psmgx@lemmy.world
on 30 Mar 2024 14:40
nextcollapse
Sounds like a concerted effort by a reasonably competent state actor. The +0800 timezone offset implies parts of Asia and is a small but crucial detail, esp given the commit times. In other words, China, Malaysia, Korea, etc. – somewhere in Asia.
OTOH the author even concedes identity theft or smart attempts to discredit and point at Asia. Still, is on par for Chinese and NK actors.
sugar_in_your_tea@sh.itjust.works
on 30 Mar 2024 15:48
nextcollapse
It could also be the opposite, someone trying to act like one of the Asian countries. The article lists the UTC times for the commits at 12-17, which would correspond to 8AM-1PM EST or 5-10AM PDT. That also could be fudged, or it could be a relatively new US spook working primarily in the mornings. Or if it’s someone in Asia, that’s 8PM-1AM, which is the perfect time for an evening hacker.
It’s really not clear who’s behind it.
I’m guessing an independent hacker in Asia because a state actor would probably just exploit existing bugs instead of adding new ones, and they certainly wouldn’t do something as obvious as “safe_fprintf -> fprintf.” I’m guessing this is all one individual trying to create business for themselves.
In other words, China, Malaysia, Korea, etc. – somewhere in Asia.
The Shadow Broker’s leaks showed that state actors had whole tool suites to ensure that the product appeared like it was coming from a different location. Given that those tools have been leaked since 2016 and the concept is even older; relying on metadata like timezones, character set, etc… to make determinations about location is unreliable at best.
Pika@sh.itjust.works
on 30 Mar 2024 21:50
nextcollapse
this is insane that it lasted as long as it was before found. I’m glad that was quickly resolved before it hit stable.
blarth@thelemmy.club
on 31 Mar 2024 00:02
nextcollapse
What a wild read. Definitely smells like nation state actor.
Ashtefere@aussie.zone
on 31 Mar 2024 07:01
nextcollapse
Timeframes of commits line up with afternoon/evening in Moscow.
Eiim@lemmy.blahaj.zone
on 01 Apr 2024 13:15
collapse
I’m not really convinced. I haven’t seen anything outside the capabilities of a talented individual, and such an exploit would be worth a lot of money, so the motivation is there.
fluxion@lemmy.world
on 31 Mar 2024 03:10
nextcollapse
It’s so disgusting to think that Jigar Kumar guy pressuring the original maintainer was Jia himself just manipulating his way into a maintainer role.
It may not have a been a single person in the first place. “Jia” may have just been a front for multiple people or a team of people working together to facilitate the whole situation.
sugar_in_your_tea@sh.itjust.works
on 31 Mar 2024 17:12
collapse
And there’s the Open Collective Foundation closing (not Open Source Collective or Open Collective Inc), which means a bunch of projects need to deal with a bunch of paperwork.
I wish FOSS had a better community backing so a larger group of trusted devs could handle maintenance on multiple projects. Basically, any “production” Linux distribution would only ship software with stable maintenance. I’d join such a group, but as always, funding is an issue.
threaded - newest
Sounds like a concerted effort by a reasonably competent state actor. The +0800 timezone offset implies parts of Asia and is a small but crucial detail, esp given the commit times. In other words, China, Malaysia, Korea, etc. – somewhere in Asia.
OTOH the author even concedes identity theft or smart attempts to discredit and point at Asia. Still, is on par for Chinese and NK actors.
It could also be the opposite, someone trying to act like one of the Asian countries. The article lists the UTC times for the commits at 12-17, which would correspond to 8AM-1PM EST or 5-10AM PDT. That also could be fudged, or it could be a relatively new US spook working primarily in the mornings. Or if it’s someone in Asia, that’s 8PM-1AM, which is the perfect time for an evening hacker.
It’s really not clear who’s behind it.
I’m guessing an independent hacker in Asia because a state actor would probably just exploit existing bugs instead of adding new ones, and they certainly wouldn’t do something as obvious as “safe_fprintf -> fprintf.” I’m guessing this is all one individual trying to create business for themselves.
The Shadow Broker’s leaks showed that state actors had whole tool suites to ensure that the product appeared like it was coming from a different location. Given that those tools have been leaked since 2016 and the concept is even older; relying on metadata like timezones, character set, etc… to make determinations about location is unreliable at best.
this is insane that it lasted as long as it was before found. I’m glad that was quickly resolved before it hit stable.
What a wild read. Definitely smells like nation state actor.
Timeframes of commits line up with afternoon/evening in Moscow.
I’m not really convinced. I haven’t seen anything outside the capabilities of a talented individual, and such an exploit would be worth a lot of money, so the motivation is there.
It’s so disgusting to think that Jigar Kumar guy pressuring the original maintainer was Jia himself just manipulating his way into a maintainer role.
I hate people sometimes.
It may not have a been a single person in the first place. “Jia” may have just been a front for multiple people or a team of people working together to facilitate the whole situation.
.
Sadly relevant XKCD.
And there’s the Open Collective Foundation closing (not Open Source Collective or Open Collective Inc), which means a bunch of projects need to deal with a bunch of paperwork.
I wish FOSS had a better community backing so a larger group of trusted devs could handle maintenance on multiple projects. Basically, any “production” Linux distribution would only ship software with stable maintenance. I’d join such a group, but as always, funding is an issue.