A fascinating but ominous software story dropped on Friday: a widely used file compression software package called “xz utils” has a cleverly embedded system for backdooring shell login connections, and it’s unclear how far this dangerous package got into countless internet-enabled devices. It appears the persona that injected this played a long game, gaining the […]
That suggestion is because the attack took years of ground work, psyops, multiple disciplines and several levels of obfuscations. It needs the kind of effort that only a well paid and dedicated team can pull off. But that need not necessarily be a state actor. It could also be some spying/malware company (like NSO), any of the big corporates or a criminal group with lots of money.
But don’t lose hope. All it took to uncover all of that was just one engineer who was annoyed by SSH slowing down from 0.3s to 0.8s. The effort needed to uncover it is only a fraction of what’s needed to hide it. This is also a vindication of the FOSS philosophy. Imagine uncovering this if the source wasn’t available.
That suggestion is because the attack took years of ground work, psyops, multiple disciplines and several levels of obfuscations. It needs the kind of effort that only a well paid and dedicated team can pull off. But that need not necessarily be a state actor. It could also be some spying/malware company (like NSO), any of the big corporates or a criminal group with lots of money.
But don’t lose hope. All it took to uncover all of that was just one engineer who was annoyed by SSH slowing down from 0.3s to 0.8s. The effort needed to uncover it is only a fraction of what’s needed to hide it. This is also a vindication of the FOSS philosophy. Imagine uncovering this if the source wasn’t available.