apt analogy, comparing it to a bakery worker who \u201csmells a freshly baked loaf of bread, senses something is off and correctly deduces that someone has tampered with the entire global yeast supply.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How the backdoor was added<\/h2>\n\n\n\n<p>Following the discovery of the backdoor, researchers investigated who could have been responsible and <a href=\"https:\/\/boehs.org\/node\/everything-i-know-about-the-xz-backdoor\">made a timeline of events<\/a>. They believe someone working under the pseudonym \u201cJia Tan\u201d is responsible. This volunteer developer has been suggesting changes to XZ Utils since 2022.<br><\/p>\n\n\n\n<p>Jia Tan spent the past few years attempting to gain the trust of other XZ Utils developers and eventually becoming a maintainer themself. After that, they added the backdoor in early 2024.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Crisis avoided<\/h2>\n\n\n\n<p>Because the backdoor was discovered before being added to production versions of Linux, there will be no widespread impact. According to Will Dormann, a senior vulnerability analyst at security firm Analygence, if it hadn\u2019t been found early \u201cit would have been catastrophic to the world.\u201d<br><\/p>\n\n\n\n<p>Indeed, had the backdoor not been found, the bad actors responsible may have been able to access machines worldwide.<br><\/p>\n\n\n\n<p>For many, the event has served to highlight the issue and potential vulnerabilities of being so reliant on open-source software with volunteers working for free.<br><\/p>\n\n\n\n<p>On Twitter, <a href=\"https:\/\/twitter.com\/FFmpeg\/status\/1775178803129602500\">FFmpeg<\/a> an open-source tool for processing multimedia files, pointed out:<br><\/p>\n\n\n\n<p>\u201cThe xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion-dollar corporations expect free and urgent support from volunteers.\u201d<br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While you were celebrating (or not celebrating) Easter, a German developer was busy stopping a potentially catastrophic cyber attack on the most widely used open-source operating system \u2014 Linux.&nbsp;<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3047","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=3047"}],"version-history":[{"count":1,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3047\/revisions"}],"predecessor-version":[{"id":3048,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3047\/revisions\/3048"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=3047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=3047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=3047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}