It has been reported that Microsoft engineer found a serious hack in
Linux OS and now the authorities around the world are concerned about this.
Some State actors are involved (Russia is suspected) but it is still
being investigated.
Read the article just published two days ago on Wikipedia <https://en.wikipedia.org/wiki/XZ_Utils_backdoor>
There are videos on YouTube and other reputable news media websites
about this. You can search for XZ backdoor Hack in Google if you are interested in this.
This is still a developing story and more will follow in the coming days
when OS community had chance to analyse the implications. Most servers
around the world are affected by this. <https://youtu.be/0pT-dWpmwhA?si=mlnovDmvFDU6yPyM> <https://youtu.be/D0AN0u
On Wed, 17 Apr 2024 23:45:00 -0400, Jia Tan <noreply@wubuntu.wubuntu>
wrote:
It has been reported that Microsoft engineer found a serious hack in
Linux OS and now the authorities around the world are concerned about
this.
Some State actors are involved (Russia is suspected) but it is still
being investigated.
Trying to spread fear is pointless, as is forging the id of the person who tried to introduce the backdoor.
While the method used will cause all projects, to be much more careful, the situation has been handled.
The same thing can happen with closed source software, so the advice to be careful about the supply chain attacks applies to all software development.
While the backdoor did get into some distribution's development builds, it was found and removed before it could be widely spread.
This always been a thing of hard core closed source supporters, to
discredit the competition without mentioning about real threats to their favorite operating system
On 4/18/2024 2:31 AM, J.O. Aho wrote:
This always been a thing of hard core closed source supporters, to
discredit the competition without mentioning about real threats to
their favorite operating system
That seems like a sound strategy, representative of a long
and hallowed Linux tradition: Fix a Linux bug by blurting out
that Windows is worse. :)
On 18/04/2024 06.15, David W. Hodgins wrote:[snip]
On Wed, 17 Apr 2024 23:45:00 -0400, Jia Tan <noreply@wubuntu.wubuntu>
wrote:
Some State actors are involved (Russia is suspected) but it is still
being investigated.
I think the main suspect was CCP China, but sure it could have been any
actor from the Axis powers.
While the method used will cause all projects, to be much more careful, the situation has been handled.
On 4/18/24 00:15, David W. Hodgins wrote:
While the method used will cause all projects, to be much more careful, the >> situation has been handled.
THAT's pretty well the size of it.
It did require brains though so I'll be pointing my ears as we approach finding out whodoneit, meanwhile excluding systemd and N.Korea from my
list of suspects :-)
On Thu, 18 Apr 2024 18:12:54 -0400, bad💽sector <forgetski@_invalid.net> wrote:
On 4/18/24 00:15, David W. Hodgins wrote:
While the method used will cause all projects, to be much more
careful, the
situation has been handled.
THAT's pretty well the size of it.
It did require brains though so I'll be pointing my ears as we approach
finding out whodoneit, meanwhile excluding systemd and N.Korea from my
list of suspects :-)
It could have been any nation state, including nato countries, or any criminal organization that could afford to have someone send a couple
of years building a reputation before even starting to introduce the
changes that when combined included the backdoor.
It could even have been just one individual with skills and time on their hands.
While the times of commits may be an indication, it could also be
someone that
wasn't doing things in normal office hours. Even the ip address could
have been
hidden by using a previously hacked system, and/or vpn services.
Speculation on who is behind it is pointless.
Regards, Dave Hodgins
There are videos on YouTube and other reputable news media websites
about this.
On 2024-04-17 23:45, Jia Tan wrote:
There are videos on YouTube and other reputable news media websites
about this.
Youtube? A reputable news medium? That's hilarious.
There are lots of helpful and informative videos on Youtube, but there's
also a lot of pure bunk.
I happened across one just the other day claiming that the US government
was going to start giving out $3000 Social Security benefits every month
as part of a Covid stimulus. Another lays out a case for the 1969 Moon landing having been faked on a Hollywood back lot. (Neil Armstrong
confessed on his deathbed!) There are several "documentaries" on the government coverup of what REALLY happened at Roswell, New Mexico.
I could go on and on, but you get the point.
TJ
I'll agree that probably a long-term plan as well. "I" would not have
been confident of getting away with it but then there are cultures
teaching the fundamentals of liberalism to their offspring: that
everything is acceptable so long as it can be separated from the
critical element, or so long as you get away with it (same thing).
On Thu, 18 Apr 2024 20:58:13 -0400, bad💽sector <forgetski@_invalid.net> wrote:
I'll agree that probably a long-term plan as well. "I" would not have
been confident of getting away with it but then there are cultures
teaching the fundamentals of liberalism to their offspring: that
everything is acceptable so long as it can be separated from the
critical element, or so long as you get away with it (same thing).
Just regarding the timeline. From https://research.swtch.com/xz-timeline
2021-10-29 A person using the online name Jia Tan submitted a patch for xz and later joins the project.
2024-02-23 First part of backdoor added to xz
2024-02-24 First release of backdoor version 5.6.0, which is causes crashes 2024-03-09 Working backdoor released as version 5.6.1
2024-03-27 Debian includes the 5.6.1 version in their development version 2024-03-28 Backdoor detected and analysis starts
2024-03-30 Backdoor removed by reverting to a pre Jia Tan version
So three years working to build a reputation, and then get the backdoor included, only to have it detected and removed 3 days after making it into one linux distributions development version.
So the three possibilities I see are a nation state, organized crime, or
a single individual with the skills and time on his/her hands to do this.
If it is a nation state, China, and Russia are the most likely based on timestamps of commits, but it could just as easily be a nato country trying to get it into Russian and Chinese systems. Simply working hours other then
9 to 5 could explain the timestamps.
Regards, Dave Hodgins
On Thu, 18 Apr 2024 20:58:13 -0400, bad💽sector <forgetski@_invalid.net> wrote:
I'll agree that probably a long-term plan as well. "I" would not have
been confident of getting away with it but then there are cultures
teaching the fundamentals of liberalism to their offspring: that
everything is acceptable so long as it can be separated from the
critical element, or so long as you get away with it (same thing).
Just regarding the timeline. From https://research.swtch.com/xz-timeline
2021-10-29 A person using the online name Jia Tan submitted a patch for xz and later joins the project.
2024-02-23 First part of backdoor added to xz
2024-02-24 First release of backdoor version 5.6.0, which is causes crashes 2024-03-09 Working backdoor released as version 5.6.1
2024-03-27 Debian includes the 5.6.1 version in their development version 2024-03-28 Backdoor detected and analysis starts
2024-03-30 Backdoor removed by reverting to a pre Jia Tan version
So three years working to build a reputation, and then get the backdoor included, only to have it detected and removed 3 days after making it into one linux distributions development version.
So the three possibilities I see are a nation state, organized crime, or
a single individual with the skills and time on his/her hands to do this.
If it is a nation state, China, and Russia are the most likely based on timestamps of commits, but it could just as easily be a nato country trying to get it into Russian and Chinese systems. Simply working hours other then
9 to 5 could explain the timestamps.
Regards, Dave Hodgins
So the three possibilities I see are a nation state, organized crime, or
a single individual with the skills and time on his/her hands to do this.
J.O. Aho wrote:
On 18/04/2024 06.15, David W. Hodgins wrote:[snip]
On Wed, 17 Apr 2024 23:45:00 -0400, Jia Tan <noreply@wubuntu.wubuntu>
wrote:
Some State actors are involved (Russia is suspected) but it is still
being investigated.
I think the main suspect was CCP China, but sure it could have been any
actor from the Axis powers.
China is on the list, yes, as is Russia, but IMO North Korea is pretty high on the list, as are other government-level bad actors... including Washington, D.C. The name "Jia Tan" might have been selected as a deliberate misdirection (although if I were to choose an alias for such purposes, I wouldn't choose a name suggesting a culture I'm not familiar with; I'd go with "Bob Smith" or similar.)
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 361 |
Nodes: | 16 (2 / 14) |
Uptime: | 123:36:04 |
Calls: | 7,716 |
Files: | 12,861 |
Messages: | 5,727,956 |