Volunteer Programmer Prevents Major Cyber Attack
In March 2024, a volunteer programmer, Andres Freund, discovered a malicious “backdoor” code which had been planted in Linux, the operating software used by the majority of the world’s web servers. If undetected, this backdoor could have resulted in a potentially devastating cyber attack by allowing attackers to steal encrypted data or plant malware on millions of computers worldwide.
Linux is used on the servers hosting most of the webpages on the internet, including Facebook, Google, Wikipedia, and the servers used by banks, hospitals, governments and Fortune 500 companies. The security of the software is therefore a matter of global importance. Despite this importance, Linux is predominantly maintained by a small group of volunteer programmers who fix bugs and patch holes in the software.
While conducting routine maintenance, Freund noticed an anomaly in an application on Linux called SSH, used to log into computers remotely, which was consuming excessive processing power. He traced the issue to a data compression toolset on Linux called XZ Utils, where he found the backdoor. This backdoor could have enabled attackers to control a user’s SSH connection and secretly execute code, potentially leading to data theft or malware installation. Freund promptly reported his findings to the open-source community and a fix was developed within hours.
Investigations revealed that the anonymous attacker had spent years assisting in the maintenance of XZ Utils to gain the trust of other developers, eventually becoming one of two official maintainers of XZ Utils, before planting the backdoor earlier this year.
This incident underscores the security risks inherent in our reliance on this potentially insecure, volunteer-maintained technology, which forms the backbone of the internet.
Author: Cristin Hunt 2023/2024 Articling Student-At-Law
Photo Credit: https://unsplash.com/@towfiqu999999
Expertise
Insights
-
Technology
Google’s Next Chapter in Wearable Health Tech: The Google Fitbit Air
Another day, another wearable technology product is hitting the market, but this one arrives with the weight of Google behind it and a price designed to undercut the competition.Back in January… -
Technology
Canada Proposes an Under-16 Social Media Ban
The Canadian federal government recently introduced the Safe Social Media Act in Parliament. If the bill is successful, Canadian children under the age of 16 will no longer be able to have accounts on… -
Technology
Whoop and the Wearable Health Market
In March 2026, Whoop Inc. (“Whoop”) completed a Series G funding round for US$575 million, valuing the leading fitness wearable company at US$10.1 billion. Whoop received investment from many notable… -
Technology
The Smartest World Cup Yet: Inside FIFA’s Latest Officiating Innovations
The 2026 FIFA World Cup will showcase some of the most advanced officiating technology ever used in soccer. Building on systems introduced in previous tournaments, FIFA is rolling out new tools… -
Technology
Betting on the Future: How Prediction Markets Are Changing Everything
Recently, the Canadian Investment Regulatory Organization (“CIRO”) approved Wealthsimple to offer forecast contracts. Forecast contracts are investment products that offer investors binary “yes” or… -
Technology
Four Legal Takeaways from the Proposed Canadian Social Media Legislation
On June 10, 2026, the federal government introduced Bill C-34, also known as the Safe Social Media Act. The proposed legislation represents a sweeping effort to regulate social media platforms…