Why a near-miss cyberattack put US officials and the tech industry on edge

  • 📰 ChannelNewsAsia
  • ⏱ Reading Time:
  • 73 sec. here
  • 3 min. at publisher
  • 📊 Quality Score:
  • News: 33%
  • Publisher: 66%

Business News News

Business Business Latest News,Business Business Headlines

WASHINGTON :German software developer Andres Freund was running some detailed performance tests last month when he noticed odd behavior in a little known program. What he found when he investigated has sent shudders across the software world and drawn attention from tech executives and government officials.

FILE PHOTO: 3D printed models of people working on computers and padlock are seen in front of a displayed CYBER SECURITY words and binary code in this picture illustration taken, February 1, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

Freund, who works for Microsoft out of San Francisco, discovered that the latest version of the open source software program XZ Utils had been deliberately sabotaged by one of its developers, a move that could have carved out a secret door to millions of servers across the internet. The near-miss has refocused attention on the safety of open source software – free, often volunteer-maintained programs whose transparency and flexibility mean they serve as the foundation for the internet economy.

Update logs available through the open source software site Github show that Tan’s role quickly expanded. By 2023 the logs show Tan was merging his code into XZ, a sign that he had won a trusted role in the project. Tan did not return messages sent to his Gmail account. Reuters has been unable to ascertain who Tan is, where he is, or who he was working for, but many of those who've examined his updates believe Tan is a pseudonym for an expert hacker or group of hackers - likely one working on behalf of a powerful intelligence service.

In the open source community, the discovery has been sobering. The volunteers who maintain the software that underpins the internet aren't strangers to the idea of little pay or recognition, but the realization that they were now being hunted by well-resourced spies pretending to be Good Samaritans was “incredibly intimidating,” said Arasaratnam, of the Open Source Security Foundation.

 

Thank you for your comment. Your comment will be published after being reviewed.
Please try again later.
We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

 /  🏆 6. in BUSİNESS

Business Business Latest News, Business Business Headlines