A Microsoft developer wondered what could be causing this extra half-second of loading in his software. Answer: a backdoor that could have provided access to almost the entire known Internet if it had not been discovered in time.
So it was only by chance that Andres Freund discovered the security flaw built into an immensely popular open source administration tool. The actors behind this extremely ambitious attempt are not known, but it likely required resources and time that a single hacker probably does not have.
A backdoor to access almost all websites
On Friday March 29, Andres Freund, developer at Microsoft, posted on his forum and on Mastodon that he discovered a major security flaw in the latest versions of XZ, a data compression library. Indeed, after updating it, he discovered that the secure connection took half a second longer than before. It was while investigating the origin of this difference that he found the backdoor.
The alert will fortunately have been given in time, because only the last two versions of XZ contain this backdoor, and the majority of systems have not yet installed them. Fortunately, because most servers hosting websites around the world run on Linux. And XZ is installed there by default, coming with OpenSSH, an administration tool widely used by developers.
Without Freund’s discovery, and if these updates had been deployed massively, the actors behind this gigantic flaw would have had access to a large part of the known Internet and been free to abuse it as they saw fit. would have seemed. It remains to be seen who it is.
But who is Jia Tan?
The backdoor was therefore slipped into the XZ library. The latter, which is deployed for the development of countless sites and software, is however only an open source project developed in the early 2000s by a single man, Lasse Collin. The latter maintained and updated it for years before explaining, in June 2022, that he no longer had the energy or the will to take care of it, and was preparing to hand over. As incredible as it may seem, this essential library for the security of large sections of the Internet therefore rested on the shoulders of a single volunteer.
It was then that a certain Jia Tan, who has no known prior existence, appeared in the project. He began making his own modifications to the XZ project, gaining more and more importance, until taking control of it in January 2023. He waited one more year, until February 2024, to add a backdoor, which might never have been discovered without the meticulousness of Andres Freund.
But who is this Jia Cheong Tan? Unsurprisingly, many have investigated this person since the discovery. All three parts of its displayed name are certainly Chinese, but all originate from different regions and languages of the country. It therefore seems likely that someone simply mixed Chinese names together to give a false impression. The lone hacker trail also seems unlikely given the time and resources invested, or even the capabilities of exploiting such a massive flaw. An intelligence service, a powerful group of hackers, or even a state are more likely suspects…
Source : OpenWall, Rémy chirps on Mastodon
0