Only IT specialists realize how dangerous it is that the platform of the Internet, the World Wide Web (www), and its many different elements are maintained not by a huge and powerful organization, but by enthusiastic volunteer IT specialists. Economist in the relevant alarm situation report In his article.
Image: Pixabay
A few weeks ago, on March 12, was www's 35th birthday. On this occasion, the program developer, Sir Tim Berners-Lee He gave his invention a not entirely positive quality. He said of his godchild that he had become a “pervert.” It does more harm than good. And in the past three and a half decades, it has become home to giant platforms and their omniscient algorithms that shift people's behavior in a destructive, anti-social direction – Quoted The specialist is Time magazine.
This may be the biggest drawback of the World Wide Web, but the fact is that people live part of their personal lives through it, and the global financial system is vulnerable to the World Wide Web. Besides, who knows what secret information it will contain. A cybersecurity case has highlighted the risks involved in amateur maintenance of underlying software on the World Wide Web.
Suitable for a spy story
Microsoft engineer Anders Freund published a detective story at the end of March, and the starting point was a small discovery. He noticed that the so-called SSH system, which is responsible for ensuring that devices can communicate with each other securely over the World Wide Web, has recently become 500 milliseconds slower than expected.
During further investigation, it was found that a malware had integrated itself into a program called XZ Utils, which is an important part of the Linux operating system. This operating system runs on a large number of publicly available Internet servers. These machines serve, for example, major financial and government services. The malware served as a so-called master key so attackers could use it to steal encrypted data or install additional malware — that is, malicious applications — on the network.
Here comes the role of crime stories that draw attention to the weakness of regime control. XZ Utils is open source software, which simply means that anyone can access and change its code. This is usually handled by professionals who know the software well. One of them, Lacey Cullen, a software development engineer, realized in 2022 that the amount of freelancing he had devoted to this had completely sapped his energy. Mentally tired.
The mysterious turning point has come
So he was happy that a colleague who called himself Jia Tan, who set up his own online account a year ago, offered to help. For two years, the person, who could be a woman, a man or a team representative, provided helpful assistance in hundreds of cases, gaining Colin's trust. Then in February, it smuggled malware into XZ units.
An independent cybersecurity expert known by the pseudonym The Grugq, who is followed by many professionals, said the attack was very significant. It is a highly hidden and specially installed security backdoor. They may have wanted to hide his identity too much, and this may have caused the SSH process to slow down and ultimately kill the malware.
Jia Tan's endless patience and the fact that there were a number of netizens encouraging Colin to hand over the baton to him suggests that this was a sophisticatedly planned and executed operation. Large, technically well-equipped secret services are capable of doing this, according to analysis by The Grugq.
Who are the suspects?
It is possible that Russia's foreign intelligence service SVR hacked into the SolarWins Orion network management software in 2019-2020, gaining access to the US government's internal IT network. Analysts Rhea Carty and Simon Henniger reported that Jia Tan tried to hide the time zone he was working in, but it was believed to be two to three hours ahead of Greenwich Mean Time (GMT) and did not work on weekdays in Eastern Europe. However, this theory still needs to be verified.
Experts agree that this is the most ambitious “supply chain attack” in recent memory, targeting not a computer or computers, but rather back-end software and hardware that could have been used to launch a variety of actions. In defense of the open source code – which ultimately made the attack possible – IT experts claim that Freund discovered the procedure thanks to this. This made it possible to eliminate the malware.
Skeptics are not so calm. Freund admits that he realized the problem thanks to a coincidence of several factors. Others point out that he was the only one to report the attack. No one noticed. That's why they think Freund deserves countless free beer invitations.
