Путин хуйло 04/03/2024 (Wed) 17:19 No.476515 del
Продолжение статьи Economist:

> The most interesting part of the story is how it got there. XZ Utils is open-source software, which means that its code is public and can be inspected or modified by anyone. In 2022 Lasse Collin, the developer who maintained it, found that his “unpaid hobby project” was becoming more onerous amid long-term mental-health issues. A developer going by the name Jia Tan, who had created an account the previous year, offered to help. For more than two years they contributed helpful code on hundreds of occasions, building up trust. In February they smuggled in the malware.

> The significance of the attack is “huge”, says The Grugq, a pseudonymous independent security researcher who is widely read among cyber-security specialists. “The backdoor is very peculiar in how it is implemented, but it is really clever stuff and very stealthy”—perhaps too stealthy, he suggests, because some of the steps taken in the code to hide its true purpose may have slowed it down and thus raised Mr Freund’s alarm. Jia Tan’s patient approach, supported by several other accounts who urged Mr Collin to pass the baton, hints at a sophisticated human-intelligence operation by a state agency, suggests The Grugq.

> He suspects the SVR, Russia’s foreign-intelligence service, which in 2019-20 also compromised SolarWinds Orion network-management software to gain extensive access to American government networks. Analysis by Rhea Karty and Simon Henniger suggests that the mysterious Jia Tan made an effort to falsify their time zone but that they were probably two to three hours ahead of Greenwich Mean Time—suggesting they may have been in eastern Europe or western Russia—and avoided working on eastern European holidays. For now, however, the evidence is too weak to nail down a culprit.