A programmer discovers a security hole that could bring down the global system

At the end of March, Andres Freund, a 38-year-old programmer currently living in San Francisco and working for Microsoft, discovered a backdoor hidden in a software part of the Linux operating system that could lead to giving hackers access to hundreds of millions of computers worldwide. Luckily, an unfortunate incident did not take place.

The Linux operating system is arguably the world's most important open source software. Most servers in the world - including those belonging to banks, hospitals, governments. are running on Linux, so Linux security vulnerabilities will have a global impact.

A programmer discovers a security hole that could bring down the global system Picture 1

This dangerous vulnerability was discovered when Freund periodically maintained a part of PostgreSQL - open source software used in database processing.

While examining a series of automated tests, he realized that an application called SSH - which is used to access remote computers - was using more resources than usual. Continuing to follow the trail, he found a data compression tool called xz Utils that reminded him of the error message not long ago.

After 'digging' into the source code of xz Utils, Freund saw traces of editing by someone or some organization. Specifically, malicious code has been installed into the latest version of xz Utils. This backdoor will allow malware installers to take advantage of SSH connections and secretly run software remotely.

He collected more evidence as he 'dig deeper'. At the end of March, Mr. Freund sent the evidence he collected to a group of open source software developers and caused an uproar in the community. Within just a few hours, this serious error was patched.

Some programmers assert that if Freund had not discovered it, a cyber attack that would leave a stain on the history books could have happened.

Alex Stamos, senior director at SentinelOne, a cybersecurity research company, said the backdoor discovered by Freund may be the most widespread, most effective backdoor ever installed in any software. , can 'give its creator the master key to access hundreds of millions of computers using SSH globally'. At that time, crooks were able to steal sensitive information, install malware, cause disruption to global infrastructure. without ever being caught.

Freund said, the person behind this incident is clever and cunning enough to erase traces, making the malicious code more difficult to find.

After discovering the security hole, Freund is still helping the team of programmers analyze and find the mastermind. Along with that, Freund is also developing and perfecting a version of PostgreSQL, expected to be released later this year.

Marvin Fry

Update 25 April 2024