As anyone who works in the depths of the internet will tell you, the internet is not a smooth, well-oiled machine.
It's a messy patchwork assembled over decades, held together by the digital equivalent of cellophane tape and bubble gum. Much of it relies on open source software. This software is thankfully maintained by a small group of volunteer programmers who fix bugs, plug holes, and ensure that this whole unstable machine, responsible for trillions of dollars in global GDP, continues to run smoothly. Managed.
Last week, one of those programmers may have saved the Internet from major trouble.
His name is Andres Freund. He is a 38 year old software engineer who lives in San Francisco and works at Microsoft. His work involves developing the open source database software known as PostgreSQL, and if I could explain the exact details of it I would probably shed a tear, but I can't.
Recently, while performing routine maintenance, Freund stumbled upon a backdoor hidden in software that is part of the Linux operating system. The backdoor could be a precursor to a major cyber attack, and experts say it could have caused significant damage if it had been successful.
Now, in a twist worthy of Hollywood, technology leaders and cybersecurity researchers are hailing Freund as a hero. Satya Nadella, CEO of Microsoft, was praised His “curiosity and craftsmanship”.worshiper called him “The Silverback Gorilla of Geekdom” Engineers are talking about how all of our modern digital infrastructure depends on a project maintained by some random guy in Nebraska. We are distributing comics. (They say Mr. Freund is just a random guy from Nebraska.)
In an interview this week, Mr. Freund (actually a soft-spoken German-born programmer who declined to be photographed for this article) said that becoming an Internet folk hero had disoriented him.
“I think that's very strange,” he said. “I'm a pretty private person who just sits in front of a computer and hacks code.”
The story began earlier this year when Mr. Freund flew home from a visit to his parents in Germany. While reviewing his automated test logs, he notices that there are some errors in his messages that he doesn't recognize. He was jet-lagged and the message didn't seem urgent, so he filed it away and committed it to memory.
But a few weeks later, while running some more tests at home, I discovered that an application called SSH, which is used to log into computers remotely, was using more processing power than normal. I noticed. He discovered a problem with a suite of data compression tools called xz Utils and thought it might be related to the errors he had seen earlier.
(Don't worry if these names sound Greek. All you really need to know is that they're all small parts of the Linux operating system, which is probably the most important open source software in the world.) The majority of the world's servers run on Linux, including those used in banks, hospitals, governments, and Fortune 500 companies, making their security a major global issue.)
Like other popular open source software, Linux is constantly updated and most bugs are the result of innocent mistakes. However, when Freund took a closer look at his xz Utils source code, he found evidence of deliberate tampering.
In particular, we discovered that someone had embedded malicious code in the latest version of xz Utils. This code, known as a backdoor, allows its creator to hijack a user's SSH connection and secretly run their own code on that user's machine.
In the world of cybersecurity, a database engineer inadvertently discovers a backdoor into the core functionality of Linux when he smells freshly baked bread, senses something is wrong, and suspects someone has stolen the entire world's yeast supply. It's similar to a bakery employee who correctly guesses that someone has tampered with something. . It takes years of experience, relentless attention to detail, and a healthy dose of luck to intuit this.
At first, Freund had doubts about his own findings. Did he really discover a backdoor in one of the world's most heavily monitored open source programs?
“It felt surreal,” he said. “There were moments when I thought I might have had a fever dream from lack of sleep.”
But Freund's research continued to uncover new evidence, and last week he sent his findings to a group of open source software developers. This news set the technology world on fire. Within hours, some researchers credited him with thwarting a potentially historic cyberattack.
“This may have been the most widespread and effective backdoor ever installed in any software product,” said Alex Stamos, chief trust officer at cybersecurity research firm Sentinel One. Ta.
Stamos said that if it had gone undetected, the backdoor “would have given its creator the master key to any of the hundreds of millions of computers around the world running SSH.” That key could have allowed them to steal personal information, deploy devastating malware, and wreak havoc on infrastructure, all without getting caught.
(The New York Times sued Microsoft and its partner OpenAI for alleged copyright infringement involving artificial intelligence systems that generate text.)
No one knows who installed the backdoor. But the plot appears to have been so sophisticated that some researchers believe that only countries with formidable hacking techniques, such as Russia or China, could have attempted it.
According to some researchers who have gone back and looked at the evidence, the attackers appear to have used the pseudonym “Jia Tan” to hint at changes to xz Utils going back to 2022. (Many open source software projects have a hierarchical structure. Developers propose changes to the program's code, and then experienced developers called “maintainers” must review and approve the changes.) .)
The attacker, who used the name Jia Tan, slowly gained the trust of other xz Utils developers over several years, gaining more control over the project and eventually becoming its maintainer, before finally signing off earlier this year. It appears that they have inserted code with a hidden backdoor. (A new compromised version of the code was released but was not yet widely used.)
Freund declined to speculate on who was behind the attack. But whoever it was, he said, was sophisticated enough to try to cover its tracks, including by adding code that made the backdoor harder to discover.
“It was very mysterious,” he said. “They obviously went to great lengths to hide what they were doing.”
Freund said that since his findings were made public, he has been assisting teams in trying to reverse engineer the attack and identify the perpetrators. But he's too busy to rest on his laurels. The next version of his PostgreSQL software, the database he is working on, is scheduled to be released later this year, and he is trying to make some last-minute changes before the deadline.
“There really isn’t time to go out for celebratory drinks,” he said.