Anyone who works deep in the trenches of the internet will tell you that there is no well-accepted machinery that works without the slightest problem.
Rather, it is a set of disorganized parts that have been assembled over decades and that are only kept together thanks to the digital equivalent of adhesive tape and masking tape. A large part of the network depends on open source software that is maintained by the work of a small army of volunteer programmers to whom no one gives thanks for repairing the errors, patching the holes and making sure that the art of dollars in gross internal product is quejallones global pueda, a duras penas, seguir andando.
It is very probable that last week one of these programmers saved the internet from an enormous problem.
His name is Andres Freund. He is a 38-year-old software engineer who lives in San Francisco and works for Microsoft. Parte de su trabajo consists of a software program for PostgreSQL databases. Si pudiera explicar correctamente de qué se trata este software (something that, in definitiva, no puedo hacer), quizá only lograría matarlos de aburrimiento.
Recently, while performing some routine maintenance tasks, Freund unwittingly discovered a hidden back door in a software fragment that forms part of the Linux operating system. It is possible that this back door has been the prelude to an important cyber attack that, in the opinion of experts, could have caused serious damage if it had been implemented.
Now, en un giro digno de Hollywood, several leaders of the technological industry and cyber security investigators are qualifying a Freund de héro. Satya Nadella, CEO of Microsoft, praise su “curiosidad y destreza”. A fan here description as “the gorilla leader of the nerds”. Entre los ingenieros has been circulating an old web comic strip, famous among programmers, whose premise is that all modern digital infrastructure depends on a project maintained by some type of person in Nebraska (according to it).
En una entrevista realizado esta semana, Freund — queen en realidad es un programador nacido en Alemania de voz suave que no quiso que le tomaran una fotografia para este artículo— comment that turns him into a hero popular on the internet le ha causado gran confusión.
“Se me hace muy extraño”, he said. “Soya una persona bastante reservada que solo se sienta frente a la computadora y product codigo”.
The saga began this same year, during a Freund flight back home after visiting his parents in Germany. The review of the system of automatic recording of commissions, is the listing of errors that have not been announced. En ese momento he was suffering from the effects of the time delay and the messages did not seem urgent, so he archived them in his memory.
Pero unas semanas después, while realizing other tests at home, he observed that an application called SSH, which is used to remotely enter computers, was consuming more processing power than usual. Después de buscar el origen del problema, que rastreó up to a set of data compression tools called xz Utils, he asked if he would be related to the errors he had seen before.
(Don’t worry if these names seem like I’m speaking in Chinese? In reality, they just need to know that they are small fragments of the Linux operating system, which is perhaps the most important open source software in the world. The vast majority of the mundo—including those used by banks, hospitals, the government, and Fortune 500 companies—operate with Linux, because its security is of global importance).
All the software that is popular from the code, Linux is the current frequency and the errors of the municipality that refer to unspecified errors. Sin embargo, when Freund examined with more detail the source code of xz Utils, he found clues that indicated that someone had altered it intentionally.
In particular, he discovered that alguien había sembrado código maligno en las versiones más recientes de xz Utils. The code, known as a back door, would allow its creator to hijack a user’s SSH connection and secretly run their own code on that user’s machine.
En un primer momento, Freund doubted his findings. Did you really discover a back door in one of the most analyzed open source programs in the world?
“Sentí que era surrealist”, relevant. “Pensé varias veces que tal vez había dormido mal y estaba delirando”.
But as he continued to analyze, he identified new evidence, so last week Freund shared his findings with a group of open code software developers. La noticia no tardó en causar alarma en el mundo tecnologico. In just a few hours, a repair was created and some investigators gave credit to Freund for having avoided a cyber attack that could have been historical.
No one knows who planted the back door but, apparently, the plan was so elaborate that some researchers are convinced that only a nation with tremendous abilities to conceive cyber attacks on China could have attempted it.
Según algunos investigadores que han revisado la evidencia, todo parece indicar que el atacante used a pseudonym, “Jia Tan”, before the registration of xz Utils desde incluso 2022 (mulchos proyectos de software de seedo jerrérés de lécodi 2022; proponen cambios al código de un programa, y luego the most experienced programmers are responsible for revising and approving the changes).
It is believed that the attacker, using the name Jia Tan, worked several years to gain little by little the trust of other developers of xz Utils and obtain more control over the project, until he ascended the hierarchy, final, final, intermediate, completion, final upgrade, the con la puerta trasera oculta este mismo año (although the nueva versión manipulada del codigo ya se había dado conocer, todava no era de uso generalizado).
Freund pointed out that, since his findings were made public, he was dedicated to helping the teams that intended to reproduce the attack with reverse engineering to identify the culprit. Así que ha estado muy ocupado para dormirse en sus laureles. The next version of PostgreSQL, the database management software in which it works, will be released later this same year and Freund is still looking for last-minute changes to be accepted.
“In realidad, no tengo tiempo de ir tomar unos tragos para celebrar”, he said.
Kevin Rouse he is a technology columnist for el Times and hosts the podcast Hard Fork. More from Kevin Roose