The Economist Exposes Near-Disaster: Malicious Code Detected in Internet Software
Home » today » Technology » The Economist Exposes Near-Disaster: Malicious Code Detected in Internet Software

The Economist Exposes Near-Disaster: Malicious Code Detected in Internet Software

by

The software at the heart of the Internet is maintained not by any tech giant or government, but by a handful of volunteers and open source developers. The Economist reveals how this could have ended in disaster very recently.

It was at the end of March that a developer at Microsoft was able to notice that ssh – which is a system for securely logging into another device over the Internet – was running about 500 milliseconds slower than it should. Thanks to that discovery, the world was spared what could have been the largest supply chain attack to date.

Malicious code detected

A closer investigation revealed that malicious code was deeply embedded in xz Utils. It is a software designed to compress data used in the Linux operating system. Linux runs on pretty much every publicly available internet server.

The servers form the basis of the Internet, including important financial and government-related services. The malware would have acted as a “master key” that would have allowed an attacker to steal encrypted data or plant other malicious code.

So how did the malicious code get there? xz Utils is based on open source code. This means that the code can be inspected and modified by anyone. In February, two developers who had helped with code hundreds of times over the past few years and built up trust smuggled in the malware.

“Own back door”

A security analyst tells The Economist that the significance of the attack is “enormous”. The back door, the analyst continues, is also “very peculiar” in terms of how it is implemented. “Smart” and “sneaky” are other reviews. Perhaps it was even too stealthy as it might have slowed down the code and thus made the program detectable.

However, the security analyst raises the possibility that it could be a sophisticated intelligence operation by a state actor. Russia is suspected, but the evidence is still too weak.

Most ambitious attack

In addition to being perhaps the most ambitious supply chain attack to date, this attack is also a stark illustration of the weaknesses of the Internet and the crowdsourced code on which it rests.

The code is open, can be inspected by anyone, and bugs or intentional backdoors will eventually be discovered through collective review.

Now the attack was discovered and could be stopped before it could cause extensive damage. However, whether the attackers have snooped on other parts of Internet software is unknown.

Read also: Wave of cyber threats: Now more modern cyber security is required

2024-04-04 11:38:18
#Developers #saved #world #cyber #disaster

Related posts:

Oculus releases Mixed Reality API on Quest 2 headphones - Game
The primary variance involving the Apple iphone 14 and Apple iphone 13 collection has develop into r...
Xiaomi bracelet payments are here!
Confused Instagram video: Kliemann sees himself as a conspiracy victim
New Hyundai Tucson Rejuvenated with Enhanced Aesthetics, Multimedia, and Safety Features

New Hyundai Tucson Rejuvenated with Enhanced Aesthetics, Multimedia, and Safety Features

The Matrix 5: New Director Announced for highly anticipated sequel | MovieZone.cz

The Matrix 5: New Director Announced for highly anticipated sequel | MovieZone.cz

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.