Volunteer Programmer Prevents Major Cyber Attack

In March 2024, a volunteer programmer, Andres Freund, discovered a malicious “backdoor” code which had been planted in Linux, the operating software used by the majority of the world’s web servers. If undetected, this backdoor could have resulted in a potentially devastating cyber attack by allowing attackers to steal encrypted data or plant malware on millions of computers worldwide.

Linux is used on the servers hosting most of the webpages on the internet, including Facebook, Google, Wikipedia, and the servers used by banks, hospitals, governments and Fortune 500 companies. The security of the software is therefore a matter of global importance. Despite this importance, Linux is predominantly maintained by a small group of volunteer programmers who fix bugs and patch holes in the software.

While conducting routine maintenance, Freund noticed an anomaly in an application on Linux called SSH, used to log into computers remotely, which was consuming excessive processing power. He traced the issue to a data compression toolset on Linux called XZ Utils, where he found the backdoor. This backdoor could have enabled attackers to control a user’s SSH connection and secretly execute code, potentially leading to data theft or malware installation. Freund promptly reported his findings to the open-source community and a fix was developed within hours.

Investigations revealed that the anonymous attacker had spent years assisting in the maintenance of XZ Utils to gain the trust of other developers, eventually becoming one of two official maintainers of XZ Utils, before planting the backdoor earlier this year.

This incident underscores the security risks inherent in our reliance on this potentially insecure, volunteer-maintained technology, which forms the backbone of the internet.