HomeWorldDid one guy stop a huge cyberattack? Nadella & tech experts think...

Did one guy stop a huge cyberattack? Nadella & tech experts think so – Times of India

Published on

spot_img



SAN FRANCISCO: The internet, as anyone who works deep in its trenches will tell you, is not a smooth, well-oiled machine. It’s a messy patchwork. Much of it relies on open-source software that is thanklessly maintained by a small army of volunteer programmers who fix the bugs.
Last week, one of those programmers may have saved the internet from huge trouble. His name is Andres Freund.He’s a 38-year-old software engineer who lives in San Francisco and works at Microsoft. His job involves developing a piece of open-source database software known as PostgreSQL. Recently, while doing some routine maintenance, Freund inadvertently found a backdoor hidden in a piece of software that is part of the Linux operating system. The backdoor was a possible prelude to a major cyberattack.
Now, in a twist fit for Hollywood, tech leaders and cybersecurity researchers are hailing Freund as a hero. Satya Nadella, Microsoft CEO, praised his “curiosity and craftsmanship”. Engineers have been circulating an old, web comic about how all modern digital infrastructure rests on a project maintained by some random guy in Nebraska. (In their telling, Freund is the random guy.) Freund – who is actually a soft-spoken, German-born coder who declined to have his photo taken for this story – said that becoming an internet folk hero has been disorienting. “I’m a private person who just sits in front of the computer and hacks on code.”
The saga began earlier this year when Freund, while reviewing a log of automated tests, noticed a few error messages he didn’t recognise. A few weeks later, while running some more tests at his home in Germany, he noticed that an application called SSH, which is used to log into computers remotely, was using more processing power than normal. He traced the issue to a set of data compression tools called xz Utils. (Don’t worry if these names are Greek to you. All you really need to know is that these are all small pieces of the Linux operating system. The vast majority of the world’s servers – including those used by banks, hospitals, govts and Fortune 500 companies – run on Linux, which makes its security a matter of global importance.) When Freund looked closely at the source code for xz Utils, he saw clues that it had been intentionally tampered with. In particular, he found that someone had planted malicious code in the latest versions of xz Utils. Last week, Freund sent his findings to a group of open-source software developers. The news set the tech world on fire. Within hours, a fix was developed and some researchers were crediting him with preventing a potentially historic cyberattack. “If it had gone undetected, the backdoor would have given its creators a master key to any of the hundreds of millions of computers around the world that run SSH,” said Alex Stamos, the chief trust officer at SentinelOne, a cybersecurity research firm.
Nobody knows who planted the backdoor. But the plot appears to have been so elaborate that some researchers believe only a nation with formidable hacking chops, such as Russia or China, could have attempted it. Since his findings became public, Freund said, he had been helping the teams who are trying to reverse-engineer the attack and identify the culprit. “I don’t really have time to have a celebratory drink.”





Source link

Latest articles

More like this